f4536b97c0bd042ab6355a6e4bc737e082bdadccf845f4a17d90d8a8dd5ddd6d

General

Target

deb679ce05525877ad2238fde7f68300.exe
Size

225KB
MD5

deb679ce05525877ad2238fde7f68300
SHA1

bbc10e1cefa401a64b1763e7b1aa0739345a31ec
SHA256

f4536b97c0bd042ab6355a6e4bc737e082bdadccf845f4a17d90d8a8dd5ddd6d
SHA512

ca794a5b9e61b6bcad0a02203eb7218e96e52bd37d8dd9fbfff7bc27aeaf2d2947c3ea2575983bf7ca9a21104bef250a582c7cc5ab82dbb99ec7affa4e451c75
SSDEEP

6144:JsvlanXCnHs7wClbYxg99atKAUHaA3mH8H3lxwTlI+d:Jm8nXEHiVX99M72mH8H1xmI+

Score

7^/10

persistence

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	deb679ce05525877ad2238fde7f68300.exe

Modifies WinLogon 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\c4e2cafc = "þ:à\u008dO¬ã\x1f«’À\tZùè.ð\u0090ûq“òÝ"	deb679ce05525877ad2238fde7f68300.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2148	deb679ce05525877ad2238fde7f68300.exe

C:\Users\Admin\AppData\Local\Temp\deb679ce05525877ad2238fde7f68300.exe
"C:\Users\Admin\AppData\Local\Temp\deb679ce05525877ad2238fde7f68300.exe"
1⤵
- Checks BIOS information in registry
- Modifies WinLogon
- Suspicious use of AdjustPrivilegeToken
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Winlogon Helper DLL

1

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Winlogon Helper DLL

1

T1547.004

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2148-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2148-1-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2148-2-0x00000000020B0000-0x000000000215A000-memory.dmp

Filesize
680KB

Download
memory/2148-4-0x00000000020B0000-0x000000000215A000-memory.dmp

Filesize
680KB

Download
memory/2148-6-0x00000000020B0000-0x000000000215A000-memory.dmp

Filesize
680KB

Download
memory/2148-8-0x00000000020B0000-0x000000000215A000-memory.dmp

Filesize
680KB

Download
memory/2148-10-0x00000000020B0000-0x000000000215A000-memory.dmp

Filesize
680KB

Download
memory/2148-12-0x00000000020B0000-0x000000000215A000-memory.dmp

Filesize
680KB

Download
memory/2148-13-0x00000000021C0000-0x0000000002278000-memory.dmp

Filesize
736KB

Download
memory/2148-15-0x00000000021C0000-0x0000000002278000-memory.dmp

Filesize
736KB

Download
memory/2148-57-0x0000000002700000-0x0000000002701000-memory.dmp

Filesize
4KB

Download
memory/2148-58-0x00000000021C0000-0x0000000002278000-memory.dmp

Filesize
736KB

Download
memory/2148-60-0x0000000077BCF000-0x0000000077BD0000-memory.dmp

Filesize
4KB

Download
memory/2148-55-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/2148-54-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download
memory/2148-51-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/2148-50-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/2148-48-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/2148-47-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/2148-44-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/2148-43-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download
memory/2148-41-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/2148-40-0x0000000002170000-0x0000000002171000-memory.dmp

Filesize
4KB

Download
memory/2148-36-0x00000000008D0000-0x00000000008D1000-memory.dmp

Filesize
4KB

Download
memory/2148-34-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/2148-33-0x00000000008C0000-0x00000000008C1000-memory.dmp

Filesize
4KB

Download
memory/2148-30-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/2148-29-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/2148-27-0x0000000000880000-0x0000000000881000-memory.dmp

Filesize
4KB

Download
memory/2148-26-0x0000000000890000-0x0000000000891000-memory.dmp

Filesize
4KB

Download
memory/2148-23-0x0000000000880000-0x0000000000881000-memory.dmp

Filesize
4KB

Download
memory/2148-22-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/2148-20-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2148-19-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2148-18-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2148-16-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2148-61-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads