Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
27-03-2024 06:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bf4.exe
Resource
win7-20240215-en
windows7-x64
4 signatures
300 seconds
Behavioral task
behavioral2
Sample
bf4.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
6 signatures
300 seconds
General
-
Target
bf4.exe
-
Size
17.4MB
-
MD5
ded83cb9bb9334f1442a0099096632c9
-
SHA1
a32e1b7c5a72efad842d0a4d1edb0d8435ebc848
-
SHA256
47579603f29f74bf9fc676df0e7e12202831d0610c2b9594eb3fd5633a64998f
-
SHA512
b525872d2838341a98df24181a58ae2c3c82569ea16fd0d1e755585cd06ad73e501d6ea407b102236e46013f0c32e61e78cd4460f5ef9bd8afbba7e5797d4c49
-
SSDEEP
393216:r/3NnU+oBtFv4Nk/H1fWifHcIWL+gHn1+eGYwLpwCksXBM7FT:L3NnyCS1fLfH7WLPnJCq2M7FT
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz bf4.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 bf4.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2212 bf4.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeIncBasePriorityPrivilege 2212 bf4.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2212 bf4.exe 2212 bf4.exe