0d8ea62f062e14bdded875879212a3162fd0c08737ba38332fdce0ef1eebcd83

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 23:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

R3Air.2.0.0.Release.64/R3.exe
Size

108KB
MD5

c8973d954de8bdfbc8eaf142ddad467a
SHA1

75c9af2e68035c3b6a582bbf133edb2be85091db
SHA256

343f4bca3c8006251bcb4aec1efc2f61d2263418cea6660f1763240af821d6c1
SHA512

bd1d89818c4879ac52ca5e66826d4539fd5b47d27a1e46fcb8339092e8d55af266b70480e567975cdd206aaac9700fcb3da33f7325939699b4610700ee45690b
SSDEEP

3072:/569XWkwazEmk+a/k+DewA3U1MIvbxVSK6NxCwxw:8RwaIJ+glDsUvD8xCb

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	R3.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	R3.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1180	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1180	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4484	R3.exe
4484	R3.exe

C:\Users\Admin\AppData\Local\Temp\R3Air.2.0.0.Release.64\R3.exe
"C:\Users\Admin\AppData\Local\Temp\R3Air.2.0.0.Release.64\R3.exe"
1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:4484

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...