7f0b3d0d4524d082931cb60f8af50fd99e8a7176fcc288dd17d7d8087eeb380a

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 23:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f0b3d0d4524d082931cb60f8af50fd99e8a7176fcc288dd17d7d8087eeb380a.exe
Size

2.4MB
MD5

094eedf44709ee36a916783c2a6b6115
SHA1

bdcaa69901a04add9a201dc75e65aa35b70c2433
SHA256

7f0b3d0d4524d082931cb60f8af50fd99e8a7176fcc288dd17d7d8087eeb380a
SHA512

d9959a17a13cfaa0602153a7838960ec20b334d0977eb3ef84edb02b41a6d4ea6ea40b0822832be8d06c0e0e35ffe68abd68abc6b6d52df2f6016ea58ce6a810
SSDEEP

49152:3PQEDscc/83svZeE8qapnEK8qhIHMftqf9BXuMxqEB1zO:fQEDtc5ehYB1zO

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	7f0b3d0d4524d082931cb60f8af50fd99e8a7176fcc288dd17d7d8087eeb380a.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	7f0b3d0d4524d082931cb60f8af50fd99e8a7176fcc288dd17d7d8087eeb380a.exe

C:\Users\Admin\AppData\Local\Temp\7f0b3d0d4524d082931cb60f8af50fd99e8a7176fcc288dd17d7d8087eeb380a.exe
"C:\Users\Admin\AppData\Local\Temp\7f0b3d0d4524d082931cb60f8af50fd99e8a7176fcc288dd17d7d8087eeb380a.exe"
1⤵
- Checks processor information in registry
PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\language.ini

Filesize
6KB

MD5
b353b0a9265360a26ae46366c2eb0b1f

SHA1
9746002040d8d543d26a536cf8414390ebe7262f

SHA256
8873ef84b0da9751481b78cbc35ac047d13106ffab01fd477ab574c8d8df4a41

SHA512
9ccf0a60bbe559a14586da9b26ebfc85f0a778834df742b424d783d94ae8fc463c3739328c4ff2b09402dbe3a0a48001a9a8d08098faf1801a4015b90c404995

Download Submit
C:\Users\Admin\AppData\Local\Temp\language.ini

Filesize
14KB

MD5
2c4cd7062df584e86b8d6b5bb939b617

SHA1
c0244095956f97557240849d94af462196c1178c

SHA256
87fd7557d964b7778ac3d157b0bca3ad0c8dc0f10ab29b277fdf882751967299

SHA512
3b11e0944e577d922a6ab44c450b60c242a0096cba327f59b014315541b1695b3af4d90de6f252fbfba8a1fc89ffb06c48e375abcc9e8207239e47818ecf064a

Download Submit
C:\Users\Admin\AppData\Local\Temp\language.ini

Filesize
4KB

MD5
9fb97ecb2d290715dadaed539d7fbe8b

SHA1
24e19a8598b4dfac3440cee7a850f34ec4f4af55

SHA256
cf234e3d155d2f9a340a2d664ded1cae4ef2ab510ba7660b6942ce22acbde879

SHA512
9279a0361c86ac41b6f389c742636fc309ffcfc0bbd7e057bccb175cb2a82b8236cb7310bc1dd390bece706416ea63b93f626550ac2a866815b3878995db7483

Download Submit
memory/2320-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2320-345-0x0000000000400000-0x00000000006EB000-memory.dmp

Filesize
2.9MB

Download
memory/2320-347-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download