7f0b3d0d4524d082931cb60f8af50fd99e8a7176fcc288dd17d7d8087eeb380a

Analysis

max time kernel
142s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 23:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f0b3d0d4524d082931cb60f8af50fd99e8a7176fcc288dd17d7d8087eeb380a.exe
Size

2.4MB
MD5

094eedf44709ee36a916783c2a6b6115
SHA1

bdcaa69901a04add9a201dc75e65aa35b70c2433
SHA256

7f0b3d0d4524d082931cb60f8af50fd99e8a7176fcc288dd17d7d8087eeb380a
SHA512

d9959a17a13cfaa0602153a7838960ec20b334d0977eb3ef84edb02b41a6d4ea6ea40b0822832be8d06c0e0e35ffe68abd68abc6b6d52df2f6016ea58ce6a810
SSDEEP

49152:3PQEDscc/83svZeE8qapnEK8qhIHMftqf9BXuMxqEB1zO:fQEDtc5ehYB1zO

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	7f0b3d0d4524d082931cb60f8af50fd99e8a7176fcc288dd17d7d8087eeb380a.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	7f0b3d0d4524d082931cb60f8af50fd99e8a7176fcc288dd17d7d8087eeb380a.exe

C:\Users\Admin\AppData\Local\Temp\7f0b3d0d4524d082931cb60f8af50fd99e8a7176fcc288dd17d7d8087eeb380a.exe
"C:\Users\Admin\AppData\Local\Temp\7f0b3d0d4524d082931cb60f8af50fd99e8a7176fcc288dd17d7d8087eeb380a.exe"
1⤵
- Checks processor information in registry
PID:3868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4172 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:3684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\language.ini

Filesize
6KB

MD5
27c7730d1bf9b5a678438359ac56eddc

SHA1
23dd832df9a03765922f8cf1ed2eaa98df897581

SHA256
d1c6c0a327b57dbdf34808a142bec319b00dad91845964b0b595f5e0f265c33f

SHA512
9bb8c3078e6959efbcb63107bfaa6651b02352e9dd8337d1776434ecc57aee4ccaec16ea94cc474d22ee9dcb0fd6a1e2ed053d3ea473aa8d456ed4b9d13632ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\language.ini

Filesize
14KB

MD5
abc277dec763f57917fe3e507cf67934

SHA1
c6ce04e425cd4da7c8e0dc756e87b5ce4886a87d

SHA256
c27fdec76231f8e8e1fc7f4b57b7671062f5b26b915b7b646b9e50f67fcb776a

SHA512
6537219e5d229602bda620d813566d61f81e5591f84d45e5191773ce62b1db1469c6fc85783b37c86b32402128ff23fd1127c2eaeaf7296dbf5ea64520f0a0bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\language.ini

Filesize
3KB

MD5
cc02d759e5a6cb8e4f048f4d69d805f3

SHA1
bb07e4b42c03d598547fa00b5ea26776dcf3b0fa

SHA256
1a633fcda074e7931fe791bfa99606cd410f04420922afe6c0c6ea4615b6c7a1

SHA512
f7e16d4bef9fc7a0a8928cb64d271f5d0f54b5ba292c7d25ecdfce26d19c667f8535e8f23714d6c1ec39d9e91ea06f94434e59d02d488d35f91b1d46fafbc5f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\language.ini

Filesize
3KB

MD5
019b7b7f21d9034c7dd8a9eae09d5f73

SHA1
a6724e30a14575f860420a7db3ab573b1b1322fd

SHA256
b4ad4d2dd7f8fa747ef1112f226416b9ef0cc16f57a5dd6225a38bc3c41e0681

SHA512
938355d630ae642b9a24fccd807d07e144714635289310bdb99d4717f38344bee339bba12ae52e35bc8243b257269efd0cc9bff72b82936e6298b9d729abd6fc

Download Submit
memory/3868-0-0x00000000017E0000-0x00000000017E1000-memory.dmp

Filesize
4KB

Download
memory/3868-1-0x0000000000400000-0x00000000006EB000-memory.dmp

Filesize
2.9MB

Download
memory/3868-346-0x0000000000400000-0x00000000006EB000-memory.dmp

Filesize
2.9MB

Download
memory/3868-348-0x00000000017E0000-0x00000000017E1000-memory.dmp

Filesize
4KB

Download