Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 02:37

General

  • Target

    AutoGpuAffinity/AutoGpuAffinity/bin/PresentMon/PresentMon-1.6.0-x64.exe

  • Size

    444KB

  • MD5

    8b6603deb94dc3d3209e5107886da308

  • SHA1

    e9b9b53fec93edc60da33727e37f33a7164a1441

  • SHA256

    b9dc19a5bbcd3c1a281ffb90f9926165baf0e7a0a74bd2b1e5a2dfa7a317042b

  • SHA512

    51074eb46ad9c70c808085ff092d155fb432c707d6c8f9c85984baaf350087adccd35f38f16dcee3ac972271aa6ecc9a09c6a8cec00eb3e4357bacffec314fb7

  • SSDEEP

    6144:YEvnPwHlG2CUOukoy/pxJFxD1Ngh2WYLOIeGzyXOmdFf5ILgh7uSXF31Om1lgH1N:EG2CKkBJq2WGOIeTHnh7NE

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AutoGpuAffinity\AutoGpuAffinity\bin\PresentMon\PresentMon-1.6.0-x64.exe
    "C:\Users\Admin\AppData\Local\Temp\AutoGpuAffinity\AutoGpuAffinity\bin\PresentMon\PresentMon-1.6.0-x64.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:1044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads