Analysis

  • max time kernel
    140s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 20:24

General

  • Target

    a4dcd451cb972967024b73bdb2dbe89e282eae61f6c8c93df2ba966aeea02664.exe

  • Size

    5.0MB

  • MD5

    c83f73b53b85c59bc808584f5df5cff9

  • SHA1

    31d2a8c95dbdbed854e6254799ef81e4f97fbb0c

  • SHA256

    a4dcd451cb972967024b73bdb2dbe89e282eae61f6c8c93df2ba966aeea02664

  • SHA512

    670f1c61b119b16092a14ea85c8b3cdf16c5ba86d2f2aaddef7ee0f5a0f0e99399527fe7558af571061c0a838fef3af831bea53e8ccb4aea8aae23eadccbedf5

  • SSDEEP

    98304:AoHNZepsSVs2Z/oexNikDBqb+9y6z593NWvQW52ivHjOLM5yol+rQkg6Z6D/8HX+:AotZgs21BRLdoQlSOLM8gYQkn6DLpCU

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a4dcd451cb972967024b73bdb2dbe89e282eae61f6c8c93df2ba966aeea02664.exe
    "C:\Users\Admin\AppData\Local\Temp\a4dcd451cb972967024b73bdb2dbe89e282eae61f6c8c93df2ba966aeea02664.exe"
    1⤵
    • Checks BIOS information in registry
    • Enumerates connected drives
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:3192

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3192-0-0x0000000000400000-0x0000000000CC3000-memory.dmp

          Filesize

          8.8MB

        • memory/3192-1-0x0000000000F40000-0x0000000000F43000-memory.dmp

          Filesize

          12KB

        • memory/3192-2-0x0000000000400000-0x0000000000CC3000-memory.dmp

          Filesize

          8.8MB

        • memory/3192-4-0x0000000000401000-0x000000000053D000-memory.dmp

          Filesize

          1.2MB

        • memory/3192-3-0x0000000000400000-0x0000000000CC3000-memory.dmp

          Filesize

          8.8MB

        • memory/3192-5-0x0000000000400000-0x0000000000CC3000-memory.dmp

          Filesize

          8.8MB

        • memory/3192-6-0x0000000000400000-0x0000000000CC3000-memory.dmp

          Filesize

          8.8MB

        • memory/3192-7-0x0000000000400000-0x0000000000CC3000-memory.dmp

          Filesize

          8.8MB

        • memory/3192-9-0x0000000000401000-0x000000000053D000-memory.dmp

          Filesize

          1.2MB