Analysis
-
max time kernel
141s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 22:32
Static task
static1
Behavioral task
behavioral1
Sample
197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe
Resource
win10v2004-20240426-en
General
-
Target
197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe
-
Size
3.6MB
-
MD5
72628657f6fcd2e9984f4b4c17cf5ec3
-
SHA1
712ea2988d19fa48fcd68bf9986d29ead4305dfa
-
SHA256
197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec
-
SHA512
98d407f66a4f8cc28e40d3c728deb4db78582791b9b52dde10eba45b671053fede23878bf84b960595a84618524444c5d7fa9f77966af6ad252f676a2f16c9ea
-
SSDEEP
98304:9rbc0dxOfbCIYflBduQn8qLtnBhUQ6DF3sn:9rbcQWb8flBdmqLtnBman
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\O: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\V: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\Z: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\A: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\G: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\L: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\N: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\Q: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\U: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\W: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\X: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\I: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\K: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\M: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\Y: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\S: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\T: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\B: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\E: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\R: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\H: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\J: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe File opened (read-only) \??\P: 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe -
Enumerates system info in registry 2 TTPs 4 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS 197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe"C:\Users\Admin\AppData\Local\Temp\197b2f4716d84d514ac82af5886094b2dad9a398724ed1002afb5706701d63ec.exe"1⤵
- Enumerates connected drives
- Checks processor information in registry
- Enumerates system info in registry
PID:1956