8244204c1226a24d2842412ce429a09659ab66bcd7c4cb4f072a786b878ecbc4

Analysis

max time kernel
590s
max time network
438s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02/06/2024, 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PreMiD-installer.exe
Size

6.7MB
MD5

6ac694ad2f3d2ca003102f6e842b2eaf
SHA1

1aefddc5e887434ab99057ae2c12cbf17bf3ce04
SHA256

8244204c1226a24d2842412ce429a09659ab66bcd7c4cb4f072a786b878ecbc4
SHA512

836b03cf044745919b75bb496b5f00f1e1f4e0899cb323131fac4eb68b172d87db2d057a00832a31d3c89f0d5335dfb8b695156aa7ebb5fb88ed88fe5ed5ff87
SSDEEP

98304:h4pLgrb08V6O1wwFAyj4uUU3OzWCqsGqcM2vCPBWisuY+KEJ7ubLjO/atIxaKQLr:WpkU+LCC4kQcrviWPuYDy/atCat7Hn

Score

7^/10

evasion trojan

Malware Config

Signatures

Loads dropped DLL 20 IoCs

pid	Process
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe
4340	PreMiD-installer.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	PreMiD-installer.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	PreMiD-installer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	PreMiD-installer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	PreMiD-installer.exe

C:\Users\Admin\AppData\Local\Temp\PreMiD-installer.exe
"C:\Users\Admin\AppData\Local\Temp\PreMiD-installer.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Checks processor information in registry
PID:4340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\BR73D8.tmp

Filesize
43KB

MD5
10bf1c1948b47c944c055f9ef828207a

SHA1
94e788699722bc039e67ef6010ecd0232cc37b7b

SHA256
436517b8c463ae164325f0c0b7eb61cfd26cdda690aa9cdf92c97079736b7cdf

SHA512
423f6fbc43eacb4fe778f1a24ef490a13c529373e5cdf4d9d120445d017a9937afdeae5fa242c24832e5cb9c84d414308f5e376350cc10f06e4be226d7bd85e6

Download Submit
\Users\Admin\AppData\Local\Temp\BR7437.tmp

Filesize
403KB

MD5
a210f1ac135e5331c314ce5f394fb5a5

SHA1
355afc1c61e1f65834472b16a4ca718e61537dc2

SHA256
65b32ea2982078fb9a18e88feec238cb76ed2ae6c2bb4ddb0f6a9c4f57b1d62b

SHA512
e4e70ef75e2f7897837f6772b9a0dcaaf4515d8be4210b28509f12cdde9d85bd7bed604ad5a9ee587356971f75e6f79874dbdb974cec4996262295e255501cf4

Download Submit
\Users\Admin\AppData\Local\Temp\BR74A5.tmp

Filesize
2.6MB

MD5
48d7f9db21a678d6f565e8620bb225f7

SHA1
b2828610d627ebedf7f252a878ecea41a0844854

SHA256
6756cb39c1e18ae19a10bc374bd40587bfd4c6821c1db21cbd47117872db044f

SHA512
e0380594584ecaf3dba371f52e3c51d06195ab8d31026f49baa06d91d78847c4a422d7807d70a3c55a8a2015dec9f6f4e82d737b4c72e92080c10b788edd6617

Download Submit
\Users\Admin\AppData\Local\Temp\BR7504.tmp

Filesize
35KB

MD5
08ad4cd2a940379f1dcdbdb9884a1375

SHA1
c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac

SHA256
78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8

SHA512
f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

Download Submit
\Users\Admin\AppData\Local\Temp\BR7524.tmp

Filesize
121KB

MD5
d1af2b4e828e84f37810f505af0277ca

SHA1
6b2a5a1edf562cda5a96ba0bc877404cf4d11c80

SHA256
c795427d6486d52dfe4da673131cdb5db240dabc46119b122209954dccb46948

SHA512
45ee2748a925949f6b49b246d125481d90f2755c0508d8a1c0df6e74a9382a9be87d64025f891f31deb70b96866081a71274c8794e92edd8240b3041b86fa9da

Download Submit
\Users\Admin\AppData\Local\Temp\BR7535.tmp

Filesize
400KB

MD5
027491b39a7b16b116e780f55abc288e

SHA1
62c0ab7c3e374d5fc9920983ee62baa4421076b4

SHA256
eef69d005bf1c0b715c8d6205400d4755c261dd38ddfbbfe918e6ee91f21f1f0

SHA512
fe0ba835d9af2a2c297a545bb7e30d315b580273bb1f558f16d9cba59755200a4735f75b1672e5e5fbed449eb7a5abb6d905696674c181b742bf637028953194

Download Submit
\Users\Admin\AppData\Local\Temp\BR75C2.tmp

Filesize
72KB

MD5
c04970b55bcf614f24ca75b1de641ae2

SHA1
52b182caef513ed1c36f28eb45cedb257fa8ce40

SHA256
5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80

SHA512
a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

Download Submit
\Users\Admin\AppData\Local\Temp\BR767F.tmp

Filesize
14KB

MD5
d74aadd701bfacc474c431acab7b9265

SHA1
8a2b424d1f949430ddc1faddee3e9ccb79c95de2

SHA256
f1029f5cca3dabfeffe2c9db6ad84a9ff0f64f5b2fb85cb6ab348740f756e07d

SHA512
0ef85e311fb4843997fd5f87f0a2eec9715e26eae76bfb7bb701d8c043720aeaf7f4825d25187bf35e0a9f00def15ed071120128805445f1330c07c3e0ea5ced

Download Submit
\Users\Admin\AppData\Local\Temp\BR778A.tmp

Filesize
366KB

MD5
0700f3dbe367287ce10472cffbd3d7d1

SHA1
079790389532599ce04fd82c2b89db5e4dedf26c

SHA256
77e46a6a8fbc079cdb1d3ee299af36c3d1881d38d93c4e0551f114965cdaf10f

SHA512
28eb67d348c8e9e36032d041315b6ee790d2e9021a3a657a7fe33c66ad1f8daa5b3e0833a2a432cb4a4c5795fea5a80a1810440fb441b6f0d56cf0d00d3e0a17

Download Submit
\Users\Admin\AppData\Local\Temp\BR77B9.tmp

Filesize
74KB

MD5
924b90c3d9e645dfad53f61ea4e91942

SHA1
65d397199ff191e5078095036e49f08376f9ae4e

SHA256
41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322

SHA512
76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

Download Submit
\Users\Admin\AppData\Local\Temp\BR77CA.tmp

Filesize
102KB

MD5
c030205eeb88ab26d1daf9db946943cf

SHA1
f70d0a4c8476733396dbf9f5c93bf424acec62f3

SHA256
749ef6f9af090febcaa42e6a1ae29baf3e719273c520f585d4187c68221ad94a

SHA512
2c697da35004529f6eb2892311f651d5673ad5959e0b9588d2de1bed5aa4c39736426eddd21ad0aafe0cf7af81f7d794ed1f446306ac360c553249201b3cbb73

Download Submit
\Users\Admin\AppData\Local\Temp\BR7819.tmp

Filesize
24KB

MD5
4cf27e0747e5719a5478aa2624f6b996

SHA1
13df901e34f77e5ea11f36c0afedda7f86a2c003

SHA256
e69a9d06f2c17cc021ebf9b62ca110548facdc147b67dea4846e09865043d2d9

SHA512
4b0ddcbd7321128f977e1dbbe18cc76c7e489d4ee84b7775989e99778b5a60daa683c6063c5b700794b7f2070ae381fef20b19b3cb35c1babef9be79ff264941

Download Submit
\Users\Admin\AppData\Local\Temp\BR782A.tmp

Filesize
24KB

MD5
124e89d0fcc409ede3595a253b788708

SHA1
bc88e037c3edea02dd20aeff10818105be9f4033

SHA256
27ea1b57a3024aec4a03188e80fdb2aa301fa5179c19be9c8b0dfc2aac73a114

SHA512
7cd0ca268a5dbd2aa22dbce1f253a2d067ca30c5195e059c3f431d546a20d1811592f8bd8fe88b6ad9cb5c6fdd6a4666ff451b84a5e790a9d5058865d48790b1

Download Submit
\Users\Admin\AppData\Local\Temp\BR783A.tmp

Filesize
100KB

MD5
606f13d4d580b1f322b3f3d3df423bba

SHA1
02cb375e13b415edc8b5360dffdba531e47827ed

SHA256
c71a16b1056e522cd0365449448116d06f37a3273d77694d170340064511dd25

SHA512
867a45dc15e99148f24fc528fbc9255582e5534bb4696700292b70163fddb15f35ddf2acd0536a9cd78b4d8f9d827bf7530d2303bfd7e428f11573b381a0986c

Download Submit
\Users\Admin\AppData\Local\Temp\BR785B.tmp

Filesize
56KB

MD5
145d5c49fe34a44662beaffe641d58c7

SHA1
95d5e92523990b614125d66fa3fa395170a73bfe

SHA256
59182f092b59a3005ada6b2f2855c7e860e53e8adf6e41cd8cd515578ae7815a

SHA512
48cb0048f4fcf460e791a5b0beca40dbf2399b70f1784236b6d1f17835201d70dfa64c498814b872f57e527793c58a5959230fe40ddf5ebdcb0b1de57e9c53ef

Download Submit
memory/4340-86-0x0000000001060000-0x0000000001333000-memory.dmp

Filesize
2.8MB

Download
memory/4340-96-0x0000000001060000-0x0000000001333000-memory.dmp

Filesize
2.8MB

Download
memory/4340-79-0x0000000000DF0000-0x0000000000DFE000-memory.dmp

Filesize
56KB

Download
memory/4340-91-0x0000000001060000-0x0000000001333000-memory.dmp

Filesize
2.8MB

Download
memory/4340-83-0x0000000073C00000-0x0000000073E9F000-memory.dmp

Filesize
2.6MB

Download
memory/4340-81-0x0000000001060000-0x0000000001333000-memory.dmp

Filesize
2.8MB

Download
memory/4340-84-0x0000000066680000-0x000000006668E000-memory.dmp

Filesize
56KB

Download
memory/4340-82-0x00000000741C0000-0x00000000741CE000-memory.dmp

Filesize
56KB

Download
memory/4340-26-0x0000000002D60000-0x0000000002DC5000-memory.dmp

Filesize
404KB

Download
memory/4340-71-0x0000000000DD0000-0x0000000000DE9000-memory.dmp

Filesize
100KB

Download
memory/4340-85-0x00000000710C0000-0x00000000710DF000-memory.dmp

Filesize
124KB

Download
memory/4340-101-0x0000000001060000-0x0000000001333000-memory.dmp

Filesize
2.8MB

Download
memory/4340-106-0x0000000001060000-0x0000000001333000-memory.dmp

Filesize
2.8MB

Download
memory/4340-111-0x0000000001060000-0x0000000001333000-memory.dmp

Filesize
2.8MB

Download
memory/4340-116-0x0000000001060000-0x0000000001333000-memory.dmp

Filesize
2.8MB

Download
memory/4340-121-0x0000000001060000-0x0000000001333000-memory.dmp

Filesize
2.8MB

Download
memory/4340-126-0x0000000001060000-0x0000000001333000-memory.dmp

Filesize
2.8MB

Download
memory/4340-131-0x0000000001060000-0x0000000001333000-memory.dmp

Filesize
2.8MB

Download
memory/4340-136-0x0000000001060000-0x0000000001333000-memory.dmp

Filesize
2.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads