5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9

General

Target

5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe
Size

2.5MB
MD5

312816aeb17b0746ef547ef472d119eb
SHA1

35d6d2454f72767def172f8b1b5f82b4b8829dfb
SHA256

5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9
SHA512

3793a0b69d0728f625044b77c0f20176cf538f0e1fb20a48dbb163fc26aa0a8873b851cc2e03a0b7fb0fccb322e1d0f77b1ca4de9c2373a187b086acf32a4c52
SSDEEP

49152:ObRjqoCZcI2DmvvfWxGHVJILzCkp/SzrIXKgltQlZ9mwm/PU5KLOR0qkM8+OuZ:ObRuoCKI2DmmsH0uzrIXltEDjm/PtLOJ

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs

pid	Process
2924	5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe
2924	5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe
2924	5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe
2924	5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe
2924	5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe
2924	5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe
2924	5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4324	2924	WerFault.exe	27

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 4324	2924	5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe	28
PID 2924 wrote to memory of 4324	2924	5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe	28
PID 2924 wrote to memory of 4324	2924	5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe	28
PID 2924 wrote to memory of 4324	2924	5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe	28

C:\Users\Admin\AppData\Local\Temp\5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe
"C:\Users\Admin\AppData\Local\Temp\5e04941af1ced56004f968f2eac39910ac412a05db84f1ec2e033f0d2188e5f9.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 188
  2⤵
  - Program crash
  PID:4324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2924-0-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/2924-1-0x0000000075ED0000-0x0000000075F17000-memory.dmp

Filesize
284KB

Download
memory/2924-503-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-504-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-510-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-514-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-516-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-532-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-530-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-528-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-526-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-524-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-522-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-520-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-518-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-512-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-508-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-506-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-534-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-536-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-548-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-550-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-558-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-560-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-564-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-562-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-556-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-554-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-552-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-546-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-544-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-542-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-540-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/2924-538-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing