Analysis
-
max time kernel
594s -
max time network
599s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10-06-2024 16:00
Static task
static1
Behavioral task
behavioral1
Sample
asd.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
asd.exe
Resource
win10v2004-20240426-en
General
-
Target
asd.exe
-
Size
5.0MB
-
MD5
a21768190f3b9feae33aaef660cb7a83
-
SHA1
24780657328783ef50ae0964b23288e68841a421
-
SHA256
55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
-
SHA512
ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
-
SSDEEP
98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString asd.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 asd.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2624 asd.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 2584 asd.exe 2584 asd.exe 2584 asd.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 2584 asd.exe 2584 asd.exe 2584 asd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1336 wrote to memory of 2624 1336 asd.exe 28 PID 1336 wrote to memory of 2624 1336 asd.exe 28 PID 1336 wrote to memory of 2624 1336 asd.exe 28 PID 1336 wrote to memory of 2624 1336 asd.exe 28 PID 1336 wrote to memory of 2584 1336 asd.exe 29 PID 1336 wrote to memory of 2584 1336 asd.exe 29 PID 1336 wrote to memory of 2584 1336 asd.exe 29 PID 1336 wrote to memory of 2584 1336 asd.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\asd.exe"C:\Users\Admin\AppData\Local\Temp\asd.exe"1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1336 -
C:\Users\Admin\AppData\Local\Temp\asd.exe"C:\Users\Admin\AppData\Local\Temp\asd.exe" --local-service2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2624
-
-
C:\Users\Admin\AppData\Local\Temp\asd.exe"C:\Users\Admin\AppData\Local\Temp\asd.exe" --local-control2⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2584
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD51ce7d5a1566c8c449d0f6772a8c27900
SHA160854185f6338e1bfc7497fd41aa44c5c00d8f85
SHA25673170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf
SHA5127e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753
-
Filesize
7KB
MD580e64be4b6e4bc633a53e47080283f21
SHA136b01eba139f4576861f0ccfe3ef5d644541b283
SHA2561f58ac437c7959e76cb50065f49d322b604c451d54110f003f8790d8ced66189
SHA512cb8680d72e7ee24515555eda60740ba4804bde77855dcfa6339774551d552088a77a3e562004cf958d0ab6c025460f3861457ee20a16e4e5ba711ec11aa2e131
-
Filesize
10KB
MD51987bcbc6f8af9dfee95e28241b18789
SHA1237317c04631f52173672487f8204579e2f5d2eb
SHA256fce884e698c4f07d5b73bbdb12dd01a1c6fa606f7f6b1bb3e9009a8691f11104
SHA512eff9b86e5271f76e7cdb164c014750020837b0cbab073623131c15c4ecc33465b81115eca196e389d2ba4b5bbf1613bc06325856dc383640859005cd909bdbcd
-
Filesize
2KB
MD52f790ba854733d0f8d141272dc76c924
SHA1d47f0a00aa68e83ae355ddce45a3d7668561d345
SHA2560a072561ce7c53cc732000e84c2c2f795c5eed489b370c7ceb85f117b800f0c3
SHA512dc3015b9dd63c5352daea0466efbd9080e447a8ec8831fc8256be8dcdb15afeb233dcfa7199295fbceef329bc5b15e465ffdc821f0f7aa757b25255f173b9d4c
-
Filesize
2KB
MD532e8cc9e2e2d4ddff38de100ba015f86
SHA1ee27718a67a70092c9724d053e4605d7ae0b2e32
SHA256108f883ccd56b7d7e06e8e76dc0912abedb87a078a94b6fa55b9dfd52b316cb6
SHA512f8201fdf61440bce9cf27b904888c5dc3d68bea45737dc4c7dd8b69fe20819bdb837e765b79c9b2ff6ddc9b2b5001e89de5b690a2276bfe972db829f4da0886f
-
Filesize
611B
MD528367ee0cebebbf29894cc45dc1d3387
SHA15a506722f158a34091cd4c2e7387b814237c1379
SHA25632555671459bab4d33d2d5cd9bcf425903723ead6e4d81ffd5bbdbd37c1015f0
SHA51294883215e6a308dbb6503f7137a048016f20d8ded3a0618e1a6d7bcf56aa8c547d261511447f4c09bedac55f51aa8f5375428b822dd71cd445edab47d9fc5461
-
Filesize
668B
MD502d34e8091d1b9e2f1435d2a2350110f
SHA1e4ca172e78437611da049414863673194a5af375
SHA256b1edda6d7a7d285aa4c752767bcc45081e06a1f6ed19ac26f3c1f4c4e9375a40
SHA512de2859e8c00ae2707632965bec36ec3f3f4fa67da138fd8fc2267057a140f1e49277c4d9787e7ef687b3fd1139e262138bc320af6ca0cc4748624c6700305a32
-
Filesize
737B
MD5fca83d7fbe4833525d5166a67fa7faa5
SHA1c1768e54001bfb8898c6ee9461cc654ed1fb72bb
SHA25683ab05e5622499043ea5aa0b7c5f2a05c9cacacf0c845007a2ed0e9cd539faa5
SHA5127b97c95b3178ff0c09b16477248d081b9a1a86333fa73e90d27d3be04c6159970192ae76782bf9e6c21f906fa6525f2d0bbdd55d05ba9ec06b12e66320782af7
-
Filesize
312B
MD50c04ad1083dc5c7c45e3ee2cd344ae38
SHA1f1cf190f8ca93000e56d49732e9e827e2554c46f
SHA2566452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0
SHA5126c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492
-
Filesize
424B
MD5d545239e64bf2d8b9609632158bca07c
SHA1c37f94b39bc51793cffefe94200ddc04ae1429e2
SHA2563ab605c7b5b4f11515d9aaaaa33031d62a9613ea642e2ef58a39612f6ec033bd
SHA5123bc24424cf31047cd268ad271fb4c91ef7a6e4c03bc81bbf22f9d8d3a79b50925d73340d84621d5b69aca6ab6f7c40b05d089402c5a79770aadd0c1bf70f124b
-
Filesize
1KB
MD5fc26cefd01b7c77a03dc24a9d2649549
SHA1d57a4f859358ac9bfaf51aa22c2406e0457b111c
SHA25698f42ba1e87c1a9d152c7529ae6005b4758593b316036e2c0a0c5257300a9481
SHA5124f4638d62f3e204c66416c9e3885d6feeb9f8a15647ab1b8dd92ab9cf9b46a99d4141045785d050756d492c553bd4c34abf04db4084ab3e42e7506cc11423d15
-
Filesize
2KB
MD5b1ac3a8b8d395bf1f2b862bca9f3ab7f
SHA14f17fda63425317b4d4194ddf71506e063ee518a
SHA256b0e942d82fae330c9a28f1effff7ce7a49c53bddbcf9bbbac377561c84fe5462
SHA5120cf64586b96deabf883abe2b7f3ea9222fccd34cf6292b29ff61b1092d1e75b11e21b97c22170da8e55186964b52c8439f77fcadaf243d9b1322735467fd5f46
-
Filesize
1KB
MD5f7c49e452e3294c9904c82e30481170e
SHA172f7111d1ed18dfb37934e8beca56d893af93b41
SHA256754b6e35958d68482b699775413dfa58d30f6fa744f43afe6912c5dfe1882957
SHA512744a13f857b31c987125f60f82b3279d4ba7054ddd5e53714de0d8c005eaba2d300658082d80b2b4cf823eee3c450ec1c76a0152814bae9d0f1648f85696a74a
-
Filesize
3KB
MD5db2de83e167b5f837726b4bb435ab0d9
SHA16bbe90f105d0a58232943e5093a6c7f0ca3a1008
SHA25664f72805e6ca5ab10f6fb158229f470e379b8369dcbb1b6db9eeddd8750e2857
SHA51279a39384b9a00524d10b3f8deb9d6077363f8eafef4e00e85a69af45da420e80a839f3d1bcf7287c7f6f1d42bdd7204d46d00308d2c3f09f36682655edfef656
-
Filesize
2KB
MD5adf035738ccfce13ac844a368caeb0da
SHA10a636cebe56c3603861c3d8803d589ba6a517114
SHA25614ac8566f5aaaa650b690becd32891bb0db549f5a495233bad064a788d5334ee
SHA5126af0efe687064a43fc7b2cba7afdfdbc0dadfa5b4b01bf07403f5a90e27d77253627f0780af09e6eac603850dc0e9b4ec69cbf5d7ab96c507588f465888223d6
-
Filesize
3KB
MD5c81f45c07dc839152f2258c99ce572e9
SHA15309e467edab33cd450c5d060a871f91be380112
SHA256037e5b5348858c0b995b9f10b8af1c7a597e0e72e0682c1f31a47a2254243c38
SHA512e7ee111776f4244810491b486a822da179cee92da421b7942601cb3843c421396b2624523d8fc2bb4c5e262e93345a41e3cac630e7319e3c2fb73f71d8552570
-
Filesize
3KB
MD520fc211b868ecbd7eaf079a6553cb1e8
SHA1e63d9fd8c9bbe88da3071f6c4c5458eadabeb7db
SHA256d3830acc05022d6b19d3761d063141b6aa75f0be14f41eba791427c270c3505e
SHA5121cd4bc2c31f50fa46fd2f92c8e658b3a1b0cc08103fb9fd702234f452ac4ffecc920f0440209c248535125ec9dd6815489701336e16ea5f4deef94b146c83852
-
Filesize
3KB
MD55965db90461ea428ece15f21ffd05943
SHA1585e8ba181e951f87c032e48f2547ddfa2e2d6bc
SHA25608e78ae009c50fc34715f75bf17656aaa8a40a67711eb03d860779e4d9965fd1
SHA5122408c0a210284db765b9d274d63ed6105faa63210f34b9c3aaed26c2f9a9043139d669463a8327f2523eab061f2d69292cad6f65d48d4ff6d4bbf07555e4316e
-
Filesize
6KB
MD59485cb27851d7261ce4a7c4c977d1536
SHA123fe350f0587885b81912c2652de3f5d048657da
SHA25667a81eda36e9728fcb855f1738552a7313924f83b1d621775d0873f3ee481eb7
SHA512c579191494a4e0bd77699e60d5c14c523e5bd914bf5e84cede2f76cbc23ced0d71ac66da45f0a4a77d8039686d6521a1f23dc3024283576b63f90ad3f1185bee
-
Filesize
6KB
MD5cd5637d707b24e6849c13c4eb0965243
SHA1fbe2f90a155539052542cbebc52e5c2cd1c39986
SHA25639513a38af3ab5189077fdfe1231faca98ba3f47ac811045cfbef4f12a7c7f08
SHA5128a7e190b4e59d51067ed50b0b1eb04ce23737ce050de6ddf43610eb8fd3b41a93e99af0af420f2975b628004d0ea16f642be4f2218bb2af930cfcd75245bf45c
-
Filesize
1KB
MD5f50209206574167f00550fe831b67359
SHA1889acfb6d6b705d0396bc1cfb5ec178a4008e472
SHA2562670165290ad858bde57df7affab0701729b65aa462dcb18a6e8dc64df5980d7
SHA512219b663cb2f7f9508522212077c884c365d6f2cba0fafa2838d8d66fe6663896113e7230d502ba2002646464f3a9de210be78be7bddfbfb8a3c8ad844370b6bb
-
Filesize
1KB
MD55b31f1d3895ed6fe16b83aecd38bc209
SHA18b6a37f332d9bd0e7846670a2c8b61d972d7f8d6
SHA256628e7ee4bbbe8515920514038ac40320fcf88a7e367f38f85244d205caffda89
SHA512d2e09f6896a24f0e4653f1ca122c9b9a24a7e5fb7c4ae1c00bc9954ecb8d2232a0e0c32c6222c33457cf88518ebeddb7c59c4953fcf2dc8d4d955d6ca6760b93
-
Filesize
1KB
MD5c1ee95f5a7a57e429b704a1e5018541f
SHA11399f8fa8cc6dcd88607756301021d9bb58f5763
SHA256b3ac203c3a89c4d7d595a671e3015f81903c3eddc565a4c92ba0051bd3ddc9f9
SHA512148cfdee9c6942a0692320ebe3f867f962b46de8c5ca7916dda4bfda34a89d4d02725ca6950c60ffc0e54e2e78c799d05f946dc51bdd77f59216551e724a1824