0fef0fe689f2bd7820f26ac0b6237dd33406ba595333c6a8d5358be3afe1c85a

General

Target

0fef0fe689f2bd7820f26ac0b6237dd33406ba595333c6a8d5358be3afe1c85a.exe
Size

3.5MB
MD5

71e2a096523b5207a2a84502b9ab80f7
SHA1

097718e776342ac7745fc0bb1fc69ca649fce257
SHA256

0fef0fe689f2bd7820f26ac0b6237dd33406ba595333c6a8d5358be3afe1c85a
SHA512

21122a36189300b513f99a87305e583a58ecdaa356d205e4539f9561e7ce19a9b5fbbb914380bba39a37ecccdb34df8cf745718c205587549f03c012aff746b6
SSDEEP

49152:InIVKknSD9bsFVWFuv5vaLgqaLPDu00HpCR3FhbDd8tqdfftgD/DAeLyqCZo4Jwa:5VKYSD+FVBv3tHujaPbxRdff4cucL

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	0fef0fe689f2bd7820f26ac0b6237dd33406ba595333c6a8d5358be3afe1c85a.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs

pid	Process
2124	0fef0fe689f2bd7820f26ac0b6237dd33406ba595333c6a8d5358be3afe1c85a.exe
2124	0fef0fe689f2bd7820f26ac0b6237dd33406ba595333c6a8d5358be3afe1c85a.exe
2124	0fef0fe689f2bd7820f26ac0b6237dd33406ba595333c6a8d5358be3afe1c85a.exe
2124	0fef0fe689f2bd7820f26ac0b6237dd33406ba595333c6a8d5358be3afe1c85a.exe
2124	0fef0fe689f2bd7820f26ac0b6237dd33406ba595333c6a8d5358be3afe1c85a.exe
2124	0fef0fe689f2bd7820f26ac0b6237dd33406ba595333c6a8d5358be3afe1c85a.exe
2124	0fef0fe689f2bd7820f26ac0b6237dd33406ba595333c6a8d5358be3afe1c85a.exe

C:\Users\Admin\AppData\Local\Temp\0fef0fe689f2bd7820f26ac0b6237dd33406ba595333c6a8d5358be3afe1c85a.exe
"C:\Users\Admin\AppData\Local\Temp\0fef0fe689f2bd7820f26ac0b6237dd33406ba595333c6a8d5358be3afe1c85a.exe"
1⤵
- Checks BIOS information in registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2124-0-0x0000000000400000-0x0000000000A64000-memory.dmp

Filesize
6.4MB

Download
memory/2124-1-0x0000000075670000-0x00000000756B7000-memory.dmp

Filesize
284KB

Download
memory/2124-503-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-504-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-506-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-508-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-512-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-516-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-522-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-520-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-518-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-514-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-510-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-524-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-526-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-528-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-533-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-538-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-550-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-562-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-560-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-564-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-558-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-556-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-554-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-552-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-548-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-546-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-544-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-542-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-540-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-536-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-534-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-530-0x00000000024E0000-0x00000000025F1000-memory.dmp

Filesize
1.1MB

Download
memory/2124-7776-0x0000000000400000-0x0000000000A64000-memory.dmp

Filesize
6.4MB

Download

Analysis

Sharing