d7d702bd85e4fcc997f43064e9e240233262496a7f0c4dce3edbbbbc2372a2c9

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 11:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Shielden/BinRes/SEKeygen.exe
Size

4.7MB
MD5

512b3219de76918facbe250eab3c9110
SHA1

326653a1f8dd59c01461e28e0ba07a5032456df9
SHA256

68b3575885ab1bc91f9f618be1db44af1d3ac38785241fb8e42beb501696ba93
SHA512

1fa9ecd58d147d0bb076fee80f850fb21fbaabeab1a411e79a7c4420959c345e1d0a39c1b236b4520a16925c4b2f32bbf9f0291c3be54cd83dbfc830c6b4435f
SSDEEP

98304:tAa/rjGyqC3I5JsqMkZTiI48Rl5lLQ5kSqjXx4bP:2SrjGxrMkpiID3UiSqF4b

Score

7^/10

discovery

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SEKeygen.exe

Loads dropped DLL 1 IoCs

pid	Process
2376	SEKeygen.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs

pid	Process
2376	SEKeygen.exe
2376	SEKeygen.exe
2376	SEKeygen.exe
2376	SEKeygen.exe
2376	SEKeygen.exe
2376	SEKeygen.exe
2376	SEKeygen.exe
2376	SEKeygen.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SEKeygen.exe

C:\Users\Admin\AppData\Local\Temp\Shielden\BinRes\SEKeygen.exe
"C:\Users\Admin\AppData\Local\Temp\Shielden\BinRes\SEKeygen.exe"
1⤵
- Checks BIOS information in registry
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\SEB8C4.tmp

Filesize
1024B

MD5
12871388b682b159ddd85545302a289d

SHA1
76b47377da188fcfddeefa0f940287f1cce9885d

SHA256
cc033f00e96cae1829e3a5c15150fe68a62f65440f1b158d9257370fbc488a9b

SHA512
d60953b62d08e52fa2860db257e2bdbaa97e7eff7007617857f7b30a76f7c7ba81f8444d313a6ad496adbbaede5af1661e72522046789bb9aee1340f7ac12c7d

Download Submit
memory/2376-542-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-508-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-7-0x0000000010000000-0x0000000010346000-memory.dmp

Filesize
3.3MB

Download
memory/2376-8-0x0000000010000000-0x0000000010346000-memory.dmp

Filesize
3.3MB

Download
memory/2376-11-0x0000000075090000-0x00000000750D7000-memory.dmp

Filesize
284KB

Download
memory/2376-184-0x0000000010001000-0x000000001000D000-memory.dmp

Filesize
48KB

Download
memory/2376-9-0x00000000029F0000-0x0000000002B71000-memory.dmp

Filesize
1.5MB

Download
memory/2376-504-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-502-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-500-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-506-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-498-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-497-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-495-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-0-0x0000000000400000-0x0000000000982000-memory.dmp

Filesize
5.5MB

Download
memory/2376-512-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-514-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-530-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-4-0x0000000010000000-0x0000000010346000-memory.dmp

Filesize
3.3MB

Download
memory/2376-532-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-548-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-510-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-554-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-552-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-550-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-544-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-546-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-540-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-538-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-536-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-534-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-528-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-526-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-524-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-522-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-520-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-518-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-516-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/2376-2555-0x0000000000400000-0x0000000000982000-memory.dmp

Filesize
5.5MB

Download
memory/2376-2554-0x0000000010000000-0x0000000010346000-memory.dmp

Filesize
3.3MB

Download