937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb

General

Target

937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Size

417KB
MD5

92716d6a5c04fe1c331c1d7541d2ed3f
SHA1

0e18aab1b4f23dd443ec376711db500dda97b321
SHA256

937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb
SHA512

a8737a619dc92250d0aac6c6e19e3bd2a2c4d739578af0896e027e5d403e11ea81ac396177b4035eb8185fb60647d4de5657327e846562cadb335cebd46413ae
SSDEEP

3072:s4fP8fWEwFLUXtRFe4VAWOy3PNJTS4cZ2gxjVfuE1AT/i:sFWEw1U9UVs/T6Z2QJmE1AT/i

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier = "AuthenticAMD"	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Set value (int)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz = "4192"	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString = "Intel Core Processor (Broadwell)"	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier = "x86 Family 6 Model 61 Stepping 2"	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Set value (int)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz = "4192"	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Set value (int)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet = "3099311615"	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier = "x86 Family 6 Model 61 Stepping 2"	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Set value (int)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet = "3099311615"	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString = "Intel Core Processor (Broadwell)"	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier = "AuthenticAMD"	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0\Identifier = "x86 Family 6 Model 61 Stepping 2"	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1\Identifier = "x86 Family 6 Model 61 Stepping 2"	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier = "AT compatible"	937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe

C:\Users\Admin\AppData\Local\Temp\937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe
"C:\Users\Admin\AppData\Local\Temp\937065f37cdb5a0eadd7feeffcdfc149df1f03f8604b66908705814242a324eb.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
PID:2904