a780da5aa8fe9399bed98fd3902a0439294596d953a9709bc51e5422c9ca11f7

Analysis

max time kernel
140s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-09-2024 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

flare.exe
Size

2.3MB
MD5

db8808af7f567305eced24c06f4cfa8f
SHA1

b04f241678b1882652a6291ee2bf87385816821a
SHA256

326c0150c467c0da38d315465ed4aaa735fcc541bea732f897819e9a199a8eab
SHA512

fa707c08c10805118b31b218f82fd5d00bccc12c443b40329fdfb022bbc3d9f3a7fead23499e093941255972b066137eeb43d529583d28b83747c1a7cfdaf6c7
SSDEEP

49152:WYsdvltyb4DEbIrSdiCP9N4wJAFUYur1A2skTPcsvfx+R9O:UI8BGThNDp+R9O

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	flare.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	flare.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	flare.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	flare.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5100	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5100	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4712	flare.exe

C:\Users\Admin\AppData\Local\Temp\flare.exe
"C:\Users\Admin\AppData\Local\Temp\flare.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
PID:4712

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x518
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\flare\config\flare_log.txt

Filesize
886B

MD5
f79705ef83e45f95853d014cefed2230

SHA1
ae2e1b8def86e5c5489b581c80d9648438916175

SHA256
cbdf6c27db3ad10e6eca95b83d4164c2dcbfd8bd2ccc3a073b3c01ad1483cb6f

SHA512
9c11b81c929c86df2d7b13f1c9ce82c0dbf68e1815f098193cdd87efc5385cd5f01cc277ccc7aad65f8dab1bc8dc0d99ad069f9efe19ed4ab1b39606cedabb6d

Download Submit
C:\Users\Admin\AppData\Roaming\flare\config\flare_log.txt

Filesize
1KB

MD5
05fef1f8000c2a40c59caf4b52a767ea

SHA1
d9125d8f267dd77a3b3ecc634f353c98f88b08c3

SHA256
531dad2c0d740dd5732bae50867cfb5e3bc0c9b2645810af8fe59f995134da27

SHA512
76d99d51d8f1eeecdd4fe7a7429b7e32f70aec94379c6f517646c42f37ab6419f188a3985d1abb3c7d579ee06e651e24c0b76727fde9943e30c23bddebfe0fa6

Download Submit
C:\Users\Admin\AppData\Roaming\flare\config\flare_log.txt

Filesize
1KB

MD5
ff1a15f77a1d7a933bb0524457128a05

SHA1
a2ce107fc5df9d4529d19b7d8dcce03fed3298c2

SHA256
37871fd9dc43358cacd86200eb28d4c91e76401e673a12478f3087af46cc4cd8

SHA512
7f6a52735ad6cde2e6ebd21565c692b35a7d7b4f51f32f22ff12fe27a4a8eb6dcc8ffb05778844355d27949d5f95c83d9c1692528bfa1efd1c6cf80365b0cc4f

Download Submit
C:\Users\Admin\AppData\Roaming\flare\config\flare_log.txt

Filesize
2KB

MD5
3a611c0ca8d7414cce72ff07dfd616e3

SHA1
bdb8d87058ed1fca0d22a7a7a2ca975615749970

SHA256
f70a478becf87f42181233a306c50bc13bff7060ef62b9f10adb24f8acc38c6a

SHA512
6475ac687346194f42e28cfcbb48cef1fa8fcedb4b55591057b4a606bea6ded489ca64fea3f124e98aac7d3770add8399cecd967dfb49000e60ebb948209f12c

Download Submit
C:\Users\Admin\AppData\Roaming\flare\config\flare_log.txt

Filesize
224B

MD5
973c72615d4e3f8d3ca09bb4fe95ec5f

SHA1
53a08259014fea37afb43042f8ea8f4aa15a83e6

SHA256
950a1228f072b18401fe5b72255a22b49c13a933286cee525c01cf6e4571b3b7

SHA512
c7111fe4080882e7ba996138bc8fea7a29b24e383a6ee993049fbc782d5321f2ed07c0881ce5cde08ca7438c2ca8fda71eaf3c0fd69a43d5152e12ff6a954f5f

Download Submit
C:\Users\Admin\AppData\Roaming\flare\config\flare_log.txt

Filesize
2KB

MD5
61cfde170a72dc0fb89a3d03fb820aa7

SHA1
dd4a0aa1967a0d5eea1a44dc0fc2aa2854d4a216

SHA256
5d7ab200343b03a0c5617976a4ae5bb9fd35351d9007a9028c73102c1653799b

SHA512
878ceddba1745ea6705918a979c5a07f1b3ca5cff54e47318c1a16ff3a7db27a6c6e36bfe1cedaafab89ac5155dc56497280dc1378e222e0480b0eeaa6a8aa9c

Download Submit
memory/4712-91-0x00007FFE85610000-0x00007FFE8563E000-memory.dmp

Filesize
184KB

Download
memory/4712-88-0x00007FFE85640000-0x00007FFE8565B000-memory.dmp

Filesize
108KB

Download
memory/4712-98-0x00007FFE7D000000-0x00007FFE7D02D000-memory.dmp

Filesize
180KB

Download
memory/4712-103-0x00007FFE7CDA0000-0x00007FFE7CE0A000-memory.dmp

Filesize
424KB

Download
memory/4712-102-0x00007FFE7CE10000-0x00007FFE7CF29000-memory.dmp

Filesize
1.1MB

Download
memory/4712-101-0x00007FFE7CF30000-0x00007FFE7CF97000-memory.dmp

Filesize
412KB

Download
memory/4712-97-0x00007FFE7D030000-0x00007FFE7D186000-memory.dmp

Filesize
1.3MB

Download
memory/4712-100-0x00007FFE7CFA0000-0x00007FFE7CFCC000-memory.dmp

Filesize
176KB

Download
memory/4712-99-0x00007FFE7CFD0000-0x00007FFE7CFF8000-memory.dmp

Filesize
160KB

Download
memory/4712-96-0x00007FFE84900000-0x00007FFE8491F000-memory.dmp

Filesize
124KB

Download
memory/4712-95-0x00007FFE7D190000-0x00007FFE7D262000-memory.dmp

Filesize
840KB

Download
memory/4712-92-0x00007FFE7D340000-0x00007FFE7D401000-memory.dmp

Filesize
772KB

Download
memory/4712-93-0x00007FFE849D0000-0x00007FFE849F4000-memory.dmp

Filesize
144KB

Download
memory/4712-90-0x00007FFE7D270000-0x00007FFE7D33C000-memory.dmp

Filesize
816KB

Download
memory/4712-73-0x00007FFE7DBA0000-0x00007FFE7DD93000-memory.dmp

Filesize
1.9MB

Download
memory/4712-87-0x00007FFE7D410000-0x00007FFE7D47F000-memory.dmp

Filesize
444KB

Download
memory/4712-89-0x0000000069500000-0x0000000069517000-memory.dmp

Filesize
92KB

Download
memory/4712-94-0x00007FFE849B0000-0x00007FFE849C3000-memory.dmp

Filesize
76KB

Download
memory/4712-86-0x00007FFE892D0000-0x00007FFE892E9000-memory.dmp

Filesize
100KB

Download
memory/4712-85-0x00007FFE7D480000-0x00007FFE7D526000-memory.dmp

Filesize
664KB

Download
memory/4712-84-0x00007FFE892F0000-0x00007FFE89306000-memory.dmp

Filesize
88KB

Download
memory/4712-83-0x00007FFE8D220000-0x00007FFE8D236000-memory.dmp

Filesize
88KB

Download
memory/4712-82-0x00007FFE8D040000-0x00007FFE8D062000-memory.dmp

Filesize
136KB

Download
memory/4712-81-0x00007FFE7D530000-0x00007FFE7D645000-memory.dmp

Filesize
1.1MB

Download
memory/4712-80-0x00007FFE7D650000-0x00007FFE7D70E000-memory.dmp

Filesize
760KB

Download
memory/4712-75-0x00007FFE7D7A0000-0x00007FFE7DAD3000-memory.dmp

Filesize
3.2MB

Download
memory/4712-79-0x00007FFE8D880000-0x00007FFE8D894000-memory.dmp

Filesize
80KB

Download
memory/4712-78-0x00007FFE84F30000-0x00007FFE84FA0000-memory.dmp

Filesize
448KB

Download
memory/4712-77-0x00007FFE7D710000-0x00007FFE7D79B000-memory.dmp

Filesize
556KB

Download
memory/4712-76-0x00007FFE8D6A0000-0x00007FFE8D6E3000-memory.dmp

Filesize
268KB

Download
memory/4712-74-0x00007FFE7DAE0000-0x00007FFE7DB9F000-memory.dmp

Filesize
764KB

Download
memory/4712-72-0x00007FFE8E970000-0x00007FFE8E98A000-memory.dmp

Filesize
104KB

Download
memory/4712-71-0x00007FFE8D8A0000-0x00007FFE8D8F2000-memory.dmp

Filesize
328KB

Download
memory/4712-70-0x00007FFE8D900000-0x00007FFE8D926000-memory.dmp

Filesize
152KB

Download
memory/4712-69-0x00007FFE7F430000-0x00007FFE7F635000-memory.dmp

Filesize
2.0MB

Download
memory/4712-68-0x00007FF7A57D0000-0x00007FF7A59BA000-memory.dmp

Filesize
1.9MB

Download