7907b91848546b664bf2029fc46f9bf35f429019dd1189324b57a39bf826fc68

General

Target

6f90448948173daeff012b3a0b1fae40N.exe
Size

9.9MB
MD5

6f90448948173daeff012b3a0b1fae40
SHA1

0251ca8f9f0ae46b2d7e05bbf2589e02ba625c98
SHA256

7907b91848546b664bf2029fc46f9bf35f429019dd1189324b57a39bf826fc68
SHA512

314a1b33d8690263435f518b546abedcf3e4d5c854bee8006a5f0a530571b52c4c4ade06c3e74c7b1ef5286720b677bb9763090c858bb4dd6b28eee2324967e6
SSDEEP

98304:ENH57vTrdT25v0rw/kilZtuncGu/Vw0wen+:aHx1zG+

Score

7^/10

discovery

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	6f90448948173daeff012b3a0b1fae40N.exe

Loads dropped DLL 1 IoCs

pid	Process
3044	6f90448948173daeff012b3a0b1fae40N.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
3044	6f90448948173daeff012b3a0b1fae40N.exe
3044	6f90448948173daeff012b3a0b1fae40N.exe
3044	6f90448948173daeff012b3a0b1fae40N.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
8744	3044	WerFault.exe	29

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6f90448948173daeff012b3a0b1fae40N.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 8744	3044	6f90448948173daeff012b3a0b1fae40N.exe	31
PID 3044 wrote to memory of 8744	3044	6f90448948173daeff012b3a0b1fae40N.exe	31
PID 3044 wrote to memory of 8744	3044	6f90448948173daeff012b3a0b1fae40N.exe	31
PID 3044 wrote to memory of 8744	3044	6f90448948173daeff012b3a0b1fae40N.exe	31

C:\Users\Admin\AppData\Local\Temp\6f90448948173daeff012b3a0b1fae40N.exe
"C:\Users\Admin\AppData\Local\Temp\6f90448948173daeff012b3a0b1fae40N.exe"
1⤵
- Checks BIOS information in registry
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 92
  2⤵
  - Program crash
  PID:8744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\SECC25.tmp

Filesize
1024B

MD5
12871388b682b159ddd85545302a289d

SHA1
76b47377da188fcfddeefa0f940287f1cce9885d

SHA256
cc033f00e96cae1829e3a5c15150fe68a62f65440f1b158d9257370fbc488a9b

SHA512
d60953b62d08e52fa2860db257e2bdbaa97e7eff7007617857f7b30a76f7c7ba81f8444d313a6ad496adbbaede5af1661e72522046789bb9aee1340f7ac12c7d

Download Submit
memory/3044-498-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-0-0x0000000000400000-0x000000000062D000-memory.dmp

Filesize
2.2MB

Download
memory/3044-493-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-494-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-506-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-502-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-512-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-516-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-518-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-520-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-524-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-522-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-514-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-510-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-508-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-504-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-496-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-500-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-526-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-536-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-544-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-552-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-554-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-550-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-548-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-546-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-542-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-540-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-538-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-534-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-532-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-530-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-528-0x0000000002370000-0x0000000002481000-memory.dmp

Filesize
1.1MB

Download
memory/3044-1-0x0000000075290000-0x00000000752D7000-memory.dmp

Filesize
284KB

Download
memory/3044-7982-0x0000000000400000-0x000000000062D000-memory.dmp

Filesize
2.2MB

Download

Analysis

Sharing