Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
11/09/2024, 20:14
Static task
static1
Behavioral task
behavioral1
Sample
d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe
Resource
win10v2004-20240802-en
General
-
Target
d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe
-
Size
8.6MB
-
MD5
06a307a6d91a714269f3a036bf848dc2
-
SHA1
91d0fb408b6ca7c1320287a1be13e3c7d514f90a
-
SHA256
d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834
-
SHA512
d8d8e9f3bddb2ca7956f311d7cf0591529d7a53403a11654ba35ebc4bb51aae96e2461ead8b1ddcd089e2f7aafef28d9bc6e145388fc24457e5cb60828f98efd
-
SSDEEP
98304:TRWcAJCi5VmrKVt9bxrgq7lSmBYIeWEJs4chiAVocPUaLXSc1X0gFggYp0y6Yz4Y:F6JCi5Jt9bTB9c5DiXSOX5LYpQuZfD
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
pid Process 1500 d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe 1500 d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe 1500 d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe 1500 d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe 1500 d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe 1500 d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe 1500 d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe 1500 d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe"C:\Users\Admin\AppData\Local\Temp\d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe"1⤵
- Checks BIOS information in registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
PID:1500