d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834

General

Target

d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe
Size

8.6MB
MD5

06a307a6d91a714269f3a036bf848dc2
SHA1

91d0fb408b6ca7c1320287a1be13e3c7d514f90a
SHA256

d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834
SHA512

d8d8e9f3bddb2ca7956f311d7cf0591529d7a53403a11654ba35ebc4bb51aae96e2461ead8b1ddcd089e2f7aafef28d9bc6e145388fc24457e5cb60828f98efd
SSDEEP

98304:TRWcAJCi5VmrKVt9bxrgq7lSmBYIeWEJs4chiAVocPUaLXSc1X0gFggYp0y6Yz4Y:F6JCi5Jt9bTB9c5DiXSOX5LYpQuZfD

Score

7^/10

discovery

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs

pid	Process
1500	d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe
1500	d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe
1500	d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe
1500	d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe
1500	d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe
1500	d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe
1500	d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe
1500	d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe

C:\Users\Admin\AppData\Local\Temp\d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe
"C:\Users\Admin\AppData\Local\Temp\d783e325d2f50def695c2d05fd799aee66b6903005887d087a2710f1bc7c9834.exe"
1⤵
- Checks BIOS information in registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1500-0-0x0000000000400000-0x0000000000CA4000-memory.dmp

Filesize
8.6MB

Download
memory/1500-1-0x0000000075B80000-0x0000000075BC7000-memory.dmp

Filesize
284KB

Download
memory/1500-503-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-516-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-538-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-504-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-540-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-536-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-534-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-532-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-530-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-529-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-526-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-524-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-522-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-520-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-518-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-514-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-512-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-510-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-508-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-506-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-549-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-542-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-556-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-564-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-562-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-560-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-558-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-554-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-552-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-550-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-546-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-544-0x0000000002AA0000-0x0000000002BB1000-memory.dmp

Filesize
1.1MB

Download
memory/1500-2239-0x0000000002910000-0x0000000002A91000-memory.dmp

Filesize
1.5MB

Download
memory/1500-7777-0x0000000000400000-0x0000000000CA4000-memory.dmp

Filesize
8.6MB

Download

Analysis

Sharing