Analysis
-
max time kernel
591s -
max time network
442s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
04-10-2024 08:25
Static task
static1
Behavioral task
behavioral1
Sample
HandBrake-1.8.2-x86_64-Win_GUI.exe
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240802-en
Behavioral task
behavioral4
Sample
HandBrake.Worker.exe
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
HandBrake.exe
Resource
win11-20240802-en
Behavioral task
behavioral6
Sample
hb.dll
Resource
win11-20240802-en
General
-
Target
HandBrake.exe
-
Size
34.8MB
-
MD5
f3e1f308a1ce0c271b6b48e43cf395ad
-
SHA1
471dd45bb737355cd022bef0c850336541260428
-
SHA256
15bc21d9aa2d18d0e393b8205a190175ec0388a4fc1a9ccfee79b0e21d439a86
-
SHA512
e04f039b52a71ea2da236d035d8bb2426cf7b1ad6ffd6aa2470f643b64a46acfd47a62073724512af77a5a959cce9a36d01127cf04b63bd3cf58caf1f8cccd20
-
SSDEEP
196608:HC3v8sdauO4miemcjYXCe5njhhg4DFgi2Sw6e:Hi9bLnJX/9jhh5ei2Swf
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 HandBrake.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString HandBrake.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2316 HandBrake.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2316 HandBrake.exe