Analysis

  • max time kernel
    591s
  • max time network
    442s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    04-10-2024 08:25

General

  • Target

    HandBrake.exe

  • Size

    34.8MB

  • MD5

    f3e1f308a1ce0c271b6b48e43cf395ad

  • SHA1

    471dd45bb737355cd022bef0c850336541260428

  • SHA256

    15bc21d9aa2d18d0e393b8205a190175ec0388a4fc1a9ccfee79b0e21d439a86

  • SHA512

    e04f039b52a71ea2da236d035d8bb2426cf7b1ad6ffd6aa2470f643b64a46acfd47a62073724512af77a5a959cce9a36d01127cf04b63bd3cf58caf1f8cccd20

  • SSDEEP

    196608:HC3v8sdauO4miemcjYXCe5njhhg4DFgi2Sw6e:Hi9bLnJX/9jhh5ei2Swf

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HandBrake.exe
    "C:\Users\Admin\AppData\Local\Temp\HandBrake.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2316-73-0x000002564C1E0000-0x000002564C29D000-memory.dmp

    Filesize

    756KB

  • memory/2316-72-0x00007FFED34E0000-0x00007FFED8C9F000-memory.dmp

    Filesize

    87.7MB

  • memory/2316-75-0x000002564C1E0000-0x000002564C29D000-memory.dmp

    Filesize

    756KB

  • memory/2316-77-0x000002564C1E0000-0x000002564C29D000-memory.dmp

    Filesize

    756KB

  • memory/2316-87-0x000002564C1E0000-0x000002564C29D000-memory.dmp

    Filesize

    756KB