Analysis
-
max time kernel
139s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
31/10/2024, 10:27
Static task
static1
Behavioral task
behavioral1
Sample
bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe
Resource
win7-20240903-en
General
-
Target
bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe
-
Size
4.2MB
-
MD5
89df346c0daab94e62d34a9bb9f36b33
-
SHA1
d8a1ca62dd6dae42481c76961bbd88a1234dd925
-
SHA256
bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3
-
SHA512
84a0f6c7ac320294a636312ac432dd645d5afb593dfb533fa04b52c9675cfaf998a8c965d1a8b696408f212b49b8505fb08a6ab48ac4d3d98c45d887c66767e1
-
SSDEEP
98304:m5tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyEY:TssbCGo3yW8dLfZeNjR2Y
Malware Config
Signatures
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3376 bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe 3376 bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe 3376 bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe 3376 bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3376 bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe"C:\Users\Admin\AppData\Local\Temp\bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe"1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3376
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD56c320a254ca94f4a2d64088d1eac6677
SHA1895863a64538dd9db66f6c580b7bcc3b8b99fd0c
SHA2565a3f4b09f11730be53a9e0b828c8d9168e8dbd3bf29b58666e318efb89f04a22
SHA512a5145f8aeb6484878eec2e47af457fa9e0a7f598b099004e94e86ae19068d7b2113266b8b5ddd5c6d40d7416d09e40abf322c0ca079b76b561bcddf038cf50f2
-
Filesize
4KB
MD50bf0f47d1e67a6c42e48b3cc5145b834
SHA170f2c976a696e50bf569113a72a1e651fc41609a
SHA2560de36c3a4ddc4a5cdc7c8bbbf847472a7c517a2aa9ce0cee8c6652811aae2665
SHA512c3f1575a7eb24b895609bf0e8882e6a3ee7679e327eb855ca0d1dd6f9922d97e2f32bce8fc074a3276655aeb3d2e35630558cc59aa957e6ff56381171254ab0f
-
Filesize
246KB
MD5b0fe2e9c4f32b363c5e5fd0d09e81c27
SHA120cb145bc87133e11dedeaa1812ff40a32cbf8f7
SHA2565794bd1f6c0460576c971aaedea0228f4fdc3410ed19bc619836629517b547b6
SHA5127d2f4caa74a48a0be7e74362e2af303727ef569d56a83fc2d8a331113d73603c345186ffd42a7ba4416b984bc6aaf717d814a7c3e25707559554d1ff74dda2ec
-
Filesize
157B
MD5d63ac3ce59eb0dc4a1362af3941f94b7
SHA1ceede13e358827cbec65e6c49567361bca06f784
SHA2561e7c140a98003fc763aec736d866c215a7415f732522da2599a3fb9f99922ac1
SHA512e2c2c847d1f998f94e877752ec2b576d6046fd17c9e00f5348cb2adcbfd2da2358e5762ef0b31eca7c08120ad793ae4a064b601f4b84abea2eff0ddc68ffed2e