4d360d83c01b5554e531e36719a215617247f90d2e2fc61c80841e033039b898

Analysis

max time kernel
151s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20250211-en
resource tags

arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
submitted
11/02/2025, 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

idapro_90_x64win.exe
Size

421.7MB
MD5

8583d7721daba98843c15d5280362f00
SHA1

ae48b47dc10e80ee7b0879819b9893ad88485be4
SHA256

4d360d83c01b5554e531e36719a215617247f90d2e2fc61c80841e033039b898
SHA512

b6e90766fc159ba5fed4468bc2e16e94b8c4faf989adf4138a1f83f3a53fe57f9838ce708b3b1178b23a5aa9bfd7a74aa58e937ed0663fe481477d72070a9252
SSDEEP

12582912:HbZ0vgh5tSwNU1A9extCypOOZsZquwbxvPEvqNY:7Zagh5tSwN+J/ObquGJPpY

Score

7^/10

defense_evasion trojan

Malware Config

Signatures

Loads dropped DLL 14 IoCs

pid	Process
4116	idapro_90_x64win.exe
4116	idapro_90_x64win.exe
4116	idapro_90_x64win.exe
4116	idapro_90_x64win.exe
4116	idapro_90_x64win.exe
4116	idapro_90_x64win.exe
4116	idapro_90_x64win.exe
4116	idapro_90_x64win.exe
4116	idapro_90_x64win.exe
4116	idapro_90_x64win.exe
4116	idapro_90_x64win.exe
4116	idapro_90_x64win.exe
4116	idapro_90_x64win.exe
4116	idapro_90_x64win.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	idapro_90_x64win.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	idapro_90_x64win.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	idapro_90_x64win.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	idapro_90_x64win.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4116	idapro_90_x64win.exe
4116	idapro_90_x64win.exe

C:\Users\Admin\AppData\Local\Temp\idapro_90_x64win.exe
"C:\Users\Admin\AppData\Local\Temp\idapro_90_x64win.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BRL00001014\BRD949.tmp

Filesize
128KB

MD5
f2f31d07b6e81f8ae4b80c9c6a60a325

SHA1
69f7bf5d3ae27a922ab2174bc7e7485b9c66c19c

SHA256
385d894797bad7ff9ef8180cbdb100a9a432df2c99563647458d6c32f10ae02f

SHA512
a4898a660e874b699dc3dc8d378c75a08603c884b06424f01bea4aeaab427fcc04e14bff3bd95a4296befbde153cc63036aebc01b5de718efe52d48dbb28f1d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001014\BRD998.tmp

Filesize
356KB

MD5
c3c4f3fe90e3b3b02bea0e8da3447ed2

SHA1
7ac0f54119d2273a2cd261f1fe6c5667e9c486df

SHA256
3524ec77985e390acf9d07d81b1b44305165d711bbca770f7458ea0a78751f82

SHA512
0e24c9394c635a3f1671a297f97b613e6936cd8f862a214125d3456324a18668ae138d5c4fde036f55e2b13b158e4cebc53f78153862a008b1ae747eab228a60

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001014\BRD9D7.tmp

Filesize
59KB

MD5
f62dd6ce51e19349ec1d1f2e88c4ef4d

SHA1
60bd29538b4fecaf527ba8b7d92b7f32d2e72ddb

SHA256
be88244da9faaa6636a9d2f4c4249c08066a0b48359690b9b27a2b9ed47e093d

SHA512
ba68a59427ec252b895e1c3d6879e0c7a010893d23b5a8687ce86d738faaec1367f73abbcf63fb8ce8b95d32afa3049cd59f22f0bc5a2ff2a3b123a54fe02012

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001014\BRD9E8.tmp

Filesize
198KB

MD5
412c88f7f758f0f1e9e47671474f7a51

SHA1
2b92ab2b01f58302a04664c3fc1327acf4b86a84

SHA256
9857719f6d0dab7eb1c4080c0eb1ae19f15d9e5d547be91f12201071fae1808d

SHA512
95cb311323dc40f252612592a3e642beaec50c5c0a76d06ad474ffd195c1d8465149dd882701522906ce99eea6873495ce357cc9aed385b9777f071829138eac

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001014\BRD9F9.tmp

Filesize
513KB

MD5
5fbc6bd806a8a6c460faceeea73bd7f7

SHA1
4d1586a9631a72c3e1d75fb3c385dbd278804665

SHA256
8033d1b3af84d47d275e022608da35baac16cf40d9607ca026a47b6cd65e6a97

SHA512
4c51f9f331ac15206942e13504334b4c3549888519388607c44b617a68a9095114b0e6127e82b84170445df06260cc62308bc197b90cfb95af18d7cb6d413195

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001014\BRDA19.tmp

Filesize
235KB

MD5
51c675fc1ef0a62322052d3e86567c06

SHA1
e295d0b668105d81f9180ef1056d0528e4b2116a

SHA256
aaa3d7e589e9be1911eee5974afa68c64af1bbd5e039ff6a82a15c2b54c0f9f0

SHA512
a352e82db5c930c73165a48337ae51acda7ebd393b8b0b57d03d2e1b5057c41c26b1f321759b7bc521166890853ecdad7b37531212243ad86e181e2252a3b78d

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001014\BRDA39.tmp

Filesize
18KB

MD5
6d2c718c3059ceaa7b90919e6725a09a

SHA1
489967f8fe2b9021a891112754b840fe7dc71d13

SHA256
2ca70bc6394ee1b299a8cf1fe28e95c7d68b765e1828db1b651a7a62acae5356

SHA512
37547e9c6080d0dcb3ea23d9c856ce689997275b40d72bf9fd7c7c165e8cee4afe2ebe52e052c5f8bfc3e618391425219e9681191ee6f650444ebd643cb5a50d

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001014\BRDAB7.tmp

Filesize
19KB

MD5
a56543b9cd3aa403311b49189d25851e

SHA1
bd2609d35d4a967fe23ef4092b1daa6f74a858ad

SHA256
034756f772399552cd33605a189ee0e45d7947860e0d83ec12aa6da1a5a42054

SHA512
2237f493d70799675ae0e395f551b6cd46ff4789e46e2453c48fede07b7623b4b8111904d6fa139c204eea4405b5fd5812b0a91f27374219b721339149c25edf

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001014\BRDBB2.tmp

Filesize
96KB

MD5
9b299884420745d80c70bba6b8a7f05a

SHA1
195423185a7776e072a65fbabae868c15f7b2f56

SHA256
9426e96a97f41645fab524385a852687792f99b505554b6b9809ed99451b2399

SHA512
ed839dc1b6ef53f3663b6055fb2869a522600b2af8d8a800958ddb531154f4e9a3f1733f32dff5511a22fe01525191c8683519cbdcedec138b1bcf3425f2155b

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001014\BRDBC3.tmp

Filesize
179KB

MD5
7a13a1552fa6a5d983df7ca4df4d2b8e

SHA1
fb56bf8473730c0c155a41c4326d0086a36fc9c3

SHA256
7c7d2ad193cd3b96c402b4da2d138ad8e7fd56a8aaa867871c5122f7674395db

SHA512
56ac3d1e5e07b6b9b6e4b1b3c2d38cad4d7616b81855fcaab6856283f866edcdcd3ac43669fc0699d274447b5c8f19fcbd06b7bbd7da68b8787225b708584f3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001014\BRDC02.tmp

Filesize
53KB

MD5
2c8f6a964ca7761122f7da22042462f4

SHA1
290e48bf0f83b3f3832f69bb1ea0637ed4d8ccca

SHA256
9d6f2629aa5978dd6b87fe9bce77a5cf0135b8da2980a050579eb4e23a92f8fa

SHA512
88c49dbc5a5cce28fc61689b953e091dc5114196a9ce5977de1bc1ea916333d73a13d06abb56b7afd88f6c4f80953a2b9b720cd79e773a1246d44b37eae4cbf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001014\BRDC03.tmp

Filesize
53KB

MD5
4640fd47f64bb72cb34dbafee65dbdde

SHA1
508c8713e06ba55588d41918c5a99308cb4b37a0

SHA256
f02c4352ea80e1b476eb4754455ae684efb4289d95edf925e38bd3789f6ead49

SHA512
de2d05ea66ab37b7120cde8f4aeb79c6365430bd94f56b07019451e1329f8f3a2674af9ed6677b8ade59fa2185c6a48eaead47091edc8284e686260c69544a4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001014\BRDC14.tmp

Filesize
218KB

MD5
7190ecf05ec3b297d6ded3e204399e95

SHA1
5c085cbbbcc8686266acfb318e75a38794625e88

SHA256
49e2c502923de5f89958de86f1cc6f91e7ddafe46d0f81bfb51a669627650e6e

SHA512
4e12adcaaebdc08e06270437dd4ebf33c4aecd5b6cce7245bf12b0303c809465d75d5b319fb262a807cf9a5cb99d808e466fc30b19d88ddcf2b3f0b9c9f74881

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL00001014\BRDC34.tmp

Filesize
125KB

MD5
053a60f34c75ca0a4a821b46eae86d31

SHA1
ebcf9f84a393969655969c248c2d572d7a05541c

SHA256
683f19a461948f4cca2fbece26949b34d6347dff279efece983b9f64a868422c

SHA512
346c989ef320079b5978678264059ad9e545081dded233d10dca73a72906fa01df30a3c96f6d319efcea64c198ef409748e511dab8a4d43e1fa7af50ed3f0256

Download Submit
memory/4116-76-0x000000005AE50000-0x000000005AE5E000-memory.dmp

Filesize
56KB

Download
memory/4116-80-0x0000000063980000-0x0000000063994000-memory.dmp

Filesize
80KB

Download
memory/4116-79-0x000000005AE10000-0x000000005AE42000-memory.dmp

Filesize
200KB

Download
memory/4116-78-0x0000000066C00000-0x0000000066C1B000-memory.dmp

Filesize
108KB

Download
memory/4116-77-0x000000006CA00000-0x000000006CA0E000-memory.dmp

Filesize
56KB

Download
memory/4116-75-0x000000006C580000-0x000000006C599000-memory.dmp

Filesize
100KB

Download
memory/4116-74-0x0000000067C80000-0x0000000067D09000-memory.dmp

Filesize
548KB

Download
memory/4116-73-0x00000000710C0000-0x00000000710F4000-memory.dmp

Filesize
208KB

Download
memory/4116-72-0x0000000066680000-0x0000000066695000-memory.dmp

Filesize
84KB

Download
memory/4116-71-0x000000005AE60000-0x000000005AE86000-memory.dmp

Filesize
152KB

Download
memory/4116-70-0x0000000000EB0000-0x000000000118D000-memory.dmp

Filesize
2.9MB

Download
memory/4116-81-0x0000000063100000-0x0000000063114000-memory.dmp

Filesize
80KB

Download
memory/4116-82-0x0000000000EB0000-0x000000000118D000-memory.dmp

Filesize
2.9MB

Download
memory/4116-94-0x0000000000EB0000-0x000000000118D000-memory.dmp

Filesize
2.9MB

Download
memory/4116-106-0x0000000000EB0000-0x000000000118D000-memory.dmp

Filesize
2.9MB

Download
memory/4116-118-0x0000000000EB0000-0x000000000118D000-memory.dmp

Filesize
2.9MB

Download