894a461e0d709023ba6ec45f748b38a79ae12cf398702244ef2ffa93dd644133

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22/03/2025, 06:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab06bf4a0dccbe1c178c70bf95deba79d492e6a172c99b620bd255c1b296b9cc.exe
Size

2.9MB
MD5

011b5a3e74882b993bfe922599242374
SHA1

65667021d6b56e8eaa2d42cb0dcd40656f68e843
SHA256

ab06bf4a0dccbe1c178c70bf95deba79d492e6a172c99b620bd255c1b296b9cc
SHA512

fc62d28acdd62ddeae04363569398da324a3031692639ce88775083a8d53b1519fd65c32a22cf52fe36cc7db0dc822ca598c9336dff4b59eabdeef85afe520c7
SSDEEP

49152:PpPkliITYbNbNWo4kSH3OqtwI/cukqXfd+/9AzXnwWJ7C3MEvRBA2FCo1Y3pa2U+:PaliIT4bNJFY3OqtjTkqXf0FgXwom8Ei

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	ab06bf4a0dccbe1c178c70bf95deba79d492e6a172c99b620bd255c1b296b9cc.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	ab06bf4a0dccbe1c178c70bf95deba79d492e6a172c99b620bd255c1b296b9cc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	ab06bf4a0dccbe1c178c70bf95deba79d492e6a172c99b620bd255c1b296b9cc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2316	ab06bf4a0dccbe1c178c70bf95deba79d492e6a172c99b620bd255c1b296b9cc.exe

C:\Users\Admin\AppData\Local\Temp\ab06bf4a0dccbe1c178c70bf95deba79d492e6a172c99b620bd255c1b296b9cc.exe
"C:\Users\Admin\AppData\Local\Temp\ab06bf4a0dccbe1c178c70bf95deba79d492e6a172c99b620bd255c1b296b9cc.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2316-0-0x000007FEF5BA3000-0x000007FEF5BA4000-memory.dmp

Filesize
4KB

Download
memory/2316-1-0x0000000000E40000-0x000000000112E000-memory.dmp

Filesize
2.9MB

Download
memory/2316-2-0x00000000008E0000-0x00000000008F2000-memory.dmp

Filesize
72KB

Download
memory/2316-3-0x00000000008F0000-0x000000000090A000-memory.dmp

Filesize
104KB

Download
memory/2316-4-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

Filesize
9.9MB

Download
memory/2316-5-0x000000001C7F0000-0x000000001CA04000-memory.dmp

Filesize
2.1MB

Download
memory/2316-6-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

Filesize
9.9MB

Download
memory/2316-7-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

Filesize
9.9MB

Download
memory/2316-8-0x000007FEF5BA3000-0x000007FEF5BA4000-memory.dmp

Filesize
4KB

Download
memory/2316-9-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

Filesize
9.9MB

Download
memory/2316-10-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

Filesize
9.9MB

Download
memory/2316-11-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

Filesize
9.9MB

Download