Overview
overview
10Static
static
10ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
8ฺฺฺK...ฺฺ
windows10_x64
1Analysis
-
max time kernel
265s -
max time network
285s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
22-11-2020 06:28
Static task
static1
Behavioral task
behavioral1
Sample
bootstrap.min.js
Resource
win10v20201028
Behavioral task
behavioral2
Sample
cd9ccf8681ed1a5380f8a27cd6dc927ab719b04baa6c6583a0c793a6dc00d5f7.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
ch/index.html
Resource
win10v20201028
Behavioral task
behavioral4
Sample
ch/jquery-1.js
Resource
win10v20201028
Behavioral task
behavioral5
Sample
ch/retreaver.js
Resource
win10v20201028
Behavioral task
behavioral6
Sample
chrome-assests/a.html
Resource
win10v20201028
Behavioral task
behavioral7
Sample
chrome-assests/ie10-viewport-bug-workaround.html
Resource
win10v20201028
Behavioral task
behavioral8
Sample
chrome-assests/iframe.js
Resource
win10v20201028
Behavioral task
behavioral9
Sample
chrome-assests/img-1.svg.xml
Resource
win10v20201028
Behavioral task
behavioral10
Sample
chrome-assests/img-11.svg.xml
Resource
win10v20201028
Behavioral task
behavioral11
Sample
chrome-assests/img-12.svg.xml
Resource
win10v20201028
Behavioral task
behavioral12
Sample
chrome-assests/img-2.svg.xml
Resource
win10v20201028
Behavioral task
behavioral13
Sample
chrome-assests/img-3.svg.xml
Resource
win10v20201028
Behavioral task
behavioral14
Sample
chrome-assests/img-4.svg.xml
Resource
win10v20201028
Behavioral task
behavioral15
Sample
hyundai steel-pipe- job 8010(1).exe
Resource
win10v20201028
Behavioral task
behavioral16
Sample
hyundai steel-pipe- job 8010.exe
Resource
win10v20201028
Behavioral task
behavioral17
Sample
ie.svg.xml
Resource
win10v20201028
Behavioral task
behavioral18
Sample
index(1).html
Resource
win10v20201028
Behavioral task
behavioral19
Sample
index(10).html
Resource
win10v20201028
Behavioral task
behavioral20
Sample
index(11).html
Resource
win10v20201028
Behavioral task
behavioral21
Sample
index(2).html
Resource
win10v20201028
Behavioral task
behavioral22
Sample
index(3).html
Resource
win10v20201028
Behavioral task
behavioral23
Sample
index(4).html
Resource
win10v20201028
Behavioral task
behavioral24
Sample
index(5).html
Resource
win10v20201028
Behavioral task
behavioral25
Sample
index(6).html
Resource
win10v20201028
Behavioral task
behavioral26
Sample
index(7).html
Resource
win10v20201028
Behavioral task
behavioral27
Sample
index(8).html
Resource
win10v20201028
Behavioral task
behavioral28
Sample
index(9).html
Resource
win10v20201028
Behavioral task
behavioral29
Sample
index.html
Resource
win10v20201028
Behavioral task
behavioral30
Sample
index2.html
Resource
win10v20201028
Behavioral task
behavioral31
Sample
infected dot net installer.exe
Resource
win10v20201028
Behavioral task
behavioral32
Sample
inps_979.xls
Resource
win10v20201028
Errors
General
-
Target
bootstrap.min.js
-
Size
36KB
-
MD5
55093a3d1ac85ac5734e104d4f2de030
-
SHA1
7d6acbbe3b1589d11873954e95e674f178cbaaf7
-
SHA256
abbb8724a9c69848de604e65aad7a5f6ae3fd7ef2c071b84b41b9cabfabbf2a4
-
SHA512
373ae6189df34c585a26e1662026b131352327c08ae7ae1ab5c108ac94deecacd89afa2e3b955682f03caf097eb909edb82118fe73013f32b18878ee7ada9ace
Malware Config
Signatures
-
Modifies WinLogon to allow AutoLogon 2 TTPs 1 IoCs
Enables rebooting of the machine without requiring login credentials.
Processes:
LogonUI.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked LogonUI.exe -
Modifies data under HKEY_USERS 15 IoCs
Processes:
LogonUI.exedescription ioc process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" LogonUI.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
LogonUI.exepid process 1612 LogonUI.exe 1612 LogonUI.exe
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\bootstrap.min.js1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x0 /state0:0xa3ad1855 /state1:0x41c64e6d1⤵
- Modifies WinLogon to allow AutoLogon
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4800-0-0x000001BFE51A0000-0x000001BFE51A4000-memory.dmpFilesize
16KB