Overview
overview
10Static
static
10ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
10ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
1ฺฺฺK...ฺฺ
windows10_x64
8ฺฺฺK...ฺฺ
windows10_x64
1Analysis
-
max time kernel
293s -
max time network
311s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
22-11-2020 06:28
Static task
static1
Behavioral task
behavioral1
Sample
bootstrap.min.js
Resource
win10v20201028
Behavioral task
behavioral2
Sample
cd9ccf8681ed1a5380f8a27cd6dc927ab719b04baa6c6583a0c793a6dc00d5f7.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
ch/index.html
Resource
win10v20201028
Behavioral task
behavioral4
Sample
ch/jquery-1.js
Resource
win10v20201028
Behavioral task
behavioral5
Sample
ch/retreaver.js
Resource
win10v20201028
Behavioral task
behavioral6
Sample
chrome-assests/a.html
Resource
win10v20201028
Behavioral task
behavioral7
Sample
chrome-assests/ie10-viewport-bug-workaround.html
Resource
win10v20201028
Behavioral task
behavioral8
Sample
chrome-assests/iframe.js
Resource
win10v20201028
Behavioral task
behavioral9
Sample
chrome-assests/img-1.svg.xml
Resource
win10v20201028
Behavioral task
behavioral10
Sample
chrome-assests/img-11.svg.xml
Resource
win10v20201028
Behavioral task
behavioral11
Sample
chrome-assests/img-12.svg.xml
Resource
win10v20201028
Behavioral task
behavioral12
Sample
chrome-assests/img-2.svg.xml
Resource
win10v20201028
Behavioral task
behavioral13
Sample
chrome-assests/img-3.svg.xml
Resource
win10v20201028
Behavioral task
behavioral14
Sample
chrome-assests/img-4.svg.xml
Resource
win10v20201028
Behavioral task
behavioral15
Sample
hyundai steel-pipe- job 8010(1).exe
Resource
win10v20201028
Behavioral task
behavioral16
Sample
hyundai steel-pipe- job 8010.exe
Resource
win10v20201028
Behavioral task
behavioral17
Sample
ie.svg.xml
Resource
win10v20201028
Behavioral task
behavioral18
Sample
index(1).html
Resource
win10v20201028
Behavioral task
behavioral19
Sample
index(10).html
Resource
win10v20201028
Behavioral task
behavioral20
Sample
index(11).html
Resource
win10v20201028
Behavioral task
behavioral21
Sample
index(2).html
Resource
win10v20201028
Behavioral task
behavioral22
Sample
index(3).html
Resource
win10v20201028
Behavioral task
behavioral23
Sample
index(4).html
Resource
win10v20201028
Behavioral task
behavioral24
Sample
index(5).html
Resource
win10v20201028
Behavioral task
behavioral25
Sample
index(6).html
Resource
win10v20201028
Behavioral task
behavioral26
Sample
index(7).html
Resource
win10v20201028
Behavioral task
behavioral27
Sample
index(8).html
Resource
win10v20201028
Behavioral task
behavioral28
Sample
index(9).html
Resource
win10v20201028
Behavioral task
behavioral29
Sample
index.html
Resource
win10v20201028
Behavioral task
behavioral30
Sample
index2.html
Resource
win10v20201028
Behavioral task
behavioral31
Sample
infected dot net installer.exe
Resource
win10v20201028
Behavioral task
behavioral32
Sample
inps_979.xls
Resource
win10v20201028
Errors
General
-
Target
ch/jquery-1.js
-
Size
93KB
-
MD5
00f66eada2c54b64a3f632747ce1fe2d
-
SHA1
a4837154098ac13ccd72e08fd25d7bcf76826986
-
SHA256
100a135d8e7d5ebf1fe83b0b16da1d8d8b2321acdc4d5c24a1f9a7df53b23cf1
-
SHA512
11220e328a367f1086d0369686d09206badfd2cce18cdbc7420b4aca9785054ad7576f156b6039444f762f6a46a58ac7cefdc0f2bf031f215f59a8d6ae8e254d
Malware Config
Signatures
-
Modifies WinLogon to allow AutoLogon 2 TTPs 1 IoCs
Enables rebooting of the machine without requiring login credentials.
Processes:
LogonUI.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked LogonUI.exe -
Modifies data under HKEY_USERS 15 IoCs
Processes:
LogonUI.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
LogonUI.exepid process 2888 LogonUI.exe 2888 LogonUI.exe
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\ch\jquery-1.js1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x0 /state0:0xa3ad3855 /state1:0x41c64e6d1⤵
- Modifies WinLogon to allow AutoLogon
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx