Analysis
-
max time kernel
302s -
max time network
277s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
18-08-2021 08:34
Static task
static1
Behavioral task
behavioral1
Sample
lcok.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
lcok.exe
-
Size
393KB
-
MD5
a96fd151b0afb913af10354e6f6ca1be
-
SHA1
709182b6336e1215e438c6456d50edb3b11c1fb3
-
SHA256
2b9fc5425a407d707354298c59ceb30f601707ed5878687049bf15e088ce4c24
-
SHA512
86e9fb857dc825afc3daf19bab482be337c507875d937596e5407a01ca903b1542793877b07e10d69a9b365438a34568945f2b15ccb3064a13a0356e6a7e73ac
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 4144 Process not Found 1628 Process not Found 4264 Process not Found 4268 Process not Found 4252 Process not Found 4240 Process not Found 4248 Process not Found 4232 Process not Found 4220 Process not Found 4280 Process not Found 3332 Process not Found 4332 Process not Found 4384 Process not Found 2828 Process not Found 4376 Process not Found 4400 Process not Found 2852 Process not Found 4388 Process not Found 4392 Process not Found 2704 Process not Found 3820 Process not Found 2668 Process not Found 516 Process not Found 428 Process not Found 500 Process not Found 592 Process not Found 1008 Process not Found 192 Process not Found 208 Process not Found 3828 Process not Found 2620 Process not Found 648 Process not Found 652 Process not Found 4284 Process not Found 820 Process not Found 4300 Process not Found 4140 Process not Found 4304 Process not Found 3152 Process not Found 1884 Process not Found 3564 Process not Found 812 Process not Found 864 Process not Found 908 Process not Found 424 Process not Found 692 Process not Found 844 Process not Found 1044 Process not Found 1064 Process not Found 1124 Process not Found 1204 Process not Found 1232 Process not Found 1224 Process not Found 1288 Process not Found 1384 Process not Found 1428 Process not Found 1468 Process not Found 1536 Process not Found 1532 Process not Found 1584 Process not Found 1588 Process not Found 1712 Process not Found 1828 Process not Found 1836 Process not Found -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1832 LogonUI.exe 1832 LogonUI.exe