Overview

overview

10

Static

static

10

RIP_YOUR_PC_LOL.exe

windows10_x64

4

Resubmissions

15-03-2022 08:40

220315-klcjwshbh7 10

11-03-2022 16:17

220311-trnzjsdcar 10

11-03-2022 15:27

220311-sv8yfsdbam 10

09-03-2022 15:19

220309-sp9ykacfan 10

Analysis

  • max time kernel
    1800s
  • max time network
    1594s
  • platform
    windows10_x64
  • resource
    win10-20220223-en
  • submitted
    11-03-2022 16:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RIP_YOUR_PC_LOL.exe

  • Size

    22.5MB

  • MD5

    52867174362410d63215d78e708103ea

  • SHA1

    7ae4e1048e4463a4201bdeaf224c5b6face681bf

  • SHA256

    37d8e1ce3b6e6488942717aa78cb54785edc985143bcc8d9ba9f42d73a3dbd7a

  • SHA512

    89e17e147d3f073e479e85d0b0321f6264bbc2aa84c930ed645e8f5cde3f1e58812c3db1ba0f10bee6ce7ac0731e1e3de6747a9b3c4d63a564dd8d904bd726ab

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RIP_YOUR_PC_LOL.exe
    "C:\Users\Admin\AppData\Local\Temp\RIP_YOUR_PC_LOL.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\Windows\SysWOW64\fondue.exe
      "C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3492
      • C:\Windows\System32\FonDUE.EXE
        "C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
        3⤵
          PID:3484
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3764

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    2
    T1012

    Peripheral Device Discovery

    1
    T1120

    System Information Discovery

    2
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads