Analysis
-
max time kernel
84s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
13-08-2022 00:17
Behavioral task
behavioral1
Sample
d75a7ee1a791ac1260fa1e83e6cd066dcf1446f2d52b136d226b8de8c284cd06.exe
Resource
win7-20220812-en
windows7-x64
13 signatures
150 seconds
Behavioral task
behavioral2
Sample
d75a7ee1a791ac1260fa1e83e6cd066dcf1446f2d52b136d226b8de8c284cd06.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
d75a7ee1a791ac1260fa1e83e6cd066dcf1446f2d52b136d226b8de8c284cd06.exe
-
Size
208KB
-
MD5
aa7811688cb87b19d2ea4c77244e704a
-
SHA1
25ff7bed93d5d89e711098288153a9c425c71c29
-
SHA256
d75a7ee1a791ac1260fa1e83e6cd066dcf1446f2d52b136d226b8de8c284cd06
-
SHA512
794321540cd2b8df75b1ccd85b60a13ff88ec004bfc1b1c5d3fa008ce527e7343faa5c452867b30ea755f6bfd2ed5e8e92e4ccdbcda981b96c95ca82989fa253
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 11 IoCs
Processes:
svchost.exedescription ioc process File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log svchost.exe -
Modifies registry class 1 IoCs
Processes:
mspaint.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings mspaint.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
mspaint.exepid process 1184 mspaint.exe 1184 mspaint.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
mspaint.exeOpenWith.exepid process 1184 mspaint.exe 2840 OpenWith.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d75a7ee1a791ac1260fa1e83e6cd066dcf1446f2d52b136d226b8de8c284cd06.exe"C:\Users\Admin\AppData\Local\Temp\d75a7ee1a791ac1260fa1e83e6cd066dcf1446f2d52b136d226b8de8c284cd06.exe"1⤵
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\TraceInvoke.jfif" /ForceBootstrapPaint3D1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc1⤵
- Drops file in System32 directory
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx