Overview

overview

10

Static

static

10

TrashMalwa...in.exe

windows10-2004-x64

8

TrashMalwa...er.exe

windows10-2004-x64

8

TrashMalwa...nk.exe

windows10-2004-x64

8

TrashMalwa...oN.bat

windows10-2004-x64

8

TrashMalwa...zz.exe

windows10-2004-x64

6

TrashMalwa...de.exe

windows10-2004-x64

8

TrashMalwa...20.exe

windows10-2004-x64

7

TrashMalwa...ll.exe

windows10-2004-x64

8

TrashMalwa...le.exe

windows10-2004-x64

8

TrashMalwa...oe.bat

windows10-2004-x64

TrashMalwa....0.exe

windows10-2004-x64

7

TrashMalwa....0.exe

windows10-2004-x64

8

TrashMalwa....0.exe

windows10-2004-x64

8

TrashMalwa...ic.exe

windows10-2004-x64

6

TrashMalwa...OD.exe

windows10-2004-x64

10

TrashMalwa...um.exe

windows10-2004-x64

6

TrashMalwa...er.exe

windows10-2004-x64

8

TrashMalwa...MZ.exe

windows10-2004-x64

1

TrashMalwa...ch.exe

windows10-2004-x64

8

TrashMalwa....5.exe

windows10-2004-x64

8

TrashMalwa...ol.exe

windows10-2004-x64

8

TrashMalwa...hm.exe

windows10-2004-x64

10

TrashMalwa...10.exe

windows10-2004-x64

7

TrashMalwa...V6.exe

windows10-2004-x64

7

TrashMalwa.../x.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    14s
  • max time network
    50s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-09-2022 14:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TrashMalwares-main/RealBSOD.exe

  • Size

    277KB

  • MD5

    1092ecd10230551ef8cc90c32f103921

  • SHA1

    d9c539c583164c23d3f62b9c9e659bbde59dcbe7

  • SHA256

    21e9c64b50918b43b657b4b11bd1d54d70c69723fca117a077ffb38ec4cd5fec

  • SHA512

    4fb10500f88bee5b57c255f8e776cebb5dd99729e7a2df3978347fb24541770a2f2865c54d1cf9989caaf1cb54a43f84fb4f33aadcf5135c85380927648f2b6b

  • SSDEEP

    384:iVk9Nwhkf6tx5rzVuNbhKxl3G2P6ffBjDSi8NrFFqq79l/916UcQ55Q9MCL66pnx:4hzQNbQG2PA0eACGwnatYcFtVc6K

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Kills process with taskkill 2 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\RealBSOD.exe
    "C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\RealBSOD.exe"
    1⤵
    • UAC bypass
    • Disables RegEdit via registry modification
    • Checks computer location settings
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:4440
    • C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" /f /im wininit.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4868
    • C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" /f /im svchost.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:1800

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1800-137-0x0000000000000000-mapping.dmp
    Download
  • memory/4440-132-0x0000000000F40000-0x0000000000F8C000-memory.dmp
    Filesize

    304KB

    Download
  • memory/4440-133-0x0000000005ED0000-0x0000000006474000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/4440-134-0x00000000059C0000-0x0000000005A52000-memory.dmp
    Filesize

    584KB

    Download
  • memory/4440-135-0x0000000005940000-0x000000000594A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/4868-136-0x0000000000000000-mapping.dmp
    Download