Overview

overview

4

Static

static

SharpMonoI...or.dll

windows10-1703-x64

1

SharpMonoI...ui.exe

windows10-1703-x64

4

Resubmissions

30/12/2022, 08:08

221230-j1htsafc24 4

30/12/2022, 08:04

221230-jydgaaae5s 3

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30/12/2022, 08:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    SharpMonoInjector.Gui/smi_gui.exe

  • Size

    22KB

  • MD5

    b96d8beccfea348c54c5d0e004ff22a0

  • SHA1

    f8afd8a8f6735766056e74ffe2530d39a98b1ead

  • SHA256

    bf234de67b371162a3709d3bb09014fefc0d4a3614583c4c3bfc0ba505d9f044

  • SHA512

    2714c32dcb4cf269021b013fed311d52d718af6520f982dba68ab510c899ada70f44d95df21c9c0e595dd58a2921e7c9bad72bbac524252a9aabb902382a50b1

  • SSDEEP

    384:roy1Wr8WR05YVXgMmJNLDzbZ6w1rat8k9BYEa4qanIEblR4RlrZN+Zv:rJ8r8mtVXYNfbl2lS+V

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SharpMonoInjector.Gui\smi_gui.exe
    "C:\Users\Admin\AppData\Local\Temp\SharpMonoInjector.Gui\smi_gui.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:4108
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4928

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4108-116-0x00000239D1D60000-0x00000239D1D6C000-memory.dmp

          Filesize

          48KB

          Download

        • memory/4108-117-0x00000239D2270000-0x00000239D2278000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4108-118-0x00000239EC410000-0x00000239EC448000-memory.dmp

          Filesize

          224KB

          Download