c296811bd089987bd15b06ea5730e1f7757f9aadd908acfa9828c02db6f53bab

Analysis

max time kernel
126s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/02/2023, 20:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Ultimate Custom Night.exe
Size

262.0MB
MD5

f32c44a9a29f4d6dc2472e19a3518ed9
SHA1

a6b006c547b0d2e9812e3caa30647516dab1f0aa
SHA256

c296811bd089987bd15b06ea5730e1f7757f9aadd908acfa9828c02db6f53bab
SHA512

6c890018fe93fdc82bc6925838bc2ae93c74176873b9220ab7db75f445c2a915734ac899a00e33b3ffa9115c824bd4267f4eb2d6a92d925df78ed1f57f895b36
SSDEEP

6291456:dFGLNoPmwAuXmImK/0t7EwRS/4te+UoQRE6wz8TiW2Ni:dsLSPgKT/AEupbJQTB28

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
1204	Ultimate Custom Night.exe
1204	Ultimate Custom Night.exe
1204	Ultimate Custom Night.exe
1204	Ultimate Custom Night.exe
1204	Ultimate Custom Night.exe
1204	Ultimate Custom Night.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1204	Ultimate Custom Night.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2020	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2020	AUDIODG.EXE
Token: 33	2020	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2020	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1204	Ultimate Custom Night.exe

C:\Users\Admin\AppData\Local\Temp\Ultimate Custom Night.exe
"C:\Users\Admin\AppData\Local\Temp\Ultimate Custom Night.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1204

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x568
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2020

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\mrt231B.tmp\Perspective.mfx

Filesize
15KB

MD5
9f064bdcb066daa428db0ed9e33e785d

SHA1
3c0df73cf247ce49d1010fe0e2f722424fe43f4f

SHA256
090925a4cd961f22b1ecd2fba4ce04ab063e26507a1dc09b1d6a40c4860a8777

SHA512
4a510ce13c379e8cb5ccb9f9c69e28e9440f48156c8c4c1fef6987495cace7c028d45530ac961f47786e8f503f90c54310cb1ccf43d7fd584506461c1bd616d5

Download Submit
\Users\Admin\AppData\Local\Temp\mrt231B.tmp\kcini.mfx

Filesize
28KB

MD5
4ff7be1a9bb8ede86739cee1b9b31278

SHA1
ddc780c4ac30bba8af8523c198c93b5977e7d0f6

SHA256
20bad52f883914c6fb11eec9d94173a53a67f2eb97413ba9118edb101f11abb3

SHA512
245d469050c6743a7e52a29252d12981a80e04937cf459f12e8706cfd46d01f06328e2beac7b9a755b7074588701a277643b2bff8fe9d608267fa1e0a0d0da4e

Download Submit
\Users\Admin\AppData\Local\Temp\mrt231B.tmp\mmf2d3d9.dll

Filesize
1.1MB

MD5
6b609661c2c50da042487e79f13e4f92

SHA1
5571709e3eaf58b98b6599ec95668957f4e92d00

SHA256
1a46578e8c579e366bf28b081a3c24abf7c74620950013dbf99a3da6570bf871

SHA512
db02c483b7140ecde52b00b633405df36b859ea67ed0ae910b13b2a023501b492f2795e9a83ebf8d258db143ee355f2242e94a681b9dab9a58bb0c153126f987

Download Submit
\Users\Admin\AppData\Local\Temp\mrt231B.tmp\mmfs2.dll

Filesize
460KB

MD5
d85d31f5589cedefe455355355722f13

SHA1
e87163f4f2b23cc7ac3317be363102fb0900eb48

SHA256
3067a7784b2ed3315b5fcfa5f431dc6b881dba2aac2118d4e5aaf175a1fe480f

SHA512
bea2c8b63955601f80a18b227fd948454d705511e7aa0a850f1f5b379c30c9ab49c9ddbd93d16ae347f6feb6a525f3e3131e61c1e4694cc78dc579a21d43cd81

Download Submit
\Users\Admin\AppData\Local\Temp\mrt231B.tmp\mp3flt.sft

Filesize
24KB

MD5
f0ebc8596156d8ebf6201a10f9864305

SHA1
0efd689d027d2d592369c3585cdd9a0b879e6562

SHA256
fcca0e08e8a64081d71f3ad7455cb5bea48e73f158f0773e856fa100914fe192

SHA512
7752fb5d3d114791c7940088b98c03252d6fb151ad11774a8fd8b4fdf2d289c66b5d54a56feddda2e2e4de125f7f6b75c1197eae276add1774e3290becd8bcf7

Download Submit
\Users\Admin\AppData\Local\Temp\mrt231B.tmp\waveflt.sft

Filesize
8KB

MD5
5230a9c12b9829c9fd333cd8b0620011

SHA1
0becf7512f498c18af3b9943a4b2556a769cc8eb

SHA256
98134d326a09569bd5933ffcb026009575509a1bfc20384ef8eebb762aabcd38

SHA512
1a6a5a72fed0458152ca830941b3d07e448bb588fc61a24c97561833b882e23a529a0a78036732cca95013170a46cc5444a4d642bf05a4fa5a474d51d40789d5

Download Submit
memory/1204-54-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download