Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/04/2023, 12:02

General

  • Target

    Muck Trainer Setup.exe

  • Size

    141KB

  • MD5

    3dd47d8cf814ff53999e180235845c9b

  • SHA1

    ac9ce8102250e43fdb1affbde5ad5c912f7c3a0d

  • SHA256

    d5a5189d316e32de65535f17bbf55b372c3e9d4a504d198f180dfebaeaccb40d

  • SHA512

    8d72f7b4e0778b496bc11b6aec2767390ded71ee491ff60d119dab7d6347a9fc65782858a97f568e2a0c58bbb9498e1312db3278e454525aecd2fa79f8d991ae

  • SSDEEP

    3072:Bojm4ILlCI+4COHCyhaEtHZkOpk97oc4ILlCI+4TOHHSafx:Bd+bwaEtHLhiHt

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Muck Trainer Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Muck Trainer Setup.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4644
    • C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638180211139761853.exe
      "C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638180211139761853.exe" --silent
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1328
      • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
        "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent
        3⤵
        • Executes dropped EXE
        PID:4464

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

          Filesize

          1.8MB

          MD5

          b43e5cf21598243f3078d787159d7bef

          SHA1

          dbe552b5455966b2cc59e6786dac21610cbbea0e

          SHA256

          36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80

          SHA512

          8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

        • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

          Filesize

          1.8MB

          MD5

          b43e5cf21598243f3078d787159d7bef

          SHA1

          dbe552b5455966b2cc59e6786dac21610cbbea0e

          SHA256

          36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80

          SHA512

          8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

        • C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638180211139761853.exe

          Filesize

          59.9MB

          MD5

          93783e5cabf93a846258b4c26ba946eb

          SHA1

          60edcd657e40972af038f727a2bc79ce868884d4

          SHA256

          4f6d19344d333591b683cc97719eef9f8c72af9a0ec5a1c61a00b385ebff0adf

          SHA512

          a5e2ef394695dda6fb5a5775f39a2fcf9c4365a4b2c0e1f94a45c6df55b4271ccd1e272bb2f87cedea8e11b852d838a8c0e25f70867eda74408d61eea723182c

        • C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638180211139761853.exe

          Filesize

          60.9MB

          MD5

          02b4ad20729a5de71f1f52c0fd52f7b7

          SHA1

          d0504a3e9f73ee44284d9011e364ab91d698ffc4

          SHA256

          14e1988f1d85a44485712faf1673fbedf87889961b0059c6cc888ce7fbeafb77

          SHA512

          69a74e2f8b5710f70d98577d75dc524bbc844ad55986321813089e3cb78869180bb820c2dd3cb5dcc233064ab04f2652ab00c7269093cb8818e26fbc283a379d

        • memory/4464-199-0x0000000000990000-0x00000000009A0000-memory.dmp

          Filesize

          64KB

        • memory/4464-198-0x00000000000F0000-0x00000000002C6000-memory.dmp

          Filesize

          1.8MB

        • memory/4644-176-0x000001CB51630000-0x000001CB51DD6000-memory.dmp

          Filesize

          7.6MB

        • memory/4644-184-0x000001C32F5B0000-0x000001C32F5C0000-memory.dmp

          Filesize

          64KB

        • memory/4644-179-0x000001C32F5B0000-0x000001C32F5C0000-memory.dmp

          Filesize

          64KB

        • memory/4644-180-0x000001C32F5B0000-0x000001C32F5C0000-memory.dmp

          Filesize

          64KB

        • memory/4644-181-0x000001C32F5B0000-0x000001C32F5C0000-memory.dmp

          Filesize

          64KB

        • memory/4644-182-0x000001C32F5B0000-0x000001C32F5C0000-memory.dmp

          Filesize

          64KB

        • memory/4644-183-0x000001C32F5B0000-0x000001C32F5C0000-memory.dmp

          Filesize

          64KB

        • memory/4644-178-0x000001C32F5B0000-0x000001C32F5C0000-memory.dmp

          Filesize

          64KB

        • memory/4644-185-0x000001C32F5B0000-0x000001C32F5C0000-memory.dmp

          Filesize

          64KB

        • memory/4644-177-0x000001C32F5B0000-0x000001C32F5C0000-memory.dmp

          Filesize

          64KB

        • memory/4644-133-0x000001C32F1C0000-0x000001C32F1E6000-memory.dmp

          Filesize

          152KB

        • memory/4644-142-0x000001C32F5B0000-0x000001C32F5C0000-memory.dmp

          Filesize

          64KB

        • memory/4644-136-0x000001C32F5B0000-0x000001C32F5C0000-memory.dmp

          Filesize

          64KB

        • memory/4644-135-0x000001C32F5B0000-0x000001C32F5C0000-memory.dmp

          Filesize

          64KB

        • memory/4644-134-0x000001C32F5B0000-0x000001C32F5C0000-memory.dmp

          Filesize

          64KB