bcd1d2a09d608a71b409507b4ffb2a639efadebb3ab9932bab3cf13fd8631876

Analysis

max time kernel
69s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2023, 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

green.exe
Size

33.7MB
MD5

85e8476efa208bd85cfc215d49d4b8f6
SHA1

934f95bb85180d51055c332b330d85378c9b907c
SHA256

bcd1d2a09d608a71b409507b4ffb2a639efadebb3ab9932bab3cf13fd8631876
SHA512

7607a21d9897eb865efec5f6ebd6efb2f84afd8c0628efb64b81075b4e4adc28a8d5f70ef291ea032534f594950748655dd196d33ffad5a56c73ff7b019bbf6c
SSDEEP

786432:bNMekTMN2I8qKhm8faqcOlCscJ6g0daqD3H2K7E6vypuFA1iDHAprFgala7/p:KxNE0cyzg0REkypuFxLA19C

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 27 IoCs

pid	Process
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe
460	green.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5024	1324	WerFault.exe	42

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
460	green.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4528	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4528	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
460	green.exe

C:\Users\Admin\AppData\Local\Temp\green.exe
"C:\Users\Admin\AppData\Local\Temp\green.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:460

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4528

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 468 -p 1324 -ip 1324
1⤵
PID:3132

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1324 -s 1772
1⤵
- Program crash
PID:5024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\DRPC.mfx

Filesize
861KB

MD5
0aa331b547d0650059a75dbad66248f6

SHA1
df01d62ecb2d263c80248c144d0b6212c0910767

SHA256
5e7c4bcc7b722179ca5de3933d0e807d0d1630d8e5a0a51b98cce85199051ea5

SHA512
9f4c0917cf39676c0c7145a21f1349d8ba981023a8c33990cf4046e852824a76ebab89371065ba546376fed95eeecf0accdbbf8fa99935ff4cb4622086c219bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\DRPC.mfx

Filesize
861KB

MD5
0aa331b547d0650059a75dbad66248f6

SHA1
df01d62ecb2d263c80248c144d0b6212c0910767

SHA256
5e7c4bcc7b722179ca5de3933d0e807d0d1630d8e5a0a51b98cce85199051ea5

SHA512
9f4c0917cf39676c0c7145a21f1349d8ba981023a8c33990cf4046e852824a76ebab89371065ba546376fed95eeecf0accdbbf8fa99935ff4cb4622086c219bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\Easing.mfx

Filesize
168KB

MD5
052d1c7eed7b50a18eddc10dfad3ae22

SHA1
6f88687f930e73106d2b8af00f5317eca74e0c61

SHA256
1b5e79e999c4cff19fe0260bdeaeeaea0fcda6057bf6d17bf0f121e9797d20ef

SHA512
ef89c692a47d2ad66d6f4e722e9b330a85cca0faea2f022abfc3da3c1d32fc7c0cf01d6a6e36fddd0b82c97eebc707c9e00e2431792d551b7178fb8d50452966

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\Perspective.mfx

Filesize
15KB

MD5
9f064bdcb066daa428db0ed9e33e785d

SHA1
3c0df73cf247ce49d1010fe0e2f722424fe43f4f

SHA256
090925a4cd961f22b1ecd2fba4ce04ab063e26507a1dc09b1d6a40c4860a8777

SHA512
4a510ce13c379e8cb5ccb9f9c69e28e9440f48156c8c4c1fef6987495cace7c028d45530ac961f47786e8f503f90c54310cb1ccf43d7fd584506461c1bd616d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\Perspective.mfx

Filesize
15KB

MD5
9f064bdcb066daa428db0ed9e33e785d

SHA1
3c0df73cf247ce49d1010fe0e2f722424fe43f4f

SHA256
090925a4cd961f22b1ecd2fba4ce04ab063e26507a1dc09b1d6a40c4860a8777

SHA512
4a510ce13c379e8cb5ccb9f9c69e28e9440f48156c8c4c1fef6987495cace7c028d45530ac961f47786e8f503f90c54310cb1ccf43d7fd584506461c1bd616d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\clickteam-circular.mvx

Filesize
28KB

MD5
670cfc229784a242beb960a430ae9764

SHA1
9818a8a255e58e28c1e7617aa7ab38f29067e4f5

SHA256
671a01a39fa56a32fc0a43b16038d3077202734a7beacd50d73439011a74a4cb

SHA512
7eb59b4391fed479803c2c2ba075d3fa4581473495f2458b0a86fc3d27f8b7e56a012b920bf2b5f1697b4eb498c8d16de17ebed9f10eb55686048cd4f96df1a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\clickteam-circular.mvx

Filesize
28KB

MD5
670cfc229784a242beb960a430ae9764

SHA1
9818a8a255e58e28c1e7617aa7ab38f29067e4f5

SHA256
671a01a39fa56a32fc0a43b16038d3077202734a7beacd50d73439011a74a4cb

SHA512
7eb59b4391fed479803c2c2ba075d3fa4581473495f2458b0a86fc3d27f8b7e56a012b920bf2b5f1697b4eb498c8d16de17ebed9f10eb55686048cd4f96df1a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\clickteam-vector.mvx

Filesize
32KB

MD5
fb1d240db01b491174fc5c5547f18a9e

SHA1
ccb2cf55106198e1f4e373b3b8b581e1b21ec582

SHA256
621e16dc09011a87780f0dedd39a83a0eb45675ff71bf040f310f2df94acf5db

SHA512
c2c782ed0e1861b8b690051411d6c9135a08d176f50a5a2d23f6e1c5854ba691479dc5d4a8c9226fa3de6afe20b6a046acb3b3d3622b7502c9b516be753d420e

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\clickteam-vector.mvx

Filesize
32KB

MD5
fb1d240db01b491174fc5c5547f18a9e

SHA1
ccb2cf55106198e1f4e373b3b8b581e1b21ec582

SHA256
621e16dc09011a87780f0dedd39a83a0eb45675ff71bf040f310f2df94acf5db

SHA512
c2c782ed0e1861b8b690051411d6c9135a08d176f50a5a2d23f6e1c5854ba691479dc5d4a8c9226fa3de6afe20b6a046acb3b3d3622b7502c9b516be753d420e

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\fontembed.mfx

Filesize
15KB

MD5
f38352c344bd71eb21a78a1b69dcade8

SHA1
eca1053fa4ce77f96752f400d4ffac8f2f158d15

SHA256
38b5dba1524e47ff474d29bb0fb3d7b0476e554cdb82f2de09c4a761ab5645b1

SHA512
70134d7e2d4c589fc3ca5c52e005852d07e6b3cce91db00d32bf121611480601d007ead98c3e2febfdd1ca03a0c723fa46e9b73c0f497b315a6cdcb9f15afd56

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\fontembed.mfx

Filesize
15KB

MD5
f38352c344bd71eb21a78a1b69dcade8

SHA1
eca1053fa4ce77f96752f400d4ffac8f2f158d15

SHA256
38b5dba1524e47ff474d29bb0fb3d7b0476e554cdb82f2de09c4a761ab5645b1

SHA512
70134d7e2d4c589fc3ca5c52e005852d07e6b3cce91db00d32bf121611480601d007ead98c3e2febfdd1ca03a0c723fa46e9b73c0f497b315a6cdcb9f15afd56

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\kcini.mfx

Filesize
114KB

MD5
70b41d0034b884bbf9eadde2d3bffcb3

SHA1
26bc9f0ca51594f670ea59867ca9699dcc4d5335

SHA256
4e6c2fb8c5b6080a2ff32fecfa952f428cd0682b078debf70c118e359e73b36b

SHA512
de7fd065f92515e8fb03990b99f3ffb053a082be44d38c7be39147d5760318b7f1a696dd54d39cec4c61dd8c6df3f0785388b9d686dadbce875b58c926250de6

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\kclist.mfx

Filesize
32KB

MD5
996de686c54611b72f9ae3dbd706d6a7

SHA1
d4589030457cf3eb843cd55ec16a7603cb9817fc

SHA256
785d694308481aefe9bb8c787cab477a8051a97f963ec903e1e57099c8a7a8fc

SHA512
bf81facb4c04a39052f661254e2f03378c893179437a722fc8a91c400ec99412ee09231d8766f147b25169f9aa51b2559b4b1173d0e72f65d9ccc24690322675

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\kcwctrl.mfx

Filesize
80KB

MD5
4412d025fdadfa412d8c08e29238d9b1

SHA1
326deb060072faffb5e3c68be562e695e3af183d

SHA256
ed4ad0b23867de26d49e7a7e50cb9c5f33b07d20ac709f8f3855224ee52de15b

SHA512
114ab8bbaf429c1d5c83de538f38cf07bc6b476acd863ee9b9733293ba2e01e0f61671183d21449ac67704112ba0e9534cca8561c2d7f12f96e948b7e003f2e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\mmf2d3d9.dll

Filesize
1.5MB

MD5
8cc5f39e0376554ca5eddf02e592d73a

SHA1
67876787bdf453e768d2f9eef468cd8815b19d2b

SHA256
e477443c7f358d8f8f1e6edd10ab891c78e5b64efd5728f434e07227064611ce

SHA512
e8bf1944f4df99dc1208160a78a278c562ce0a01b2fb5059abe0dc3477499459900c157a51862b4585d11afa448e013fc2fc1b11a2db52ee2e171c5f13d1e443

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\mmfs2.dll

Filesize
496KB

MD5
57b00788621f49bf3e73295fa28a6c43

SHA1
7c49651bdf041d9091cd1c2c107ba7c3b3b1e919

SHA256
be3490d6f1ce88bbc63feef67a9a7820c86c26b7bdcd4de318459b6c4b8f010a

SHA512
b861f4122cd23b3edcb659f0fc0ffba75b1d44140128df4fde4c5fea6b46a187b5fe4195d4da5933a985580bc9b50a89e2926ef21edf242b3b2e0b81325c6494

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\mp3flt.sft

Filesize
24KB

MD5
5bebc3ae0122702b89f9262888d3a393

SHA1
064731c0f1d493b5b82921fa78f06e3d1db95284

SHA256
81c9a9459a8e124793addf142cd513945d6fe600e1d67f74897898d7570e56b2

SHA512
c10cb520c2c4a9fe7c371f17ce7f86f138db247468ab1e465dafd7abd294c2beb13cf3a2595b4c8c820d911d8b70842c8f4e45398693c4f0454f973bd58a10a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\mp3flt.sft

Filesize
24KB

MD5
5bebc3ae0122702b89f9262888d3a393

SHA1
064731c0f1d493b5b82921fa78f06e3d1db95284

SHA256
81c9a9459a8e124793addf142cd513945d6fe600e1d67f74897898d7570e56b2

SHA512
c10cb520c2c4a9fe7c371f17ce7f86f138db247468ab1e465dafd7abd294c2beb13cf3a2595b4c8c820d911d8b70842c8f4e45398693c4f0454f973bd58a10a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\oggflt.sft

Filesize
130KB

MD5
0c8c1ee3ba92189f4ce21d1b396a2765

SHA1
b7daa4a6e16416151dccbb0a89f304961b6cb627

SHA256
9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

SHA512
0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\oggflt.sft

Filesize
130KB

MD5
0c8c1ee3ba92189f4ce21d1b396a2765

SHA1
b7daa4a6e16416151dccbb0a89f304961b6cb627

SHA256
9e589f86317d840df9bb74f6ee20c24ca65afe58f4009740382f63a0f5531941

SHA512
0a4339092ac55bac3b1bdfaaa3401020f8f49918bd2fdb14524f3d558eb840b876aedfdeb54a1da163fa36393abf3fe8ab7e112a34ea9d891e82a22e96c85ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\pinball.mvx

Filesize
68KB

MD5
b208ae4e862a6c6bd6b99bc31b7bf1f9

SHA1
9f7cd9ea0b400c63f11c0a6e7ca5546db7ff218b

SHA256
cbcd1b19716940cb7b48986dfd51f36bc9e04625c4b6face3822a16ed7b49825

SHA512
8ee62a8fcdc26527a2f2b733eefb4fa629ce6ea4cf65d382d95af691874839e88cca8ceaa7e267dc69aa886bdce42c2f64d3cd0743d01bd6f8fdf825fc4e74a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\pinball.mvx

Filesize
68KB

MD5
b208ae4e862a6c6bd6b99bc31b7bf1f9

SHA1
9f7cd9ea0b400c63f11c0a6e7ca5546db7ff218b

SHA256
cbcd1b19716940cb7b48986dfd51f36bc9e04625c4b6face3822a16ed7b49825

SHA512
8ee62a8fcdc26527a2f2b733eefb4fa629ce6ea4cf65d382d95af691874839e88cca8ceaa7e267dc69aa886bdce42c2f64d3cd0743d01bd6f8fdf825fc4e74a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\txtblt.mfx

Filesize
36KB

MD5
8740745e7af7926a0e7d3b194fb51fdf

SHA1
d7688925efd0287334d444a9e4bd584177ed0fbc

SHA256
09a214d9738946b14c4470ea95b45de41641e5d69b7559dbf336f7b4624859b0

SHA512
dc52c25b588f386cceb0eef912e0ac38ffb07443011c957ca3d0fda8c2c6d41e8fbcb33dfc1b7c5ff469216cd8c233d5025b88575bd10684827c18fb5ef52bb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\txtblt.mfx

Filesize
36KB

MD5
8740745e7af7926a0e7d3b194fb51fdf

SHA1
d7688925efd0287334d444a9e4bd584177ed0fbc

SHA256
09a214d9738946b14c4470ea95b45de41641e5d69b7559dbf336f7b4624859b0

SHA512
dc52c25b588f386cceb0eef912e0ac38ffb07443011c957ca3d0fda8c2c6d41e8fbcb33dfc1b7c5ff469216cd8c233d5025b88575bd10684827c18fb5ef52bb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\ultimatefullscreen.mfx

Filesize
86KB

MD5
d9ae994eadde0d3418aedda4f712dc33

SHA1
402e8ca669a4fd6ff69399b7e08d2707f216c68f

SHA256
111c61d9e54b037a2c492b89cf6a82c62f81712fb9fd64a91c9dfc9486887349

SHA512
0c6b0a6df08ef8ecbd2bbbc1dd4534f42ea4f440eed45c98647d712945fd71b5fe484f1a76388724a82a6acb2b98e73efcbf82f0d3a329890215d0eecac20c9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\waveflt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtC383.tmp\waveflt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit
memory/460-194-0x0000000002A80000-0x0000000002A92000-memory.dmp

Filesize
72KB

Download
memory/460-184-0x0000000002B20000-0x0000000002C32000-memory.dmp

Filesize
1.1MB

Download
memory/460-210-0x0000000002C80000-0x0000000002CA4000-memory.dmp

Filesize
144KB

Download