Overview
overview
10Static
static
10Malware-da...00.exe
windows7-x64
Malware-da...00.exe
windows10-2004-x64
Malware-da...ws.exe
windows7-x64
6Malware-da...ws.exe
windows10-2004-x64
6Malware-da...as.exe
windows7-x64
6Malware-da...as.exe
windows10-2004-x64
6Malware-da...ck.exe
windows7-x64
1Malware-da...ck.exe
windows10-2004-x64
1Malware-da...V2.exe
windows7-x64
10Malware-da...V2.exe
windows10-2004-x64
10Malware-da...er.exe
windows7-x64
1Malware-da...er.exe
windows10-2004-x64
1Malware-da...an.exe
windows7-x64
1Malware-da...an.exe
windows10-2004-x64
1Malware-da...up.exe
windows7-x64
1Malware-da...up.exe
windows10-2004-x64
1Malware-da...nt.exe
windows7-x64
Malware-da...nt.exe
windows10-2004-x64
Malware-da...ye.exe
windows7-x64
Malware-da...ye.exe
windows10-2004-x64
Malware-da...ry.exe
windows7-x64
10Malware-da...ry.exe
windows10-2004-x64
10Malware-da...op.exe
windows7-x64
7Malware-da...op.exe
windows10-2004-x64
7Analysis
-
max time kernel
86s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
08-06-2023 10:35
Behavioral task
behavioral1
Sample
Malware-database-main/000.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Malware-database-main/000.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Malware-database-main/ChilledWindows.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Malware-database-main/ChilledWindows.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
Malware-database-main/Christmas.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
Malware-database-main/Christmas.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
Malware-database-main/CookieClickerHack.exe
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
Malware-database-main/CookieClickerHack.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral9
Sample
Malware-database-main/Electron V2.exe
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
Malware-database-main/Electron V2.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
Malware-database-main/Flasher.exe
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
Malware-database-main/Flasher.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
Malware-database-main/MEMZ Trojan.exe
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
Malware-database-main/MEMZ Trojan.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
Malware-database-main/Popup.exe
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
Malware-database-main/Popup.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
Malware-database-main/PowerPoint.exe
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
Malware-database-main/PowerPoint.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral19
Sample
Malware-database-main/RedEye.exe
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
Malware-database-main/RedEye.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral21
Sample
Malware-database-main/WannaCry.exe
Resource
win7-20230220-en
Behavioral task
behavioral22
Sample
Malware-database-main/WannaCry.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral23
Sample
Malware-database-main/butterflyondesktop.exe
Resource
win7-20230220-en
Behavioral task
behavioral24
Sample
Malware-database-main/butterflyondesktop.exe
Resource
win10v2004-20230220-en
General
-
Target
Malware-database-main/ChilledWindows.exe
-
Size
4.4MB
-
MD5
6a4853cd0584dc90067e15afb43c4962
-
SHA1
ae59bbb123e98dc8379d08887f83d7e52b1b47fc
-
SHA256
ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec
-
SHA512
feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996
-
SSDEEP
98304:XyDt6K4MJVnjOobt/JN1LA5elHc+S4fRp5UvluKo:XyDtK8bbxn+IHcBEV/F
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
ChilledWindows.exedescription ioc process File opened (read-only) \??\F: ChilledWindows.exe File opened (read-only) \??\I: ChilledWindows.exe File opened (read-only) \??\K: ChilledWindows.exe File opened (read-only) \??\L: ChilledWindows.exe File opened (read-only) \??\Q: ChilledWindows.exe File opened (read-only) \??\V: ChilledWindows.exe File opened (read-only) \??\X: ChilledWindows.exe File opened (read-only) \??\A: ChilledWindows.exe File opened (read-only) \??\W: ChilledWindows.exe File opened (read-only) \??\B: ChilledWindows.exe File opened (read-only) \??\G: ChilledWindows.exe File opened (read-only) \??\N: ChilledWindows.exe File opened (read-only) \??\R: ChilledWindows.exe File opened (read-only) \??\U: ChilledWindows.exe File opened (read-only) \??\E: ChilledWindows.exe File opened (read-only) \??\J: ChilledWindows.exe File opened (read-only) \??\M: ChilledWindows.exe File opened (read-only) \??\O: ChilledWindows.exe File opened (read-only) \??\P: ChilledWindows.exe File opened (read-only) \??\S: ChilledWindows.exe File opened (read-only) \??\T: ChilledWindows.exe File opened (read-only) \??\Y: ChilledWindows.exe File opened (read-only) \??\H: ChilledWindows.exe File opened (read-only) \??\Z: ChilledWindows.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1372 948 WerFault.exe ChilledWindows.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes:
AUDIODG.EXEChilledWindows.exedescription pid process Token: 33 548 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 548 AUDIODG.EXE Token: 33 548 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 548 AUDIODG.EXE Token: 33 948 ChilledWindows.exe Token: SeIncBasePriorityPrivilege 948 ChilledWindows.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
ChilledWindows.exepid process 948 ChilledWindows.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
ChilledWindows.exedescription pid process target process PID 948 wrote to memory of 1372 948 ChilledWindows.exe WerFault.exe PID 948 wrote to memory of 1372 948 ChilledWindows.exe WerFault.exe PID 948 wrote to memory of 1372 948 ChilledWindows.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Malware-database-main\ChilledWindows.exe"C:\Users\Admin\AppData\Local\Temp\Malware-database-main\ChilledWindows.exe"1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 948 -s 22882⤵
- Program crash
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5501⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\Malware-database-main\chilledwindows.mp4Filesize
3.6MB
MD5698ddcaec1edcf1245807627884edf9c
SHA1c7fcbeaa2aadffaf807c096c51fb14c47003ac20
SHA256cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b
SHA512a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155
-
memory/948-67-0x000000001AB60000-0x000000001AB6A000-memory.dmpFilesize
40KB
-
memory/948-71-0x000007FF4BE00000-0x000007FF4BE0A000-memory.dmpFilesize
40KB
-
memory/948-66-0x000000001AB60000-0x000000001AB6A000-memory.dmpFilesize
40KB
-
memory/948-64-0x000000001AB60000-0x000000001AB6A000-memory.dmpFilesize
40KB
-
memory/948-65-0x000000001AB60000-0x000000001AB6A000-memory.dmpFilesize
40KB
-
memory/948-72-0x0000000002570000-0x0000000002571000-memory.dmpFilesize
4KB
-
memory/948-70-0x000000001AD80000-0x000000001AD8A000-memory.dmpFilesize
40KB
-
memory/948-69-0x000000001AB60000-0x000000001AB6A000-memory.dmpFilesize
40KB
-
memory/948-68-0x000000001AB60000-0x000000001AB6A000-memory.dmpFilesize
40KB
-
memory/948-54-0x00000000002C0000-0x0000000000724000-memory.dmpFilesize
4.4MB
-
memory/948-58-0x0000000002350000-0x000000000235A000-memory.dmpFilesize
40KB
-
memory/948-57-0x000000001AC90000-0x000000001AD10000-memory.dmpFilesize
512KB
-
memory/948-55-0x000000001AC90000-0x000000001AD10000-memory.dmpFilesize
512KB
-
memory/948-74-0x000000001AC90000-0x000000001AD10000-memory.dmpFilesize
512KB
-
memory/948-75-0x000000001AC90000-0x000000001AD10000-memory.dmpFilesize
512KB
-
memory/948-81-0x000000001AD80000-0x000000001AD8A000-memory.dmpFilesize
40KB
-
memory/948-80-0x000000001AB60000-0x000000001AB6A000-memory.dmpFilesize
40KB
-
memory/948-79-0x000000001AB60000-0x000000001AB6A000-memory.dmpFilesize
40KB
-
memory/948-78-0x000000001AB60000-0x000000001AB6A000-memory.dmpFilesize
40KB
-
memory/948-77-0x000000001AB60000-0x000000001AB6A000-memory.dmpFilesize
40KB
-
memory/948-76-0x000000001AB60000-0x000000001AB6A000-memory.dmpFilesize
40KB