Overview

overview

10

Static

static

10

Malware-da...00.exe

windows7-x64

Malware-da...00.exe

windows10-2004-x64

Malware-da...ws.exe

windows7-x64

6

Malware-da...ws.exe

windows10-2004-x64

6

Malware-da...as.exe

windows7-x64

6

Malware-da...as.exe

windows10-2004-x64

6

Malware-da...ck.exe

windows7-x64

1

Malware-da...ck.exe

windows10-2004-x64

1

Malware-da...V2.exe

windows7-x64

10

Malware-da...V2.exe

windows10-2004-x64

10

Malware-da...er.exe

windows7-x64

1

Malware-da...er.exe

windows10-2004-x64

1

Malware-da...an.exe

windows7-x64

1

Malware-da...an.exe

windows10-2004-x64

1

Malware-da...up.exe

windows7-x64

1

Malware-da...up.exe

windows10-2004-x64

1

Malware-da...nt.exe

windows7-x64

Malware-da...nt.exe

windows10-2004-x64

Malware-da...ye.exe

windows7-x64

Malware-da...ye.exe

windows10-2004-x64

Malware-da...ry.exe

windows7-x64

10

Malware-da...ry.exe

windows10-2004-x64

10

Malware-da...op.exe

windows7-x64

7

Malware-da...op.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    86s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08-06-2023 10:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Malware-database-main/ChilledWindows.exe

  • Size

    4.4MB

  • MD5

    6a4853cd0584dc90067e15afb43c4962

  • SHA1

    ae59bbb123e98dc8379d08887f83d7e52b1b47fc

  • SHA256

    ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec

  • SHA512

    feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996

  • SSDEEP

    98304:XyDt6K4MJVnjOobt/JN1LA5elHc+S4fRp5UvluKo:XyDtK8bbxn+IHcBEV/F

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Malware-database-main\ChilledWindows.exe
    "C:\Users\Admin\AppData\Local\Temp\Malware-database-main\ChilledWindows.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:948
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 948 -s 2288
      2⤵
      • Program crash
      PID:1372
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x550
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:548

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Malware-database-main\chilledwindows.mp4
    Filesize

    3.6MB

    MD5

    698ddcaec1edcf1245807627884edf9c

    SHA1

    c7fcbeaa2aadffaf807c096c51fb14c47003ac20

    SHA256

    cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b

    SHA512

    a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155

    Download Submit
  • memory/948-67-0x000000001AB60000-0x000000001AB6A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/948-71-0x000007FF4BE00000-0x000007FF4BE0A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/948-66-0x000000001AB60000-0x000000001AB6A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/948-64-0x000000001AB60000-0x000000001AB6A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/948-65-0x000000001AB60000-0x000000001AB6A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/948-72-0x0000000002570000-0x0000000002571000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-70-0x000000001AD80000-0x000000001AD8A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/948-69-0x000000001AB60000-0x000000001AB6A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/948-68-0x000000001AB60000-0x000000001AB6A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/948-54-0x00000000002C0000-0x0000000000724000-memory.dmp
    Filesize

    4.4MB

    Download
  • memory/948-58-0x0000000002350000-0x000000000235A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/948-57-0x000000001AC90000-0x000000001AD10000-memory.dmp
    Filesize

    512KB

    Download
  • memory/948-55-0x000000001AC90000-0x000000001AD10000-memory.dmp
    Filesize

    512KB

    Download
  • memory/948-74-0x000000001AC90000-0x000000001AD10000-memory.dmp
    Filesize

    512KB

    Download
  • memory/948-75-0x000000001AC90000-0x000000001AD10000-memory.dmp
    Filesize

    512KB

    Download
  • memory/948-81-0x000000001AD80000-0x000000001AD8A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/948-80-0x000000001AB60000-0x000000001AB6A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/948-79-0x000000001AB60000-0x000000001AB6A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/948-78-0x000000001AB60000-0x000000001AB6A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/948-77-0x000000001AB60000-0x000000001AB6A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/948-76-0x000000001AB60000-0x000000001AB6A000-memory.dmp
    Filesize

    40KB

    Download