2533a628d214587ec4e7a7e2210d5fae3696112aced49ff9896517746901e2bf

Analysis

max time kernel
141s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2023 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

runtimes/linux-x64/native/libcimgui.so
Size

1.3MB
MD5

585a89ce34641da545ad885fe9e5f813
SHA1

bfb8024d91f5d83e4d6f2c9573ac1a66ef56290a
SHA256

0e50aee1717232a2499c99f02c34746d001d0dfb02ba0b23d04525faee47138d
SHA512

fb1b14e432f68e3d6a21392726eb585e4206e6e41bda58072c2811aadc9e81d4beb247f8d6e9c1a58e52e83ee2eea1f5f77bbf5db146e365b39a1e3422405ccf
SSDEEP

12288:WZViqju9EEsAC4MUoe1cKlTGgvG4TU2VbrrlkA3qk3wwprhF:IRj0EeMU1ZTNG4g2ZrZkA3qkgwp3

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 8 IoCs

Processes:

svchost.exe

description	ioc	process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{555CFBAA-E6D7-4BE9-849D-5E846081BE13}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{71010B19-42A2-4EB9-9EA5-F383FDB6BFAF}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{14F182B0-AEBC-475C-A921-A916D1DB59DB}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{20B8FF81-D76C-44DD-9E8B-11594DFCC5A3}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{11D06A92-1819-474B-9D35-6DB43CE7E0AA}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{006D21BD-1CEF-4687-8040-A2B4DA288CED}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{018CA4ED-16F8-4EA5-81F2-177AD6DACC09}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{4307C8CD-065C-4F6B-95C5-8166B1CADB32}.catalogItem	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

OpenWith.execmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3259792829-1422303781-2047321929-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3259792829-1422303781-2047321929-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

1752 OpenWith.exe

pid	process
1752	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\runtimes\linux-x64\native\libcimgui.so
1⤵
- Modifies registry class
PID:3120

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:3748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads