Analysis
-
max time kernel
150s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
15/07/2023, 18:42
Static task
static1
Behavioral task
behavioral1
Sample
ModernUI.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
ModernUI.exe
Resource
win10v2004-20230703-en
General
-
Target
ModernUI.exe
-
Size
2.7MB
-
MD5
08fe37a493d41c6cc5ed5187c9a00b82
-
SHA1
524a65c68a967e1eda721aef51dcea67157a6563
-
SHA256
7a3a26888d8d3ca348688acef199fb03d50101c850aff6aaa4fa04b734c59afe
-
SHA512
7c6929fe2051d1dad9bdd0bb771be31b787247798533fa5233fa45c3f55fa2beaf7d60d8621ae8f6a0adaa8570825dab399bbcc1a3ce0cdb46b20078b3d0ed76
-
SSDEEP
49152:JOoKvLM15NNkZgyPS8+jbNZ3u5DE07HH+h9gJapSXMZihNO64gwwQz+5/QlpA4B4:JOoGLW3ktPS8+1Ze5Q0z+hyapTJPgwwl
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 2920 ModernUI.exe 2920 ModernUI.exe -
Obfuscated with Agile.Net obfuscator 4 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral2/files/0x000800000002321e-139.dat agile_net behavioral2/memory/2920-141-0x0000000005C20000-0x0000000005E12000-memory.dmp agile_net behavioral2/files/0x000800000002321e-138.dat agile_net behavioral2/files/0x000800000002321e-145.dat agile_net -
Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
pid Process 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe 2920 ModernUI.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS ModernUI.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer ModernUI.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion ModernUI.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2920 ModernUI.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2920 ModernUI.exe 2920 ModernUI.exe
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
925KB
MD5bbff075e8259c000a248f31ff19b1957
SHA1a15b04799274ce24e6a07393c136ddadd8369078
SHA256a1acb0455703ab9d3e81b11b6d6cc6afde3b6c4df5c1e46d37ff54e17e4898cc
SHA512825fb71efc7f8f23332a27cca545066404fec27b147f436122f0bf76395e51dd5636348253048bf2efd6a7f58c4cc373028d7cba4d2077d7362e6e477e001bd0
-
Filesize
925KB
MD5bbff075e8259c000a248f31ff19b1957
SHA1a15b04799274ce24e6a07393c136ddadd8369078
SHA256a1acb0455703ab9d3e81b11b6d6cc6afde3b6c4df5c1e46d37ff54e17e4898cc
SHA512825fb71efc7f8f23332a27cca545066404fec27b147f436122f0bf76395e51dd5636348253048bf2efd6a7f58c4cc373028d7cba4d2077d7362e6e477e001bd0
-
Filesize
925KB
MD5bbff075e8259c000a248f31ff19b1957
SHA1a15b04799274ce24e6a07393c136ddadd8369078
SHA256a1acb0455703ab9d3e81b11b6d6cc6afde3b6c4df5c1e46d37ff54e17e4898cc
SHA512825fb71efc7f8f23332a27cca545066404fec27b147f436122f0bf76395e51dd5636348253048bf2efd6a7f58c4cc373028d7cba4d2077d7362e6e477e001bd0