Overview
overview
10Static
static
10Endermanch...is.exe
windows7-x64
1Endermanch...is.exe
windows10-2004-x64
Endermanch...ug.exe
windows7-x64
6Endermanch...ug.exe
windows10-2004-x64
6Endermanch...ck.exe
windows7-x64
7Endermanch...ck.exe
windows10-2004-x64
7Endermanch...om.exe
windows7-x64
1Endermanch...om.exe
windows10-2004-x64
1Endermanch...le.exe
windows7-x64
1Endermanch...le.exe
windows10-2004-x64
1Endermanch...er.exe
windows7-x64
7Endermanch...er.exe
windows10-2004-x64
7Endermanch...er.exe
windows7-x64
7Endermanch...er.exe
windows10-2004-x64
7Endermanch...er.exe
windows7-x64
Endermanch...er.exe
windows10-2004-x64
Endermanch...us.exe
windows7-x64
1Endermanch...us.exe
windows10-2004-x64
1Endermanch....C.exe
windows7-x64
10Endermanch....C.exe
windows10-2004-x64
10Endermanch...rd.exe
windows7-x64
10Endermanch...rd.exe
windows10-2004-x64
9Endermanch...a2.exe
windows7-x64
1Endermanch...a2.exe
windows10-2004-x64
1Endermanch...19.exe
windows7-x64
7Endermanch...19.exe
windows10-2004-x64
7Endermanch...eg.exe
windows7-x64
7Endermanch...eg.exe
windows10-2004-x64
3Endermanch...1).exe
windows7-x64
3Endermanch...1).exe
windows10-2004-x64
3Endermanch...ld.exe
windows7-x64
3Endermanch...ld.exe
windows10-2004-x64
3Resubmissions
03-07-2024 22:59
240703-2yn7wszhlp 1003-07-2024 16:13
240703-tn93lsyglf 1003-07-2024 16:11
240703-tm84xsyfma 1010-05-2024 16:25
240510-tw1h5shh47 1024-08-2023 11:16
230824-nda8msdf8z 10Analysis
-
max time kernel
119s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
24-07-2023 06:25
Static task
static1
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
Behavioral task
behavioral29
Sample
Endermanch@NavaShield(1).exe
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral30
Sample
Endermanch@NavaShield(1).exe
Resource
win10v2004-20230703-en
windows10-2004-x64
windows7-x64
windows10-2004-x64
General
-
Target
-
Size
53KB
-
MD5
6536b10e5a713803d034c607d2de19e3
-
SHA1
a6000c05f565a36d2250bdab2ce78f505ca624b7
-
SHA256
775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de
-
SHA512
61727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018
-
SSDEEP
1536:ynqAKryDLrASOcRw52sjzIUK7RkYrJ2lrKX:SNdMT8Z8cX
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run [email protected] Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\~~CB = "cb.exe" [email protected] -
Modifies Control Panel 21 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\Scrollbar = "157 195 234" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\ActiveTitle = "18 137 65" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\InactiveTitle = "85 205 90" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\MenuText = "5 235 195" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\WindowText = "60 26 252" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\TitleText = "166 43 153" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\ActiveBorder = "116 83 230" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\AppWorkspace = "54 207 223" [email protected] Key created \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\Window = "170 156 174" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\InactiveBorder = "194 170 134" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\Hilight = "240 85 114" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\ButtonFace = "74 70 199" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\ButtonShadow = "206 113 161" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\Background = "104 82 143" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\Menu = "10 30 159" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\WindowFrame = "125 223 199" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\HilightText = "45 251 172" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\GrayText = "47 82 120" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\ButtonText = "211 177 128" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Control Panel\Colors\InactiveTitleText = "107 36 154" [email protected]
Processes
-
C:\Users\Admin\AppData\Local\Temp\[email protected]"C:\Users\Admin\AppData\Local\Temp\[email protected]"1⤵
- Adds Run key to start application
- Modifies Control Panel
PID:2580