f1bbcc5c678d174d858ae089f4494e3ea8bcfc418098d61804a15e437f08aff7

max time kernel
141s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2023 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Endermanch@ColorBug.exe
Size

53KB
MD5

6536b10e5a713803d034c607d2de19e3
SHA1

a6000c05f565a36d2250bdab2ce78f505ca624b7
SHA256

775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de
SHA512

61727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018
SSDEEP

1536:ynqAKryDLrASOcRw52sjzIUK7RkYrJ2lrKX:SNdMT8Z8cX

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Endermanch@ColorBug.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\~~CB = "cb.exe"	Endermanch@ColorBug.exe

Modifies Control Panel 21 IoCs

evasion

Processes:

Endermanch@ColorBug.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\Hilight = "61 43 164"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\GrayText = "167 37 122"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\InactiveTitleText = "75 5 217"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\Scrollbar = "88 130 184"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\Menu = "122 249 129"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\MenuText = "221 61 130"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\ActiveBorder = "182 83 33"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\ActiveTitle = "106 130 136"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\InactiveTitle = "204 34 27"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\WindowText = "78 203 246"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\ButtonFace = "220 237 195"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\HilightText = "80 89 48"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\ButtonShadow = "120 240 108"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\ButtonText = "83 222 110"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\Window = "17 185 202"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\WindowFrame = "180 83 225"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\TitleText = "173 55 239"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\AppWorkspace = "113 16 227"	Endermanch@ColorBug.exe
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\Background = "118 176 217"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\InactiveBorder = "201 85 5"	Endermanch@ColorBug.exe

C:\Users\Admin\AppData\Local\Temp\Endermanch@ColorBug.exe
"C:\Users\Admin\AppData\Local\Temp\Endermanch@ColorBug.exe"
1⤵
- Adds Run key to start application
- Modifies Control Panel
PID:1520

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1520-133-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download