Overview
overview
10Static
static
10Endermanch...is.exe
windows7-x64
1Endermanch...is.exe
windows10-2004-x64
Endermanch...ug.exe
windows7-x64
6Endermanch...ug.exe
windows10-2004-x64
6Endermanch...ck.exe
windows7-x64
7Endermanch...ck.exe
windows10-2004-x64
7Endermanch...om.exe
windows7-x64
1Endermanch...om.exe
windows10-2004-x64
1Endermanch...le.exe
windows7-x64
1Endermanch...le.exe
windows10-2004-x64
1Endermanch...er.exe
windows7-x64
7Endermanch...er.exe
windows10-2004-x64
7Endermanch...er.exe
windows7-x64
7Endermanch...er.exe
windows10-2004-x64
7Endermanch...er.exe
windows7-x64
Endermanch...er.exe
windows10-2004-x64
Endermanch...us.exe
windows7-x64
1Endermanch...us.exe
windows10-2004-x64
1Endermanch....C.exe
windows7-x64
10Endermanch....C.exe
windows10-2004-x64
10Endermanch...rd.exe
windows7-x64
10Endermanch...rd.exe
windows10-2004-x64
9Endermanch...a2.exe
windows7-x64
1Endermanch...a2.exe
windows10-2004-x64
1Endermanch...19.exe
windows7-x64
7Endermanch...19.exe
windows10-2004-x64
7Endermanch...eg.exe
windows7-x64
7Endermanch...eg.exe
windows10-2004-x64
3Endermanch...1).exe
windows7-x64
3Endermanch...1).exe
windows10-2004-x64
3Endermanch...ld.exe
windows7-x64
3Endermanch...ld.exe
windows10-2004-x64
3Resubmissions
03-07-2024 22:59
240703-2yn7wszhlp 1003-07-2024 16:13
240703-tn93lsyglf 1003-07-2024 16:11
240703-tm84xsyfma 1010-05-2024 16:25
240510-tw1h5shh47 1024-08-2023 11:16
230824-nda8msdf8z 10Analysis
-
max time kernel
141s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
24-07-2023 06:25
Static task
static1
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
windows7-x64
windows10-2004-x64
Behavioral task
behavioral29
Sample
Endermanch@NavaShield(1).exe
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral30
Sample
Endermanch@NavaShield(1).exe
Resource
win10v2004-20230703-en
windows10-2004-x64
windows7-x64
windows10-2004-x64
General
-
Target
-
Size
53KB
-
MD5
6536b10e5a713803d034c607d2de19e3
-
SHA1
a6000c05f565a36d2250bdab2ce78f505ca624b7
-
SHA256
775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de
-
SHA512
61727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018
-
SSDEEP
1536:ynqAKryDLrASOcRw52sjzIUK7RkYrJ2lrKX:SNdMT8Z8cX
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run [email protected] Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\~~CB = "cb.exe" [email protected] -
Modifies Control Panel 21 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\Hilight = "61 43 164" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\GrayText = "167 37 122" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\InactiveTitleText = "75 5 217" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\Scrollbar = "88 130 184" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\Menu = "122 249 129" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\MenuText = "221 61 130" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\ActiveBorder = "182 83 33" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\ActiveTitle = "106 130 136" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\InactiveTitle = "204 34 27" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\WindowText = "78 203 246" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\ButtonFace = "220 237 195" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\HilightText = "80 89 48" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\ButtonShadow = "120 240 108" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\ButtonText = "83 222 110" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\Window = "17 185 202" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\WindowFrame = "180 83 225" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\TitleText = "173 55 239" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\AppWorkspace = "113 16 227" [email protected] Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\Background = "118 176 217" [email protected] Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\Control Panel\Colors\InactiveBorder = "201 85 5" [email protected]
Processes
-
C:\Users\Admin\AppData\Local\Temp\[email protected]"C:\Users\Admin\AppData\Local\Temp\[email protected]"1⤵
- Adds Run key to start application
- Modifies Control Panel
PID:1520