f728628e9e9208f36de582f8f8342f62f58feb861efca0de65587fd0f177c04b

Analysis

max time kernel
121s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wnh64.dll
Size

15KB
MD5

eeddb9ca444d7d5730f1e5c1a1bc8a45
SHA1

e6ced60e38f6c55bd65c0a355215c79d83e49b78
SHA256

f728628e9e9208f36de582f8f8342f62f58feb861efca0de65587fd0f177c04b
SHA512

57db4931ea1e743506be96af64c219e8d72592914d27f81ad2bd7471ab4d942146edbc4efdced6f8d97173f7d90bcad9e346f0e28db4f690bf3bf9640f5d8b94
SSDEEP

192:ZR7rVL8lEbV/Tq4l0gx8iMyhc976ciqDLIig4RDD5:ZRlL8lEbV/Tvxfzhc9270Iigid

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "37"	LogonUI.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3816	LogonUI.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\wnh64.dll,#1
1⤵
PID:1376

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\idi naxuy.txt
1⤵
PID:3280

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3944855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\CompareSelect.dxf

Filesize
571KB

MD5
a89c12172746746e75963914b7d95f42

SHA1
35098e5ebf3a21a4b8739f98fc68084748a7a76a

SHA256
5ee6b904df1fb48f79bc78b6092cfbcf96a7e41f6a338df7c439fc8b4a3414fe

SHA512
bbe892e9faebd8124bd31531f233b4158aaf3086bc4ea40c3289dbeaa43ea8ca803d171566cc012eb60f0ee279b36429b1e47e7fd9c415755374bdbb88ffd254

Download Submit
C:\Users\Admin\Desktop\EnableConvertTo.html

Filesize
590KB

MD5
caf4d407b08e869afa24d1f6e6807624

SHA1
62d29469259073b2a4700d9956b3a5ff11909c24

SHA256
c78dbd37937da12c096f8903ec60174a66fd4372d898d630cea10d0a7fb9a0a1

SHA512
5a7ec3006dd4e4296ca333a6ef6b7c1759e113baff4f0acb751176a92f93084b98311b42a0f036d09246f0bce899c4b79f6f8967ab0120d36c1e564f2965e214

Download Submit
C:\Users\Admin\Desktop\EnterSelect.wmv

Filesize
413KB

MD5
86311037747cbc4d229b6cb6dc6c5488

SHA1
b74e6751b7f8b1ea8c9a8099891ea4bb313a5cdb

SHA256
b9b17e15c9e9e9ffc732b27e4c3e0a2361b01f1c2f82e2f3e02f5eece6990ab6

SHA512
4afb6807751a8434b5aeca73267ccad5703ff7f83583d916894aff7bdacc6f163a92de98eebab4967576d386626bdeef21ddcc5e0a68da8709b615ba594ebc24

Download Submit
C:\Users\Admin\Desktop\ExitExpand.pot

Filesize
708KB

MD5
5ef938adc2d80bb3d5b52b3590672bb7

SHA1
d15afdaa40942a41ccea545ab032618cda829b61

SHA256
f375bd88b15c3add0885383ededf988af609a7f58115b4e3ca3a770252dd8ae2

SHA512
8a7745a6b5192f0c5c125feed4685bdaf432d02ad160fa17c7011ef56b7b702ff50fc249c3efbd03f050e8c7f3f1b3a5d3a13dbb2ca4fbfb5923e180bbf4bac5

Download Submit
C:\Users\Admin\Desktop\FormatSearch.pps

Filesize
669KB

MD5
dbe976bd1cae6a0980add6d92147da0e

SHA1
79cb48a07fe72fd83d1bf0f6a0c5a103e326a79a

SHA256
c11de9320bdb98aab1c0f6ceae3dc6de644bba5d57a13dc9159b1215c004da82

SHA512
c5063bb2b6aa96dfe9ffa849797fbc00784d159967de63e70beb9f3641f85c6093a0813304be01bdc507c4177fb19cb64b10f15600e4cd609ca6168211048eed

Download Submit
C:\Users\Admin\Desktop\JoinPush.rtf

Filesize
393KB

MD5
51f1b61d94fbc2f007a1626459925343

SHA1
b06621f02e8499edc8bee1c40f9aa606efbbca51

SHA256
34642ad995109b4a2fdedbe75c93fdc92afd3b2df2c32de2e2b97740a2836c2d

SHA512
dab3367119472e949e5d47a69576204874503c04cba755c34e809e6004e4e286e20f84fd6b92e93d47adefd948f28cbe870c45b1a63e3e8272c21825299b5148

Download Submit
C:\Users\Admin\Desktop\LockRestore.easmx

Filesize
610KB

MD5
a7f29e02a40c51b94f731b3a580c06f4

SHA1
1aabc789a5ef4307d914755467c14aade9cf65e5

SHA256
630fe5e85048d3b388156a40ecd7335eeade78d0894917f8bea354248874dfcc

SHA512
765719baf0d1077fcb1a29f065721b0cc9ffb37c3d2dc03a7e001f35f1bb6ed692da3dd48310c78233207e49ee90e6960b90d85b8177e003285ed9eb8748c2b8

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
61c111269df508370f0559ce04a106ca

SHA1
4f69620d4ed70df9da24d57e6898439df5e289f9

SHA256
2ceb70acb4060712b791083fcbd92690921859304f850f57b9ca193981e242d9

SHA512
8f77ada7aada752bdcfc0a501108228239387dc69d11f7048fd425e7177ef7dea96fa1906519374ee234ea3c8adb7698e6d78d302b5d5f7ea7e334b22f863d10

Download Submit
C:\Users\Admin\Desktop\OptimizeEnter.hta

Filesize
452KB

MD5
9b52a72fe759e52c511826310bcd6d6f

SHA1
240341905131ee0ff393c088709dee39becb0611

SHA256
51e55fb3c8bdecf3414fbe3958a90c066c5c69532b49b0972ae25ae58ceb1619

SHA512
91ef8a05a2ca49423f0deefb92f4d9f814f7edead89dcc3c6e90dbfc3fb7a257cb0379cd52d3d3d02d2f9cffe8d733df433b8c7040268353f1a6b936864ea7a3

Download Submit
C:\Users\Admin\Desktop\PingGrant.css

Filesize
512KB

MD5
657e4a5b6817fee174bab8bd33a362e3

SHA1
7dc596ec0a5491ac10caa567d08f7c2919247ab6

SHA256
3ebe38bea8514888b8a94e442900fc4b580b2fc50c8ffe179573677d1daff8c9

SHA512
24b9cb323e6c7df63e9c89b7c19e507748bde3056653055c3829ffcda2822567c4f61ca66343f792eb4df825610255fc397c9fa3eb2f059d7ca865c352aac849

Download Submit
C:\Users\Admin\Desktop\PopSplit.aiff

Filesize
551KB

MD5
bc68a660bd7f9b3549ecc5740fb7c2e1

SHA1
93329b6b9a55668dd9f21527f5d72772eb77ec8b

SHA256
3ffa5fcae0525e49945f94b65854fdc581582dcbf83b0ca51fcfdb5f354a03a5

SHA512
b14a921aa2f9d24c87416ac0be5fbe731016d679c51522eb7e352186cb80405c6df6089a76b572daab5ab5388ffe2b750796488fb0edfcf4c252375003dcdf67

Download Submit
C:\Users\Admin\Desktop\PublishExpand.mov

Filesize
728KB

MD5
b0879fa92901dc23603df1e7cd510a51

SHA1
f38a42a05027cb02a9ea20c0157bd13a020bc190

SHA256
81c3ee69ff974e5f4ff1b525cda72a180489fd5fd50ef30235a04733f37013f2

SHA512
cbc12d290c39c50a802526f13a92f347e7caea5aa64a4f7bb5d0a3fa807e5b9db34b9d2f93d6e08389246444046d47a856006269334e33c774ce965d4e2e8d9c

Download Submit
C:\Users\Admin\Desktop\RedoPublish.hta

Filesize
295KB

MD5
1b084512f4fca8d1ffbb8e8859deeb50

SHA1
a6b5c758f7926c657dee4a4affdf674553a780f5

SHA256
88ab7fba466d5cb31852ba40ac306cf0c9056b473c983e46a976bf8bf703fc7e

SHA512
b78c1f4795cf177400c8bcc14901afc1ce4a795c23fca62f36213f7572bc97983d6f9edfd627eadccb6574a890872e50df062b62dbad765e95daf3612e5222b4

Download Submit
C:\Users\Admin\Desktop\RegisterFind.vdx

Filesize
354KB

MD5
141f341ac696bbb8fa41aa9eea188e14

SHA1
22aba96e13fca01941cc321804b365a71e9395ea

SHA256
8c21d2e7a59ede808dc1da7b48b8d18f96c0d2a83a0e60aca1f21c0f3acf4e6d

SHA512
b30961f0eb3366f26427b97850b6831f4ac85d8d42a6ff8fac0d5d1902a39317b9ae1a9dee5e86a6b4a3ad2bbf90830d54675b02e6ee6f35aaace9441a57eb1f

Download Submit
C:\Users\Admin\Desktop\RemoveRename.wvx

Filesize
689KB

MD5
3ab27d861867ecb2aa0dcee2f4a7313d

SHA1
10dbfe686cb9a0538b3c72124892aa7c05ffc661

SHA256
b77762277135f1f9f9ad64885c1d1db8a5af0f7347da12d939fe26bd74418769

SHA512
45f5ed73de76b80bb8088df9606170228115fcc8f4db68da291451b2f2377340ef0861d3a4c78a16caad2c3410a414fb0bab5622a9cff419e34e62284e0d05c6

Download Submit
C:\Users\Admin\Desktop\RepairSubmit.vbe

Filesize
1004KB

MD5
8c1b89d2acc5a0846613a10c8d925100

SHA1
f676d06be7f8ec99bf9f0505319635ecb501f1e5

SHA256
fb81c29f630fe6b4df987fe4af6715b51fa8a539d531170e146eef83f03ad1b3

SHA512
96dd3a0a7a2e67b6549276e965e647361b8567c0c66c357f3640c60637e4a27fb06f8a853695a1265e65ee17a8318644e3ded45fc3db80ce60dfc144e2da0f92

Download Submit
C:\Users\Admin\Desktop\ResolveSplit.temp

Filesize
374KB

MD5
bed59f0565f554095a4d129553416133

SHA1
4eb07573eff70dbbb3884ea1a5cfad2cc0ee9a62

SHA256
9a4575efcc2a7dfad0ebf8baf85ed7589931407775db8a236b9e320e7a08eb7f

SHA512
faaf6471e641bd2da99ea5555e56014273f95086e6e07644004f17ff81699d4444fd6a58192aa9d0ee0130d78968b5113e7e1a7db57f0b5c7e50da9d3c64422f

Download Submit
C:\Users\Admin\Desktop\RestartWait.TS

Filesize
492KB

MD5
41f32122db365e171a523b65143ad57f

SHA1
ca4c2065032a976313559735682318a9ce25c414

SHA256
9755c4ab069ec8505fb1a6ae924f02a0a59a447ac778e24516246bf383810069

SHA512
02d4b68a6a2271c1ba60f2d6c2ca38428831069ac78ce867962b6184837d51bd39e7f38ebbb2b30203cb4f430d77b0597c71ca82f5f81bfb18dd355b3e165daa

Download Submit
C:\Users\Admin\Desktop\RestoreOut.ttc

Filesize
256KB

MD5
04320ed3ec53ad08cdf5e32ec279e4a1

SHA1
eba97bbce69804d320d92d685e069dcb8a7db8cd

SHA256
e923ae35ab0dafcc329613974167f39ef71acbee671a0a7a9b947e8fbd3baabc

SHA512
5b32b24c9e75467bd8ec6bb4d63f6d381284dc14229e6b3c4232c8b1fbbef7c5a44925044dde4658dd0eeb167dd0a0d76aaf70ea4c1802bd560ae197da8127d8

Download Submit
C:\Users\Admin\Desktop\SelectRedo.vsdm

Filesize
531KB

MD5
4daf0282a8bb74029aad52a472f14010

SHA1
58bced6af220666679cfda86e1f297d58972207c

SHA256
63450259a99f7e3f9dd97eab3c93122aa73874c3c0a9dec80b392b69fae0b0ca

SHA512
73ad30cda98584341edbeaf23aa33d0931847492451930c1a40e9d8bac519322ee84419f8d02ff5d91024b32383c8f6bfa954cfac4b308a6aa1cbf6c22a9c5ea

Download Submit
C:\Users\Admin\Desktop\SelectRegister.vsdx

Filesize
275KB

MD5
db589f4588124304eee6ad551e269879

SHA1
aa5411e86fa949e7793da0c3728ac53fe699d674

SHA256
c718a744c3333044675541692914fd0f9c6151bd6bbd020c2a7b6527880c7f24

SHA512
8968c6a992313837eb0ebe447ae825540afe407206aab7ca4863168371eec4756aa2a2302a95edfe1572653c70a25cb213bd1abb8341e201d5af1e2e1991b238

Download Submit
C:\Users\Admin\Desktop\SplitUnlock.cmd

Filesize
433KB

MD5
766e6f0e86870acc279e164670475c6a

SHA1
ecb079c544f5a32ef93d3adf4d46cd95201cc4b9

SHA256
23aa1f01de228d8083751e46ad2f1ddd75fc5e145dd0a2e60162e360172a4ff8

SHA512
4bfc92a8539354099720898f10cde043f1e33eb23aa1087696c39817d137403551a5a60e3ddeb45e5967284afed12c84389b73c7d89ed170f781d185fdf3bfee

Download Submit
C:\Users\Admin\Desktop\UnlockDisable.crw

Filesize
630KB

MD5
ab1c1680491d0634cde3c0962b01ed5c

SHA1
97a94cb9b7f091151ddc52fcacbe84af8f9f9924

SHA256
3de47cb559dbd25fd62f726a192664725c05e987eab0451a9d4b96dfcf0ef673

SHA512
895ea0a9bdfa964a4f673ba3b866f9aef51cd1a292e7d30aa9d9d9cc7c3b2f88d6fddd5828430bc73c004142b7b01b578fd961ab519ea87dcfcdfbb41dfadcde

Download Submit
C:\Users\Admin\Desktop\UnregisterCheckpoint.vsw

Filesize
649KB

MD5
11f13adc75c697d9725958963e0ff915

SHA1
801c42c3dfa4d116930788cffdac1e89fef2f378

SHA256
7e71f4998f9dbc05fb5e4cdbb61e2526fe3ec1da55efe316a68d683b522cb134

SHA512
0bb599bd17607f379d208143b0d840364753d3f105bb3709b4bdaed75964ab2a80cc498ef942dcdf8656c0adafd8c82449414ef29e868d36f592fa7c46d18334

Download Submit
C:\Users\Admin\Desktop\UpdateJoin.mp2

Filesize
472KB

MD5
9fd5cfc0fb9f9951da04fc6f70a64b66

SHA1
f30662df8cc0900bdad7614ea6257ac6b597c0e4

SHA256
a28e95e9340bda6b929e80c31235220f2efaee99284958af30345b0bc01aa9e1

SHA512
b6f3bc7a45b2d233c86e52f64102bfe80b784f01cccabbcd47856dbe0aa002f66e173755c1c6ad04d1a684bb85018cb644dcc7da4ddc2614f0050c574c082c32

Download Submit
C:\Users\Admin\Desktop\UseUnpublish.clr

Filesize
334KB

MD5
0727d45a620807b78c739a4fd127f157

SHA1
38c81b2379bbdd98fc3e4745f63379837b8e2f2d

SHA256
6b4a3a8cb57e9feb7bdaed51aaae871aca5541a76386d62f2fd7968e4d404960

SHA512
2eab61c7764d7df6edef9c4d12a6284be85a80ddd2dfa9529e82b4331a314aff2eee0940bd82b91a2aefcca4a5c1344413c33a60ba56775300c6587727dbdd79

Download Submit
C:\Users\Admin\Desktop\WaitShow.wmx

Filesize
315KB

MD5
bffc6fd8d82f6b8a76771f2bc20a8925

SHA1
648fe607da2a2ea995960b7bfbf64b727e645335

SHA256
34fa70d3367e2eb05b399108ce8aab9901a93ffb1430b854296caf9cfc27f52e

SHA512
acf6e50e179de220b3c7f179e15619b48e61e640f71a0bb105aa32a54bb2685617b9865b578acdd9ce4c0b4e978c4dccf57fc99fbd4edeee54ae348fac91c3c6

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
a7ed9380d3ed0207a95b2b901a47a209

SHA1
1913413fcbf1ce7c47c31f962bef57a24855c379

SHA256
346ba27a1aac349adf2ee5d0ded3f81c07ad498004de4ef193268bb8ba3f869f

SHA512
650a221db3e49a2868b55586010d11bec4428330581d99ce20184398c9f97018311e1f997c68317a838870c9ebafd1df3bf5305e237a5d3ed35db3d00a06ad8c

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
80c8ba219ed50244383af6e08f7a8ce4

SHA1
5e2d3398228eb2d9fb314cec15db7bb4fd3282b2

SHA256
2d3cf07f18996bd7ae42754ea0c53255974765005dfe557d53069f893e592d83

SHA512
d1757ab40c636955f8e73b29cd56f0c9d2b28abbbe92f416f73e4f2b2972405ba5c56294e0e730287b7612d80512b479929ded050c800d4ad52fee929ceb2414

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
ca9350d4eab63e7ecd6b6e71ee548d68

SHA1
1b760b99f202a56ec92736a1eb9b9a89913f251a

SHA256
04d75adfa7691aa0f5d8520517b9c4de95cb07fc43c8acef70d016fc3db3f3c1

SHA512
1cf0e60e0ee45dba71704641b3189ea2e33d0da5c2a956e80049c5089930ef656704e984943c6ac5fca87ea18fd68ba15b55c5ea961ff114e871383993790993

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
6e9959670c719247863d9354d269a05f

SHA1
99aef403bb77de02c315e38a4ab5dba41b25d68f

SHA256
1a08478725de48ae6d1fc9965cbcdafb817b84dda85ba24f038bd3db579f6f68

SHA512
c2f2a6173f15f9e22b30ede33607e3b7b71f07ec8f8ecb250787678d803e0af2f135e3e8809463d2ad754657a939b21e4298ec1f987e0ebb431092eba61aeec6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads