2be340bc7b649f7f0ce213fb87bf6cb5d0423f5f3cd32f4ba2ef39955872bb45

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Size

77KB
MD5

7945101171ec44ce32b319e3c90d007a
SHA1

eedc087565e58443963b98a236d39ee5cc42ba2d
SHA256

2be340bc7b649f7f0ce213fb87bf6cb5d0423f5f3cd32f4ba2ef39955872bb45
SHA512

c1bc5c735f69239f8caae8d770474c0e5d59c69236fe0256e0355a62949292d9763f3312704642fd2351149caf9248ac615cfddceed795c09fbf113182996bf0
SSDEEP

1536:fd6NhAc1pG4kHYh+Ll4wJI4QJnwXFs9EdAIXz23QT5wawMaZQQ:oTh+5zJ/QVwX+TIXKo5wbMaZ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe.BAK	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.BAK	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\3 = 14002e80d43aad2469a5304598e1ab02f9417aa80000	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\3\MRUListEx = ffffffff	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\4\0\1\MRUListEx = ffffffff	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\4\1\0\MRUListEx = ffffffff	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\4\0\1\NodeSlot = "11"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\4\0\1	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1 = 14002e8005398e082303024b98265d99428e115f0000	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\NodeSlot = "5"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\MRUListEx = ffffffff	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 4e003100000000004d575a71100054656d7000003a0009000400efbe2f576d314d575a712e000000a5e10100000001000000000000000000000000000000ad85cf00540065006d007000000014000000	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Generic"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2 = 14002e80922b16d365937a46956b92703aca08af0000	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe

Suspicious use of SetWindowsHookEx 23 IoCs

pid	Process
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
4416	automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe

C:\Users\Admin\AppData\Local\Temp\automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe
"C:\Users\Admin\AppData\Local\Temp\automatic.mouse.and.keyboard.5.7.3.8-patch-#colorblind.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4416

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:1516

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:2548

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Mozilla Firefox\firefox.exe

Filesize
654KB

MD5
1fd347ee17287e9c9532c46a49c4abc4

SHA1
ad5d9599030bfbcc828c4321fffd7b9066369393

SHA256
912373af6f3c176b7e0a71c986d6288f76f5be80de7c9a580b110690271e9237

SHA512
9e52622077e805fcff2c6fe510524bf9ca7246da9ef42843041e82ced28b59163a2729335139df9e2d2a4c748ed56471bb053f337655a77d2d0976370f07acf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\dup2patcher.dll

Filesize
56KB

MD5
f2b3266b596804b080e9c968169eaed0

SHA1
27ed0086f518cd9b65098b72106660a3ffe3453d

SHA256
c4de13000f0208808a09ebd3b9b8e86b6d91f4562314c7fa4dc3f48e7fa0bca1

SHA512
b153e7051884e48c30bbe402f4c56d339991ea3f9a6bc097d7fc6170a96ab5e90cfddc7517c60095d18d1c45b8b48ee768ddd2a61e5a8afd13a747d76757960c

Download Submit
memory/4416-2-0x00000000756B0000-0x00000000756D6000-memory.dmp

Filesize
152KB

Download
memory/4416-7-0x00000000756B0000-0x00000000756D6000-memory.dmp

Filesize
152KB

Download