3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73

Analysis

max time kernel
151s
max time network
136s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe
Size

3.8MB
MD5

7c82e11fdfca5afdf8202f0034389d26
SHA1

6ef1177acc811c4023264e4377031fe07b764758
SHA256

3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73
SHA512

7d7be97a817a63b351858e397d3dedd0e3d9c2d387590a8ee786e010dfa64fa3af55c90640d6c9b4c3b86475ea0829b36d4abef2f11f25f4325a3a98c2058f68
SSDEEP

49152:sw80cTsjkWakawTeeiTqK6hpMkQVOh+bSdXAkt9510MP3cqBCqgIcCE7mK+IW1IS:t8sjkUHziP+pMrwgbcDD5N3cqBh1Ie6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2804	Rainmeter.exe

Loads dropped DLL 6 IoCs

pid	Process
1924	3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe
2804	Rainmeter.exe
2804	Rainmeter.exe
2804	Rainmeter.exe
2804	Rainmeter.exe
2804	Rainmeter.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Rainmeter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Rainmeter.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1924	3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe
1924	3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe
1924	3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe
1924	3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe
2804	Rainmeter.exe
2804	Rainmeter.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
1924	3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe
1924	3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe
1924	3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe
1924	3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe
2804	Rainmeter.exe
2804	Rainmeter.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2804	Rainmeter.exe
2804	Rainmeter.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2804	1924	3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe	28
PID 1924 wrote to memory of 2804	1924	3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe	28
PID 1924 wrote to memory of 2804	1924	3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe	28
PID 1924 wrote to memory of 2804	1924	3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe	28

C:\Users\Admin\AppData\Local\Temp\3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe
"C:\Users\Admin\AppData\Local\Temp\3138e1515e07d00fff8dff8ee60d0724a47a3e21daf99a208e65cc0dc7e81f73.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Users\Admin\AppData\Local\Temp\Rainmeter\Rainmeter.exe
  C:\Users\Admin\AppData\Local\Temp\Rainmeter\Rainmeter.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Rainmeter\Languages\2052.dll

Filesize
7KB

MD5
c13ac91ec49a272275cf0c42ef9abd39

SHA1
eaf6d697fd5da1c29ef83cc8f74d70ecff718510

SHA256
3e50dbf35add52b599bfc5ad4d1beeee97e58d02d70a670ccea36ea49c099755

SHA512
3a8d3d2d54ec35fec17838b123cfbc45359fcf46edd880fc213a647537c616bc0462844faff2893b9d49b9585092f9d6797f0f78a9ece1a8d4a7a992b1c21364

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Plugins\PerfMon.dll

Filesize
88KB

MD5
9dd751b298f06a117445002fe91f0fad

SHA1
5f193eaa43aac9eb30e038f8b0707b5bcdb46bc5

SHA256
a908b94bfcf65afe4bebca224e088d75fa6e87cfecd2e3f5c7df99906fa130f1

SHA512
66525c1b79f52d0be1f3160126e1f459f0491f993e8eb4064838438ab4262eb165fc1c378948d4b9db798d8cd7415b0bdea734bc951055488c3dedde2df25611

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Rainmeter.data

Filesize
124B

MD5
0af93da5bdd604bf4af58180d7dc01cf

SHA1
c196209d49f13647bee417063eb31e9cb8ed6b44

SHA256
da7040b616c35d986601167facb785c44745bb07960a67f0e86c1dff4cb030ea

SHA512
a8d2c225dfaaece2c6e63fee5a124c82860e6dd50731ebac2701e8b9b66059fec48abd120e742383136f248835d0368e2aee86c4b2e45b8a3ff4a69dfed5e74c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Rainmeter.data

Filesize
124B

MD5
0af93da5bdd604bf4af58180d7dc01cf

SHA1
c196209d49f13647bee417063eb31e9cb8ed6b44

SHA256
da7040b616c35d986601167facb785c44745bb07960a67f0e86c1dff4cb030ea

SHA512
a8d2c225dfaaece2c6e63fee5a124c82860e6dd50731ebac2701e8b9b66059fec48abd120e742383136f248835d0368e2aee86c4b2e45b8a3ff4a69dfed5e74c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Rainmeter.dll

Filesize
1.9MB

MD5
a2eb58b4a50252c1c0cb7e07173d5b88

SHA1
5e179fe775e8a0bacc7d4640d1be7d1de0db5862

SHA256
cfe3c39bbc8b82c4f534ae6a7e4c9db80e2de4b29c22a973b7ddb789166389fc

SHA512
5b8c6d9175efd89de712c3f5888eb03c71bef1aadedfa6587d9c40a7cef1c1c6efcc7f5621c5ebdf04cb708d9fcad4224f6f4e45dfd6eebfa2c0e03d58409306

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Rainmeter.exe

Filesize
464KB

MD5
0881a58b05284c3bfdf0b361b0e9b8f4

SHA1
cdc0f380164fe3e4eafbdcd408fb7527a359d163

SHA256
06e6ac93c84fec7ffdb99d9712556607a2e5e1fd8d066521e3ac06cb60e58fb6

SHA512
e6242e2cae9f069035c09dc766668e5d83010b776daff41a4b3cabf5e16b6ccac87ceb39fb50fdf2e0157e2393453a12ca1560103ab5eae6207410591be6d4a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Rainmeter.exe

Filesize
464KB

MD5
0881a58b05284c3bfdf0b361b0e9b8f4

SHA1
cdc0f380164fe3e4eafbdcd408fb7527a359d163

SHA256
06e6ac93c84fec7ffdb99d9712556607a2e5e1fd8d066521e3ac06cb60e58fb6

SHA512
e6242e2cae9f069035c09dc766668e5d83010b776daff41a4b3cabf5e16b6ccac87ceb39fb50fdf2e0157e2393453a12ca1560103ab5eae6207410591be6d4a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Rainmeter.ini

Filesize
1KB

MD5
776f7f9763feb9a0d0307e9f1235f16b

SHA1
9f7809ba94928f74ff080a6bbda0445da071f9e7

SHA256
95790e2b78540f7a1a81dea781a9e76968ec23167bc35393c8bd28e4acaa96af

SHA512
c5a9cd6688ff18df8ada0447685e6ada6d844b93f7bd58571c7e0d0f7959e4bf56b20df6d833974ec0402ddeac3f1e7a758d9435c9291a2f82a63e387b45e5e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Rainmeter.ini

Filesize
1KB

MD5
776f7f9763feb9a0d0307e9f1235f16b

SHA1
9f7809ba94928f74ff080a6bbda0445da071f9e7

SHA256
95790e2b78540f7a1a81dea781a9e76968ec23167bc35393c8bd28e4acaa96af

SHA512
c5a9cd6688ff18df8ada0447685e6ada6d844b93f7bd58571c7e0d0f7959e4bf56b20df6d833974ec0402ddeac3f1e7a758d9435c9291a2f82a63e387b45e5e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Rainmeter.stats

Filesize
415B

MD5
380d62ed3c0e0cb79d1582a0cf7bfc5c

SHA1
8e6ebe6ebf66352d09cb47a3dee7d72547dec20b

SHA256
e912bd1f028a1824c640d507111095b130c86b74ed472435ed31ee1f14758eac

SHA512
d3fa452728e1185ab3f4b166c5490dfcc82056b6983a7dea2a68ec167605a84b022166cab2302159e7df7ec3a94c434a95adc83fd05f50aa0781a0866f32585e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Skins\SYSTEM\BGSystem.ini

Filesize
7KB

MD5
a833a9808f49b168cdd4af1a49759743

SHA1
dde54b53e07e2aeb68a87988be375e43d7d3e5ac

SHA256
b89ad4fb4cf17f7b2b43f454c167d327a1ab0ac7102f23a1d131fcd2aa01bff9

SHA512
25028f191ac1df5d676d0e378683682175526d0ea92b881252c1602cd09409c68cf853bf2045e1c876f9b62c834ce7077ed773353a22aabb318a10ce81d83cb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Skins\圆形频谱\@Resources\Fonts\FZLTCXHJW.TTF

Filesize
1.7MB

MD5
a58a499bddbda398e1275972e56b06f6

SHA1
24dfab81236612d596c97eb38b3adf5de99f669c

SHA256
7094b0c994e073c8d01cdbbd1e574bf7d02430bb8848758ff467a0ce415f6d49

SHA512
e0fc0fe3a5c47be219ca84c74cfa018cf022a1774a988aff19a34490334a6e776e3557ec8e1341a637a18d1312d669b21bc2d320d5d1c80563de407e5c7ba1fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Skins\圆形频谱\MeasureAudio.inc

Filesize
9KB

MD5
972fb88b1fe0431e55f601c3b6b5152d

SHA1
f0ba170363a39095b308b4238b3a635d9215a0e5

SHA256
e21a811ce1751474c6e6d2f1c1de331ec894e6f33f4b2892b2b564279b718021

SHA512
2a1a982c9b64e059ac709f648b80a9a92572d598ec1370f269621e7bd3390638c2836d81d433cf1fb4b840168e11fabb91e7c64e82f5f5adb7b3d0e7c7d17538

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Skins\圆形频谱\WaveCC.ini

Filesize
5KB

MD5
94911fa356d071c8bb121f062fc976f2

SHA1
03aad53971191c04450ac9822b1daaca43d5496e

SHA256
e4beecf7fb96f041beeda715a493d0afc60d70f35fc64d92550670b047286588

SHA512
6410e550d92731046f7a9c22f394191447762881b41f607b4b4c9b0031ad401ed1d8a1beadbf7de985d927ad12d9a52db62ba4ddd04808daad2fb6d19c5903fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Skins\圆形频谱\WaveCC.ini

Filesize
5KB

MD5
94911fa356d071c8bb121f062fc976f2

SHA1
03aad53971191c04450ac9822b1daaca43d5496e

SHA256
e4beecf7fb96f041beeda715a493d0afc60d70f35fc64d92550670b047286588

SHA512
6410e550d92731046f7a9c22f394191447762881b41f607b4b4c9b0031ad401ed1d8a1beadbf7de985d927ad12d9a52db62ba4ddd04808daad2fb6d19c5903fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Skins\圆形频谱\ins2.inc

Filesize
8KB

MD5
c50802e0671ba5d5120e3fa9b0f6ec97

SHA1
13355455cb2f2bcf37500de07e33d19604083184

SHA256
8d1ff0736ab45b728a9aa879b3924196ff62007ea7b8df4e6172810349a8c6fe

SHA512
62e16adba98c1854bc35c9928b58a00330164b896a6fa801d7950f37f7d9e4c2a2ba61eeb75ed2bae55fdcdfac30bc12e31498f1eb54b3f1fde8be9affda3ac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Skins\圆形频谱\sur.inc

Filesize
8KB

MD5
d978d6863652bc8faf4929d472b5bf03

SHA1
90636937625e6bb3c8bb5184d9a277c43715f577

SHA256
0f7a4785b7077c9b7e25b57e6ee51bcf574227cb52674ce73e889e3e690db2d1

SHA512
5eaeb4ee9dca82be6d9ec82ca3cbeeb27c932de37860445aa507a55062574832f49a13129013c7cdd40f31dce56eb74b2504b33e8894cc43f28443147abab70f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rainmeter\Skins\圆形频谱\variables.inc

Filesize
124B

MD5
13a0ae9bccb6f244bb40358dd3d89339

SHA1
deba0a03330ea8c248d02f908e334fe11038cd41

SHA256
3b4a28e44f08b1070734a838907089a835ddfbe2386d06b579f9dc4513da2385

SHA512
fbb4a7107ce9e4ac0d7bd12ef46b06236a53762addd7474de1e178930016d7c0e2faea2666e806b4af1b8960895bb991232802d5b41141daaf7bc1ccfb1794d6

Download Submit
\Users\Admin\AppData\Local\Temp\Rainmeter\Plugins\PerfMon.dll

Filesize
88KB

MD5
9dd751b298f06a117445002fe91f0fad

SHA1
5f193eaa43aac9eb30e038f8b0707b5bcdb46bc5

SHA256
a908b94bfcf65afe4bebca224e088d75fa6e87cfecd2e3f5c7df99906fa130f1

SHA512
66525c1b79f52d0be1f3160126e1f459f0491f993e8eb4064838438ab4262eb165fc1c378948d4b9db798d8cd7415b0bdea734bc951055488c3dedde2df25611

Download Submit
\Users\Admin\AppData\Local\Temp\Rainmeter\Plugins\PerfMon.dll

Filesize
88KB

MD5
9dd751b298f06a117445002fe91f0fad

SHA1
5f193eaa43aac9eb30e038f8b0707b5bcdb46bc5

SHA256
a908b94bfcf65afe4bebca224e088d75fa6e87cfecd2e3f5c7df99906fa130f1

SHA512
66525c1b79f52d0be1f3160126e1f459f0491f993e8eb4064838438ab4262eb165fc1c378948d4b9db798d8cd7415b0bdea734bc951055488c3dedde2df25611

Download Submit
\Users\Admin\AppData\Local\Temp\Rainmeter\Plugins\PerfMon.dll

Filesize
88KB

MD5
9dd751b298f06a117445002fe91f0fad

SHA1
5f193eaa43aac9eb30e038f8b0707b5bcdb46bc5

SHA256
a908b94bfcf65afe4bebca224e088d75fa6e87cfecd2e3f5c7df99906fa130f1

SHA512
66525c1b79f52d0be1f3160126e1f459f0491f993e8eb4064838438ab4262eb165fc1c378948d4b9db798d8cd7415b0bdea734bc951055488c3dedde2df25611

Download Submit
\Users\Admin\AppData\Local\Temp\Rainmeter\Plugins\PerfMon.dll

Filesize
88KB

MD5
9dd751b298f06a117445002fe91f0fad

SHA1
5f193eaa43aac9eb30e038f8b0707b5bcdb46bc5

SHA256
a908b94bfcf65afe4bebca224e088d75fa6e87cfecd2e3f5c7df99906fa130f1

SHA512
66525c1b79f52d0be1f3160126e1f459f0491f993e8eb4064838438ab4262eb165fc1c378948d4b9db798d8cd7415b0bdea734bc951055488c3dedde2df25611

Download Submit
\Users\Admin\AppData\Local\Temp\Rainmeter\Rainmeter.dll

Filesize
1.9MB

MD5
a2eb58b4a50252c1c0cb7e07173d5b88

SHA1
5e179fe775e8a0bacc7d4640d1be7d1de0db5862

SHA256
cfe3c39bbc8b82c4f534ae6a7e4c9db80e2de4b29c22a973b7ddb789166389fc

SHA512
5b8c6d9175efd89de712c3f5888eb03c71bef1aadedfa6587d9c40a7cef1c1c6efcc7f5621c5ebdf04cb708d9fcad4224f6f4e45dfd6eebfa2c0e03d58409306

Download Submit
\Users\Admin\AppData\Local\Temp\Rainmeter\Rainmeter.exe

Filesize
464KB

MD5
0881a58b05284c3bfdf0b361b0e9b8f4

SHA1
cdc0f380164fe3e4eafbdcd408fb7527a359d163

SHA256
06e6ac93c84fec7ffdb99d9712556607a2e5e1fd8d066521e3ac06cb60e58fb6

SHA512
e6242e2cae9f069035c09dc766668e5d83010b776daff41a4b3cabf5e16b6ccac87ceb39fb50fdf2e0157e2393453a12ca1560103ab5eae6207410591be6d4a5

Download Submit