Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
21/11/2023, 10:41
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
packy.exe
Resource
win7-20231023-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
packy.exe
Resource
win10-20231020-en
windows10-1703-x64
3 signatures
150 seconds
Behavioral task
behavioral3
Sample
packy.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
packy.exe
-
Size
20KB
-
MD5
f8bfaf0d65a295ca33ebf4be63457588
-
SHA1
d8bba0a431c18a52d0745a8d5f17e92d8768cf0a
-
SHA256
4786322b7f2ec05b480bd0f11b3380bdc2ff171147dc3dcf004ae1dc18816e15
-
SHA512
9ae269c19ef19547bbf4ef4184ed1e628b12c72c0607fc69903973c028cdea49b27b3254d7b7226e7c36281fcf9cb5fe6c94bcab3ff6c3e6841bc40d30ef7a00
-
SSDEEP
384:c/zWJQbBAJ/GZzUUj132wCSCTqWXJIm0RZyBOS2zUAONplmXLGqIxnCWD:kWWg/GVZWVTqs8cOS2dglKLGq8n
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "167" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 1676 Process not Found 408 Process not Found 2788 Process not Found 2908 Process not Found 4936 Process not Found 1908 Process not Found 2748 Process not Found 3344 Process not Found 2288 Process not Found 3904 Process not Found 3956 Process not Found 2252 Process not Found 2996 Process not Found 1548 Process not Found 3892 Process not Found 1412 Process not Found 4092 Process not Found 2752 Process not Found 3668 Process not Found 4856 Process not Found 3728 Process not Found 3408 Process not Found 1832 Process not Found 4072 Process not Found 4836 Process not Found 3808 Process not Found 4484 Process not Found 456 Process not Found 2360 Process not Found 3020 Process not Found 1976 Process not Found 1448 Process not Found 1720 Process not Found 4304 Process not Found 4172 Process not Found 2020 Process not Found 2520 Process not Found 1592 Process not Found 752 Process not Found 2284 Process not Found 1304 Process not Found 2296 Process not Found 2116 Process not Found 4696 Process not Found 2196 Process not Found 2372 Process not Found 2472 Process not Found 2232 Process not Found 4944 Process not Found 4408 Process not Found 5080 Process not Found 4384 Process not Found 1880 Process not Found 1228 Process not Found 4964 Process not Found 4720 Process not Found 3468 Process not Found 4532 Process not Found 2568 Process not Found 3388 Process not Found 4652 Process not Found 1516 Process not Found 2888 Process not Found 1460 Process not Found -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2316 LogonUI.exe