Analysis

  • max time kernel
    90s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231201-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231201-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2023, 14:21

General

  • Target

    cdf546e4658cdd7867891bca27ff35fcf59d74869ad27bd86a809f2dde788bcd.exe

  • Size

    9.4MB

  • MD5

    3147a328bb87f4f6e5b88daa0feebfa6

  • SHA1

    7c8431e40e691071cfc7f06f789959b700995ea7

  • SHA256

    cdf546e4658cdd7867891bca27ff35fcf59d74869ad27bd86a809f2dde788bcd

  • SHA512

    6373e15f7191d8d64d7c478e1bd6114f6e531d90d6368210cbf273633f04ca7ec1227162dcf9febea57143adef3a7adef4c5fbc029dd02e9649ae9bf8ec86592

  • SSDEEP

    196608:4gNTxEyxvoWKDBR6t77vQ9EWZht669NUFYxUH:dTxJuWoBRCi9Zht669NUFKU

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cdf546e4658cdd7867891bca27ff35fcf59d74869ad27bd86a809f2dde788bcd.exe
    "C:\Users\Admin\AppData\Local\Temp\cdf546e4658cdd7867891bca27ff35fcf59d74869ad27bd86a809f2dde788bcd.exe"
    1⤵
    • Adds Run key to start application
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4864

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\careueyes\setting_v2.dat

          Filesize

          2KB

          MD5

          48ac597f5f39cdf13539f7c1463f2375

          SHA1

          a82bf316bb080735c504ee0d7a44b5af2b22624c

          SHA256

          235b367a97c40de1cb2ba11cba06ab5d498019eed301cc35e83ee0689be2c9cb

          SHA512

          8dcad702983115811202f4d9024e9e97c9f5e1a4d85045775749212da0c80b52d80e5f4f10481e1850988cc33c51d3fa8e5d535d353ad854b2eefeb2e303df7f

        • memory/4864-5-0x0000000002010000-0x0000000002011000-memory.dmp

          Filesize

          4KB

        • memory/4864-3-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

          Filesize

          4KB

        • memory/4864-4-0x0000000002000000-0x0000000002001000-memory.dmp

          Filesize

          4KB

        • memory/4864-1-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

          Filesize

          4KB

        • memory/4864-6-0x0000000000240000-0x0000000001602000-memory.dmp

          Filesize

          19.8MB

        • memory/4864-0-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

          Filesize

          4KB

        • memory/4864-7-0x0000000002020000-0x0000000002021000-memory.dmp

          Filesize

          4KB

        • memory/4864-9-0x0000000002030000-0x0000000002031000-memory.dmp

          Filesize

          4KB

        • memory/4864-13-0x0000000036DE0000-0x0000000036DF0000-memory.dmp

          Filesize

          64KB

        • memory/4864-14-0x00000000040D0000-0x00000000040E0000-memory.dmp

          Filesize

          64KB

        • memory/4864-2-0x0000000000240000-0x0000000001602000-memory.dmp

          Filesize

          19.8MB

        • memory/4864-34-0x0000000000240000-0x0000000001602000-memory.dmp

          Filesize

          19.8MB

        • memory/4864-35-0x00000000040D0000-0x00000000040E0000-memory.dmp

          Filesize

          64KB