e4947d4610d95e1be8d8e6c9c79c98109a1d34fc28e015d6e6bdd771f7f7482e

Analysis

max time kernel
188s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Minimize to tray.exe
Size

13KB
MD5

079c3b8fed05072c8472461d8093e941
SHA1

380a7f4197c08082282aa40835fe7d14db49708c
SHA256

5451de2d03d18b1f73bce26f7fc94d4d1afc38e059eb3f5c6b2521dc2b096079
SHA512

7ba8fc711973479e79aad4fc4f0cd65ffca6e1fbcdcae3e40b9d2236bacc8fdc3b7d1fb27e017e53dd38fc60228aa5f0262a1287db583e19633ebca03a40fd6f
SSDEEP

192:h544b4ooXoRhzktGTCUyNlpBUXWoPn5fnFYwzQpPuqD68gmOFvCRscDdS:h5f8YPQUxsEFCw6z21mOFvep

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/memory/2304-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral3/memory/2304-1-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Windows\CurrentVersion\Run\MinimizeToTray = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Minimize to tray.exe\""	Minimize to tray.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2304	Minimize to tray.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2304	Minimize to tray.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2304	Minimize to tray.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2304	Minimize to tray.exe
2304	Minimize to tray.exe

C:\Users\Admin\AppData\Local\Temp\Minimize to tray.exe
"C:\Users\Admin\AppData\Local\Temp\Minimize to tray.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Minimize to tray.sav

Filesize
24B

MD5
c959fa4d05426fb556d8b4d045ea1604

SHA1
8577db60b531ff5e9142f6665d1b781ea4ab56fe

SHA256
cfa5d2443cc64713d1064977716d6a7dd89dd07c906f2d048e8a705cfbe21a86

SHA512
c62a459b0f0d850ecd93ccef0764ff20b5f619354afa0c8bc9c7a94e995a7b543c03f83698017e380ea81a3b9f14ad200c88f8e9f98006e20c18c2a16ff986a5

Download Submit
memory/2304-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2304-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads