Analysis
-
max time kernel
111s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
26-12-2023 01:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
481e464fecd9f2369bc20bd486eaf4a0.exe
Resource
win7-20231215-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
481e464fecd9f2369bc20bd486eaf4a0.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
481e464fecd9f2369bc20bd486eaf4a0.exe
-
Size
117KB
-
MD5
481e464fecd9f2369bc20bd486eaf4a0
-
SHA1
b7fdac92b826799326bead100b39694697fe2536
-
SHA256
ddbc9adb658b2d8ed8161f66f0bd2712ce920bd45c1977ff742a9ca19a082e8a
-
SHA512
5b334bb5b8df397b409714f767c149d3933795f23565d4d5bebc7dfb79e90efc52d8ae956892e4f0f693efe960b4f868b65f66196bef4eb10204b291175ec823
-
SSDEEP
1536:UeuEarAQ6xRoM9A65gBDg5LN+SpEFqhcEXD2wEm140O3aETVBO52+S+DEBBBBBBB:huEarAXoRN6IcfCEXD2wEm1STV85v
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\WINDOWS\\System32\\userinit.exe, D://WINSKIN/winamp_skin.exe" 481e464fecd9f2369bc20bd486eaf4a0.exe -
Enumerates connected drives 3 TTPs 3 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\A: 481e464fecd9f2369bc20bd486eaf4a0.exe File opened (read-only) \??\B: 481e464fecd9f2369bc20bd486eaf4a0.exe File opened (read-only) \??\D: 481e464fecd9f2369bc20bd486eaf4a0.exe -
Modifies WinLogon 2 TTPs 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\ 481e464fecd9f2369bc20bd486eaf4a0.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe 3472 481e464fecd9f2369bc20bd486eaf4a0.exe