Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 21:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1cedb41d45c24fd93f70ff4dedb2c242.exe
Resource
win7-20231215-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
1cedb41d45c24fd93f70ff4dedb2c242.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
1cedb41d45c24fd93f70ff4dedb2c242.exe
-
Size
124KB
-
MD5
1cedb41d45c24fd93f70ff4dedb2c242
-
SHA1
398ea1ba5c50a1884e9f2569df8421aa0230156b
-
SHA256
7ceb8249254c0d29e440aa47d3304df9fbce2b097fd370ad7dcdac5f31fdd14d
-
SHA512
aba4a66e069fc9512a7c6b5a9141ee26817c9a716b2a96ce35823c8b3a5f499a0481964d399426af7dae5c93ac6e5d4438e5fae59ed89686074cabf378c5bce4
-
SSDEEP
1536:d+J9pTAgU0GgAYu0P1kNmwldCMhdu8KWP/nTn8nBP9VeUrNeG0h/o:m9pkgU0GgA89xkg
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" 1cedb41d45c24fd93f70ff4dedb2c242.exe Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" lmnaux.exe -
Executes dropped EXE 1 IoCs
pid Process 2176 lmnaux.exe -
Loads dropped DLL 2 IoCs
pid Process 1180 1cedb41d45c24fd93f70ff4dedb2c242.exe 1180 1cedb41d45c24fd93f70ff4dedb2c242.exe -
Adds Run key to start application 2 TTPs 52 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /R" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /p" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /t" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /i" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /B" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /u" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /v" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /r" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /o" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /V" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /k" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /f" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /N" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /n" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /x" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /E" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /Y" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /h" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /q" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /z" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /c" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /y" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /Z" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /W" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /U" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /Q" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /w" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /a" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /O" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /l" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /S" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /D" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /e" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /J" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /d" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /X" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /H" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /m" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /C" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /M" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /L" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /s" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /I" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /T" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /g" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /K" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /Y" 1cedb41d45c24fd93f70ff4dedb2c242.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /P" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /b" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /j" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /A" lmnaux.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\lmnaux = "C:\\Users\\Admin\\lmnaux.exe /G" lmnaux.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1180 1cedb41d45c24fd93f70ff4dedb2c242.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe 2176 lmnaux.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1180 1cedb41d45c24fd93f70ff4dedb2c242.exe 2176 lmnaux.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1180 wrote to memory of 2176 1180 1cedb41d45c24fd93f70ff4dedb2c242.exe 28 PID 1180 wrote to memory of 2176 1180 1cedb41d45c24fd93f70ff4dedb2c242.exe 28 PID 1180 wrote to memory of 2176 1180 1cedb41d45c24fd93f70ff4dedb2c242.exe 28 PID 1180 wrote to memory of 2176 1180 1cedb41d45c24fd93f70ff4dedb2c242.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\1cedb41d45c24fd93f70ff4dedb2c242.exe"C:\Users\Admin\AppData\Local\Temp\1cedb41d45c24fd93f70ff4dedb2c242.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1180 -
C:\Users\Admin\lmnaux.exe"C:\Users\Admin\lmnaux.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2176
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
MD51365f3dd1bef3b9afce8cfc4834c4036
SHA1c1ab226ada8e81a964a73d75c58f114039d154b6
SHA2561799e2c2f578084950e60de53fbbc02bee3f01bcd9c07766be1a8a8b7489cd16
SHA512166ea396a85947a2a1a67d8e2994b003f81b5d880257f1b84c57c5a74adaf7dff8f843b2ea5abd9fb9729cd91c34cdc25e038116e1b8a254b6c2a3ad61790363