Overview

overview

7

Static

static

3

LLTRAINING.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/01/2024, 16:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    LLTRAINING.exe

  • Size

    23.5MB

  • MD5

    5cee25b880030aa2b595998a7fb4a8ae

  • SHA1

    f8ff0bb21e12d87709d784f513c44639972ce7c5

  • SHA256

    97c345f6e4f1f64ab89dca01f2034198e24d35dfca4c43eb6a0d5a78f47f8227

  • SHA512

    e6f4635372901264879e5f43c199cea41d1dd806f1e9868294048c149b745747770a9e172c2e813f9d29e4dbbf08a0b65e132e0019a200fb2dab1e12d21e3910

  • SSDEEP

    393216:ozjtJERyrqMm+KrBpnJl4G89Mw6guPiginBSrUbcxdL+Hep0VWLxh6P+/qEOD:PhMm+2pn189pfuPiginkr7J2VAxn/qB

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 21 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LLTRAINING.exe
    "C:\Users\Admin\AppData\Local\Temp\LLTRAINING.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:4740
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4fc 0x150
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1632

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\338ad439-f2c9-4a3c-b638-be2944092053.FusionApp\Crasher.mfx
          Filesize

          32KB

          MD5

          651aa80793ff0be0e39bd78a992486f8

          SHA1

          08bd0065fcf2c1f03640734c2b36788d442ebb1f

          SHA256

          ac9e9bb0408eb5213d67e4e8984c7ee426f4b7d2ae76ff0d998ed28fd4c06f7f

          SHA512

          3b79fc6608fbe0cdeef88424fdc5ce97c16eabb0ed4492ec6e2337a71178a6fe2a6dc2ff896879ea40f93889276f59169f2d4f6dd41422c8cd1dd1fc8f0a0c34

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\338ad439-f2c9-4a3c-b638-be2944092053.FusionApp\Easing.mfx
          Filesize

          168KB

          MD5

          052d1c7eed7b50a18eddc10dfad3ae22

          SHA1

          6f88687f930e73106d2b8af00f5317eca74e0c61

          SHA256

          1b5e79e999c4cff19fe0260bdeaeeaea0fcda6057bf6d17bf0f121e9797d20ef

          SHA512

          ef89c692a47d2ad66d6f4e722e9b330a85cca0faea2f022abfc3da3c1d32fc7c0cf01d6a6e36fddd0b82c97eebc707c9e00e2431792d551b7178fb8d50452966

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\338ad439-f2c9-4a3c-b638-be2944092053.FusionApp\KcCursor.mfx
          Filesize

          36KB

          MD5

          7f13cd709928cf74d10925042a674e1e

          SHA1

          3e831d6b162a606368ed173807fe75029052e0ed

          SHA256

          947a3320e1d7d5d48dd4e86c76238c37f9e67388ceb24732023c47802733f873

          SHA512

          9a4c3b6420f70f5bbd994091fa6634bbb05f7b8e891bab71556a703c768870ef8271b27b88749d9eddbd006dfeaed0fb86950543f347ef71c27dfa4920040001

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\338ad439-f2c9-4a3c-b638-be2944092053.FusionApp\cctrans.dll
          Filesize

          141KB

          MD5

          ce3a36f85d2ea504b6d19c5f366c3f47

          SHA1

          972629c730b65c17ac2c751aafeb612d0c7432f2

          SHA256

          55e75e784e436cccd978192fba869656f879f0f126e99b375c3849c99872ec56

          SHA512

          c6df293b4373552c3165ac27f2070973a8278bc72001a8c10f300ea30699a03811dc6a84864ff22aaa2b35d1ec75d41ceb2a8fee85b5404d4a5bbfd8333f248c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\338ad439-f2c9-4a3c-b638-be2944092053.FusionApp\fontembed.mfx
          Filesize

          15KB

          MD5

          f38352c344bd71eb21a78a1b69dcade8

          SHA1

          eca1053fa4ce77f96752f400d4ffac8f2f158d15

          SHA256

          38b5dba1524e47ff474d29bb0fb3d7b0476e554cdb82f2de09c4a761ab5645b1

          SHA512

          70134d7e2d4c589fc3ca5c52e005852d07e6b3cce91db00d32bf121611480601d007ead98c3e2febfdd1ca03a0c723fa46e9b73c0f497b315a6cdcb9f15afd56

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\338ad439-f2c9-4a3c-b638-be2944092053.FusionApp\kcfile.mfx
          Filesize

          116KB

          MD5

          fe2b4c6a45ce244f1c40f730008465c9

          SHA1

          9dfd41a915c19a4520a3024e9133e9a24e61779f

          SHA256

          7daa995fbf72b941859177b08b2785dc107f1a3deb99f6ab4c675d2b0f03a06b

          SHA512

          caf9e1bba2a5560b73c47d116f0f0f016a88f54e5397499fcd5b8a648bf676b93eb255a32fe7f71f0462b481737eba2d01cb9e790b75897c44ea741d73867b39

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\338ad439-f2c9-4a3c-b638-be2944092053.FusionApp\kcpop.mfx
          Filesize

          10KB

          MD5

          44557bf7ff780cfa6019c0c4119fb54a

          SHA1

          e02f00a1f9b9eae1855ca0168c362bd389fd6b8d

          SHA256

          28726ae556cbe1e2b4995ab135da1bfc72d0bc4e4f56d821e95dab738eed61a6

          SHA512

          071c11c89f59397b873d540561bc26f96651b6647f991b34ccdbb22809a16241c5e0167e892d3b660038d3fed5089c20a19eea1ca2a8607acdb6984d84cdf62e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\338ad439-f2c9-4a3c-b638-be2944092053.FusionApp\kcqtw3.mfx
          Filesize

          52KB

          MD5

          aeab7ee117391f179c6bebb041269ebe

          SHA1

          fc278ea2c63d970fbc2a2fb0165da7a1d96b3cd3

          SHA256

          69d8e5213082da050bcfabe9d56ee0ba3629c1f2e7a55884e99693327cbb897d

          SHA512

          6871d7b7c8543a16ef81003e670eb82190952001b5dc60343f68eeefd55dac0d1ff2f87baa8565737f7695f27f17df4c93fa7d1fd3cc8254d4b939a7e85bd0c1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\338ad439-f2c9-4a3c-b638-be2944092053.FusionApp\kcwctrl.mfx
          Filesize

          79KB

          MD5

          2c34e977f898ab60eddb72075c4be223

          SHA1

          adf883dd06e5ae340a03e6c22a56a4c0caf909ea

          SHA256

          a0ada42e3a4760097c1c2f98905f12b19de47159543aa21e1c604dbcac7337f2

          SHA512

          73402857d09e5a0e8049bb7adf3bbfdfc9ac65966217751cbf6db2bf532aa3f92ffc3a1a5dcda638e83d6ede29ebe6e760cbad74d27aa6fa006c9296607d3c37

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\338ad439-f2c9-4a3c-b638-be2944092053.FusionApp\mmf2d3d9.dll
          Filesize

          1024KB

          MD5

          e76fca20156b797bc342c42b44ee176a

          SHA1

          f5f92ba3ea3c72e0643856f7a07b2887ef63d063

          SHA256

          714ad92b59189f10b5dbcbc03bb72152d228be3809846eb263e8cabadb8bdff0

          SHA512

          5e6cdc48c9c56d815752d430c4e27e89b331030db19bba2c6ea07d53a493a6c77850473f95a627c056fda50829a2886a6f4a70748cd3e613addd306291f20103

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\338ad439-f2c9-4a3c-b638-be2944092053.FusionApp\mmfs2.dll
          Filesize

          509KB

          MD5

          98f647d1ed220e1d715aed9dcf69f387

          SHA1

          d1d9f5361672553a394bee9afe1d30814dd0ac53

          SHA256

          3a288448e88a296b2bceeaf093e76a22e3083e937a3c4efeb6a61565ca7e35df

          SHA512

          e950658b0afdad722a9f243bb8ae7fbc1c541dd0513379ef9e1d99becf8b31b4098c6789204baf3f15ea26f43af665edaa9799a6617373009def81bb20f02a06

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\338ad439-f2c9-4a3c-b638-be2944092053.FusionApp\nvar.mfx
          Filesize

          248KB

          MD5

          0b72d5abded8d8487a84df2107afef5c

          SHA1

          f2fc96cd0cefdc10186950fea358a533b0257061

          SHA256

          4810fabc8fd8ded043956dba203a41361aaa631d04b650c7b31e4a978b03a605

          SHA512

          f2175307b119f0d2c1747767aa08d1f8183350b67d0805dbdda87bf1853013d58bc153c10364962569876dc38d7cecbb5c7a947aaaacd71a1ef0a215b0b52a40

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\338ad439-f2c9-4a3c-b638-be2944092053.FusionApp\oggflt.sft
          Filesize

          64KB

          MD5

          620d8c4af052bbdd81133a60bdf72c2f

          SHA1

          8f982c16428548d6afd07f3d9123104716332a26

          SHA256

          a144bd95d9fcd430232724c418e32fd5494c6eafdabf721f9f973d9bf9a6f536

          SHA512

          8df420cc2726c4f53a0155d67f6241c8b03089b05187acd7a550e40e234227d899b20ef35643f6f77c0e1cc0139ae5e655e91db8423e768dd00edff0e92a1a66

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\338ad439-f2c9-4a3c-b638-be2944092053.FusionApp\ultimatefullscreen.mfx
          Filesize

          73KB

          MD5

          96059dbec69c3904e4d7ce734a4b38d0

          SHA1

          5169934f8d89b0dba963861dcbae55e78fc21dfc

          SHA256

          fd179783ff6e6eb0959185087f33ed4a1b256e58762d9817bcb16888e20f7058

          SHA512

          82977b2c249e47ca37d6fd62f416ed995b4b5f953bc5c18c84bfbdacc2c5b17fdc50c1e736fafcac242a3f8921b5000e0ec84302bc4e0077d6eeee3aa43cc520

          Download Submit

        • memory/4740-40-0x0000000000C30000-0x0000000000C60000-memory.dmp

          Filesize

          192KB

          Download

        • memory/4740-60-0x0000000000CA0000-0x0000000000CE3000-memory.dmp

          Filesize

          268KB

          Download

        • memory/4740-75-0x0000000002560000-0x0000000002584000-memory.dmp

          Filesize

          144KB

          Download