9f78f1784007e1d06f66599b0cf3e6a130734041d474875e4436bbee41950aaf

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-es
resource tags

arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
10-01-2024 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lossless Scaling/LosslessScaling.exe
Size

949KB
MD5

3530875e3ae29c997561b04724b13141
SHA1

74adc00e1861a8758b30d3d0b71235e06e535fe8
SHA256

5598487c645d872c8fe4a78baa07c5d744dd50559bee64d25b28ef4d2e801a73
SHA512

d814f50b4080542ca4804bc9a2f6cf52bd5c3b49af5be667382b01b1af12ee586f7ae583376c549561d53816b22bb7bb9903bc04792a7ec7d178bbe249c3b41b
SSDEEP

24576:Uq2myktMCLPf1Oi32OvzTo4ZiRlT/HVXm:2SXPfoYV7hZiRD

Score

1^/10

Malware Config

Signatures

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Control Panel\Colors	LosslessScaling.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4992	LosslessScaling.exe
4992	LosslessScaling.exe
4992	LosslessScaling.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4992	LosslessScaling.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4992	LosslessScaling.exe

C:\Users\Admin\AppData\Local\Temp\Lossless Scaling\LosslessScaling.exe
"C:\Users\Admin\AppData\Local\Temp\Lossless Scaling\LosslessScaling.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4992-0-0x000001DE5A050000-0x000001DE5A144000-memory.dmp

Filesize
976KB

Download
memory/4992-1-0x00007FFB599F0000-0x00007FFB5A4B1000-memory.dmp

Filesize
10.8MB

Download
memory/4992-2-0x000001DE747F0000-0x000001DE74800000-memory.dmp

Filesize
64KB

Download
memory/4992-3-0x000001DE5A540000-0x000001DE5A54A000-memory.dmp

Filesize
40KB

Download
memory/4992-4-0x000001DE746E0000-0x000001DE747C6000-memory.dmp

Filesize
920KB

Download
memory/4992-7-0x000001DE5BF80000-0x000001DE5BF8A000-memory.dmp

Filesize
40KB

Download
memory/4992-6-0x000001DE5BF50000-0x000001DE5BF58000-memory.dmp

Filesize
32KB

Download
memory/4992-5-0x000001DE75F30000-0x000001DE75F56000-memory.dmp

Filesize
152KB

Download
memory/4992-10-0x000001DE761C0000-0x000001DE76272000-memory.dmp

Filesize
712KB

Download
memory/4992-11-0x000001DE76380000-0x000001DE76482000-memory.dmp

Filesize
1.0MB

Download
memory/4992-9-0x000001DE747F0000-0x000001DE74800000-memory.dmp

Filesize
64KB

Download
memory/4992-12-0x000001DE76490000-0x000001DE7654A000-memory.dmp

Filesize
744KB

Download
memory/4992-8-0x000001DE747F0000-0x000001DE74800000-memory.dmp

Filesize
64KB

Download
memory/4992-13-0x000001DE767A0000-0x000001DE767E6000-memory.dmp

Filesize
280KB

Download
memory/4992-14-0x000001DE767F0000-0x000001DE76828000-memory.dmp

Filesize
224KB

Download
memory/4992-15-0x000001DE795D0000-0x000001DE795F0000-memory.dmp

Filesize
128KB

Download
memory/4992-17-0x000001DE795B0000-0x000001DE795B8000-memory.dmp

Filesize
32KB

Download
memory/4992-16-0x000001DE747F0000-0x000001DE74800000-memory.dmp

Filesize
64KB

Download
memory/4992-19-0x000001DE795F0000-0x000001DE795FE000-memory.dmp

Filesize
56KB

Download
memory/4992-30-0x00007FFB599F0000-0x00007FFB5A4B1000-memory.dmp

Filesize
10.8MB

Download
memory/4992-31-0x000001DE747F0000-0x000001DE74800000-memory.dmp

Filesize
64KB

Download
memory/4992-32-0x000001DE747F0000-0x000001DE74800000-memory.dmp

Filesize
64KB

Download
memory/4992-33-0x000001DE747F0000-0x000001DE74800000-memory.dmp

Filesize
64KB

Download
memory/4992-34-0x000001DE747F0000-0x000001DE74800000-memory.dmp

Filesize
64KB

Download