4806de856a2d9d5f3d62d7be684ed0392998b1995d786509cc62cc95338984bc

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 01:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

55192961668c363485261dcd919ef5ce.exe
Size

706KB
MD5

55192961668c363485261dcd919ef5ce
SHA1

bca1082e45d096d5f136ceb9352d9ebdb6189dd8
SHA256

4806de856a2d9d5f3d62d7be684ed0392998b1995d786509cc62cc95338984bc
SHA512

8652b2900785dea1d51dd996122bc5eddab5f05f519dcb4a61d4b517b5500a8fc3b7dc914d68fd9b7fa17d6f040afa5a5195422d236c0c1a19dd380c0e00f02a
SSDEEP

12288:gp/iN/mlVdtvrYeyZJf7kPK+iqBZn+D73iKHeGsprcldzLFHOW+X2+fZa:gpQ/6trYlvYPK+lqD73TeGspQldzRuhW

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation	55192961668c363485261dcd919ef5ce.exe

Executes dropped EXE 2 IoCs

pid	Process
940	ScrBlaze.scr
3484	ScrBlaze.scr

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\s18273659	55192961668c363485261dcd919ef5ce.exe
File opened for modification	C:\Windows\s18273659	55192961668c363485261dcd919ef5ce.exe
File created	C:\Windows\ScrBlaze.scr	55192961668c363485261dcd919ef5ce.exe
File created	C:\Windows\s18273659	ScrBlaze.scr
File opened for modification	C:\Windows\s18273659	ScrBlaze.scr
File created	C:\Windows\s18273659	ScrBlaze.scr
File opened for modification	C:\Windows\s18273659	ScrBlaze.scr

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\Desktop	55192961668c363485261dcd919ef5ce.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\Desktop\SCRNSAVE.EXE = "C:\\Windows\\ScrBlaze.scr"	55192961668c363485261dcd919ef5ce.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3144	55192961668c363485261dcd919ef5ce.exe
3144	55192961668c363485261dcd919ef5ce.exe
940	ScrBlaze.scr
940	ScrBlaze.scr
3484	ScrBlaze.scr
3484	ScrBlaze.scr

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 940	3144	55192961668c363485261dcd919ef5ce.exe	98
PID 3144 wrote to memory of 940	3144	55192961668c363485261dcd919ef5ce.exe	98
PID 3144 wrote to memory of 940	3144	55192961668c363485261dcd919ef5ce.exe	98

C:\Users\Admin\AppData\Local\Temp\55192961668c363485261dcd919ef5ce.exe
"C:\Users\Admin\AppData\Local\Temp\55192961668c363485261dcd919ef5ce.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Windows\ScrBlaze.scr
  "C:\Windows\ScrBlaze.scr" /S
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:940

C:\Windows\ScrBlaze.scr
C:\Windows\ScrBlaze.scr /s
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:3484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
e700cfb01196f803aaef294235d461a1

SHA1
5fa9ed92a4e5985c649bd9d867e3aef01bcb0e9f

SHA256
316d0d66ff065e2d39fae5fadb15575a70e082c111f6d6c0a1a6261bf285b684

SHA512
17d2c6f2db710bd4c0cb8e70f44845a772000852feb6178b3f42f22b00bdbec1157105cd75e8fa75340ffd0d600b0f43c6fcf605bb9e4ac9eae2afc313f5ef1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_9E9C5BD522DEAFF0AF9BF0B0877DDF33

Filesize
472B

MD5
6568f7571a355e97cf89f51768193c92

SHA1
c312c34afaca3e37a4abe0e4edfeda626acd7dfe

SHA256
605fefc56ad427fdc96946f450d10b712ef24e141ce60bb96b29a5b83834beb7

SHA512
12b31c7ca700027a2201095b959121d5e9064d13f45c90a6a9865f55c19bcdd8568584f2f8e937b6450275395af17fad9fd0122aecac35df9a98841ca53306ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_9FBD3BA6168F3C4317F2AAB1E548FE96

Filesize
471B

MD5
477c91f11514533c8f3d658992afe212

SHA1
edac7fc139ccb99fa266943eb64aef2afb991db2

SHA256
d4b1fbbaf90c2b9ccc8fac014ca3d29b3a239fb18f5d2f56bc2d2c893dfc15eb

SHA512
ed5b29786c0471b42a3fc9ab9142e8467d0aff6a193589530660b736ff58cee4975c80ee1d9f411aeadb437152a53722f4e71194b9c945fdf35f4a456453db42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_F134D707C209C83E02D4485138FE5D48

Filesize
471B

MD5
5abda1a5dbc33adf86885512bd06516a

SHA1
caa3ff76b193db37efa1a1eba75bbae22ad5e1bb

SHA256
81faa05beee1ec3c31c740cd3b24d64ced3a70ed412dd1a1de1360652e116fea

SHA512
aa29bfa1c0965e266d96803921e0e5f044e3242361572222b7d648f8268fbb3ddf7be8208fa0991c88b30fcb0d60e48df97bd7f100a415c863426dc128c553ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
c68e529c9a4925036838502af0749998

SHA1
9b8005c7a1d3f67979f217e749bbd1fa4738ba8a

SHA256
3d7e52e13f8403b5fb842f3adce6b1d5fcf850ae3f7409576d3ad2177dc9a662

SHA512
55afdd497dbfd85ae2c1f1f9c4ebd599ad04f2433ef4ebe12da7bcc59a01df06649d84c1fbaa95646af4aad3d0f2ab3c6f16a8d83d1e9d64ed40f6d0e98b37c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
4c193f02fdf319368d510a9cc0a7bc07

SHA1
cc25e37871f1d75535786b6c698386af2752810c

SHA256
e508827f5d6cb0cfbb32f4129330eb9230e894d7fe418c989aadce30ee8f17ab

SHA512
7a6877efa40e751cb5f079e4053c247384b1b800545639698a3a129169a7dc6a275d5c5ebd01dc911ec33ca0901ec35c3b7f54a67b7e0bb7da461c6c29969d25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_9E9C5BD522DEAFF0AF9BF0B0877DDF33

Filesize
406B

MD5
2cc1a7f4ea872469c50bee5ad6bbd59f

SHA1
bd2d65dc6d96c3bf703e6cacb4f2fe144c69e853

SHA256
152b35515be8f0c18a5e56b8bc78c1f89ee98517a093d69f12919e677415975d

SHA512
7c0fd4f94232de03e80bcd0fe0b468dfa5e56595dfffc852e614239684dbb65f208115095f77adc7ef9739f94f6d191fef23be913a75c0f3351e7c81f78008e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_9FBD3BA6168F3C4317F2AAB1E548FE96

Filesize
406B

MD5
1f8fee37b78cb77e51faecea2944a575

SHA1
d0ec8ab7f66398328f777c867355b0c2660e036a

SHA256
914c8802c0b7233dcaff1fcc5d3124ad1d720a5dd03d0eb1456234f0567532eb

SHA512
24793c81e0d0347988699b622e28ffec3f0cbf188eeb19a38134df4ea582bd7515a3f381917e32d17ef5379d5c4f5c13b13cc97e161072410f5cd115d32dd445

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_F134D707C209C83E02D4485138FE5D48

Filesize
406B

MD5
12edefd6ab6685b4468c81dc26fdef09

SHA1
0df35109bb6c7f2efbc059e6a790437e3b9576be

SHA256
1f316411a8320674eef7c1f848c7d57ae7491366869d8d6afe35f0228c61a5db

SHA512
e784c07a06c0a40127c976f5e24a36802f7b2763ee55aff7f172908b1700a6e705f790c18455797de2c93b5f5235920059d7c7f509f6dd3860ecfc6c80f59b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0A013ETK\KFOmCnqEu92Fr1Mu4mxO[1].eot

Filesize
17KB

MD5
b92a5a1a6e756eb073f57797ed451bd7

SHA1
8b67fbbeaf9e994c678a21bb26a6463aa30e3352

SHA256
d8170a9ddcf1b455f9279db2500275bca12ede9d48a311ead5cbef84ec1c707f

SHA512
885a945259dd094d99dd6dea007547041dbfbe18550c2d5ad25b66ee8ec1e052e9b604ce2c42cc6a005d4a566e379a922c57d52ed527f75babb81a96eebd1523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0A013ETK\Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSH[1].eot

Filesize
16KB

MD5
df42336f8d85c95c2a36913287af9365

SHA1
c82c5b7dae6c27d2de5771813cf204a277441325

SHA256
aa93fa8d10e7509dc3780d2e5dbcc62b0961bd84a6b044c72fe2b0e17b732306

SHA512
254ef687e33cdc5afa585e9188d337187ffb75f51bc89ed39bcb2cc0373bb9db7bcee459ed02460dea5621befc2e7003b8fbbdf6b5baec680736e40c130dfae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0A013ETK\css[1].css

Filesize
295B

MD5
c18654d2625359b3729697558589f400

SHA1
3ab115242225d36c21cb8ac37d4abb4b961cbd65

SHA256
f8892fc40e6f4ea4ffc6be8c43c5d1e61bd6f82d47e3aadefebcd4df8c8f6bd4

SHA512
fbb1830a40761f7a3a9f0bf99ebc3c47faff1e6af980ffbcdf816cff5868ed6442af1caf4988335616fd6bb7f06f86315b3101b150f9e72012c34526988ea99d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0A013ETK\firefox[1].png

Filesize
9KB

MD5
7f980569ce347d0d4b8c669944946846

SHA1
80a8187549645547b407f81e468d4db0b6635266

SHA256
39f9942adc112194b8ae13ba1088794b6cb6e83bd05a4ed8ce87b53155d0e2f7

SHA512
17993496f11678c9680978c969accfa33b6ae650ba2b2c3327c45435d187b74e736e1489f625adf7255441baa61b65af2b5640417b38eefd541abff598b793c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ2SYU15\css[1].css

Filesize
159B

MD5
ff0bf9d3cc4d07f95eef640c1d790a59

SHA1
cd8e2a8d6730f9e0462e4f6a638c8cb9d48fb6e3

SHA256
a050244d5ec49afeed7cc2c870e75dae86dfdbe8e7bc56fe533436e83e2b5ba2

SHA512
fe726865ce47079263e573a89393fa74879e264f8cb114c246e24076dce4aa72fc6f4a5450df3a6fa2c2b327f06d8e74ba1d7db6d5bca75fd51abfbc691764e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ2SYU15\edgium[1].png

Filesize
6KB

MD5
01010c21bdf1fc1d7f859071c4227529

SHA1
cd297bf459f24e417a7bf07800d6cf0e41dd36bc

SHA256
6fb31acdaf443a97183562571d52ce47dd44c1a8dcb4087338d77ea2617b286e

SHA512
8418d5ac3987ee8b6a7491167b0f90d0742e09f12fceb1e305923e60c78628d494fcd0fee64f8a6b5f6884796360e1e3ec1459dc754bbfb874504f9db5b56135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QPBAQNGM\dinosaur[1].png

Filesize
57KB

MD5
bdda3ffd41c3527ad053e4afb8cd9e1e

SHA1
0ad1bb7ce8d8a4dc8ac2a28e1c5155980edfab9b

SHA256
1a9251dc3b3c064cfc5e2b90b6c7dc3c225f7017066db2b77e49dae90a94a399

SHA512
4dc21ef447b54d0e17ccd88db5597171047112ce1f3f228527e6df079ce2a43a463a3a1e4255828b12f802d70a68dbe40b791852134be71c74de97718b2f1d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QPBAQNGM\yt_logo_rgb_light[1].png

Filesize
8KB

MD5
d654f892f287a28026cd4d4df56c29c8

SHA1
98779a55fe32a66ebec8338c838395d265e45013

SHA256
fc6f5d8f32f13d5855840234dc1bff5c91c35318ee2192d99b13eb3572f0bca8

SHA512
3668902aeaf792ad73ba51e0a4caaa520ebc38177791dfac9a9b28026c3bde99e721bf54d626f266a19cfd045a6d2dc8c8e70e53a2c5ee524c6f2736bb0ce409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RVXHSNZG\chrome[1].png

Filesize
6KB

MD5
ac10b50494982bc75d03bd2d94e382f6

SHA1
6c10df97f511816243ba82265c1e345fe40b95e6

SHA256
846a9b551e74f824fd7ace3439a319b0c0803449e8caec9f16e2666e38a80efd

SHA512
b6666b540aef6c9c221fe6da29f3e0d897929f7b6612c27630be4a33ae2f5d593bc7c1ee44166ce9f08c72e8608f57d66dd5763b17fec7c1fb92fc4d5c6dd278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RVXHSNZG\opera[1].png

Filesize
2KB

MD5
5cb98952519cb0dd822d622dbecaef70

SHA1
2849670ba8c4e2130d906a94875b3f99c57d78e1

SHA256
02f95fbdb68f232bffd4f2c0fdd033d6c83b829c610cddccc0b1d43e2274e6a7

SHA512
5f29b7459fbd01e16dbd196e4bcddf109af017cccf31337abe1cec6cc5a84711fc2cd34ad7a35d9432a9d7e42ca23d7f6c9d4315396429d7b8e48b9491696afc

Download Submit
C:\Windows\ScrBlaze.scr

Filesize
706KB

MD5
55192961668c363485261dcd919ef5ce

SHA1
bca1082e45d096d5f136ceb9352d9ebdb6189dd8

SHA256
4806de856a2d9d5f3d62d7be684ed0392998b1995d786509cc62cc95338984bc

SHA512
8652b2900785dea1d51dd996122bc5eddab5f05f519dcb4a61d4b517b5500a8fc3b7dc914d68fd9b7fa17d6f040afa5a5195422d236c0c1a19dd380c0e00f02a

Download Submit
C:\Windows\s18273659

Filesize
919B

MD5
96ed4e7dd1c3964240b9edc07eb6e5c0

SHA1
6ceabd14d210403d83de891aa426c7ef11089fd1

SHA256
854caa80b8f2a52de05ebff5b957ded8a404d4ff8b503becaeec247613a94600

SHA512
a36b7ebb46be56128c159729ad9523a3ec11e84c3f0ac8290c103cf91d6c58676cfe075b614156ac1ed67dc30f73b414c41806b6ac78554820a7e9ec8ba19871

Download Submit
memory/940-37-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/940-74-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/940-79-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3144-0-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/3144-73-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3144-76-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/3484-100-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/3484-115-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download