Overview

overview

10

Static

static

7

74fa76f32b...6e.exe

windows7-x64

7

74fa76f32b...6e.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

10

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

10

ConfigTsXP.exe

windows7-x64

7

ConfigTsXP.exe

windows10-2004-x64

10

TaskSwitchXP.chm

windows7-x64

1

TaskSwitchXP.chm

windows10-2004-x64

10

TaskSwitchXP.exe

windows7-x64

7

TaskSwitchXP.exe

windows10-2004-x64

10

scripts/ShowDelay.js

windows7-x64

1

scripts/ShowDelay.js

windows10-2004-x64

10

scripts/UnlockQ.js

windows7-x64

1

scripts/UnlockQ.js

windows10-2004-x64

10

scripts/WheelTab.js

windows7-x64

1

scripts/WheelTab.js

windows10-2004-x64

10

wa_ldr.exe

windows7-x64

1

wa_ldr.exe

windows10-2004-x64

10

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

10

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 16:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ConfigTsXP.exe

  • Size

    109KB

  • MD5

    0814c4c6fcb7c4a6ffc792467ca71dac

  • SHA1

    42839bc929d21b0c2549cb099b4eded038f29dcc

  • SHA256

    9155f0ad63805ba201b3b3efe4708466aff97105e9a5fe7c0fbc52549620f76e

  • SHA512

    81ce1ad8f3cc113f7c38a9f62681f1694cd1089279beaf9d402a7be6685e85e1a2d37b4e9200df9a1d41352c300e9e2a8bc32fcdc07aac51e129049c0e54f972

  • SSDEEP

    1536:Hng4S6g1S6qIqGmsOASZbCEogeNTEnwbws2c+xoPf3t3MV3S8bhnrsKnK:HrKU6v3O3bC3g2Tbb68Pf35OxdK

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ConfigTsXP.exe
    "C:\Users\Admin\AppData\Local\Temp\ConfigTsXP.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Users\Admin\AppData\Local\Temp\TaskSwitchXP.exe
      C:\Users\Admin\AppData\Local\Temp\TaskSwitchXP.exe
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1724-3-0x0000000000400000-0x0000000000426000-memory.dmp
    Filesize

    152KB

    Download
  • memory/1724-5-0x0000000000400000-0x0000000000426000-memory.dmp
    Filesize

    152KB

    Download
  • memory/1724-7-0x0000000000400000-0x0000000000426000-memory.dmp
    Filesize

    152KB

    Download
  • memory/1724-12-0x0000000000400000-0x0000000000426000-memory.dmp
    Filesize

    152KB

    Download
  • memory/2132-0-0x0000000000400000-0x0000000000444000-memory.dmp
    Filesize

    272KB

    Download
  • memory/2132-1-0x0000000002C00000-0x0000000002C26000-memory.dmp
    Filesize

    152KB

    Download
  • memory/2132-2-0x0000000002C00000-0x0000000002C26000-memory.dmp
    Filesize

    152KB

    Download
  • memory/2132-4-0x0000000000400000-0x0000000000444000-memory.dmp
    Filesize

    272KB

    Download
  • memory/2132-8-0x0000000002C00000-0x0000000002C26000-memory.dmp
    Filesize

    152KB

    Download
  • memory/2132-11-0x0000000000400000-0x0000000000444000-memory.dmp
    Filesize

    272KB

    Download