37c42cfb7dfc85e6dfc151ff67c2e93122143f172261e6743413a45c05de5a91

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2024, 03:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7ececa52c2515ff03dde629a91a4bd5b.exe
Size

706KB
MD5

7ececa52c2515ff03dde629a91a4bd5b
SHA1

9544d75c030ff706e8d4322a53cbdc091bef130b
SHA256

37c42cfb7dfc85e6dfc151ff67c2e93122143f172261e6743413a45c05de5a91
SHA512

8e5fd4a42d51b3a13d6f788ad1e9fc9d90d514bbace7e35c37678f87b41331fe707762ec29f51fbd3200dfd117af463ea2201b864b7ad63e02fea19d1f82327a
SSDEEP

12288:gp/iN/mlVdtvrYeyZJf7kPK+iqBZn+D73iKHeGspA8ijXwHT1Ura:gpQ/6trYlvYPK+lqD73TeGspAlEHT1Uu

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation	7ececa52c2515ff03dde629a91a4bd5b.exe

Executes dropped EXE 2 IoCs

pid	Process
440	ScrBlaze.scr
4324	ScrBlaze.scr

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\s18273659	7ececa52c2515ff03dde629a91a4bd5b.exe
File opened for modification	C:\Windows\s18273659	7ececa52c2515ff03dde629a91a4bd5b.exe
File created	C:\Windows\ScrBlaze.scr	7ececa52c2515ff03dde629a91a4bd5b.exe
File created	C:\Windows\s18273659	ScrBlaze.scr
File opened for modification	C:\Windows\s18273659	ScrBlaze.scr
File created	C:\Windows\s18273659	ScrBlaze.scr
File opened for modification	C:\Windows\s18273659	ScrBlaze.scr

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\Desktop	7ececa52c2515ff03dde629a91a4bd5b.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\Desktop\SCRNSAVE.EXE = "C:\\Windows\\ScrBlaze.scr"	7ececa52c2515ff03dde629a91a4bd5b.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2508	7ececa52c2515ff03dde629a91a4bd5b.exe
2508	7ececa52c2515ff03dde629a91a4bd5b.exe
440	ScrBlaze.scr
440	ScrBlaze.scr
4324	ScrBlaze.scr
4324	ScrBlaze.scr

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 440	2508	7ececa52c2515ff03dde629a91a4bd5b.exe	88
PID 2508 wrote to memory of 440	2508	7ececa52c2515ff03dde629a91a4bd5b.exe	88
PID 2508 wrote to memory of 440	2508	7ececa52c2515ff03dde629a91a4bd5b.exe	88

C:\Users\Admin\AppData\Local\Temp\7ececa52c2515ff03dde629a91a4bd5b.exe
"C:\Users\Admin\AppData\Local\Temp\7ececa52c2515ff03dde629a91a4bd5b.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\ScrBlaze.scr
  "C:\Windows\ScrBlaze.scr" /S
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:440

C:\Windows\ScrBlaze.scr
C:\Windows\ScrBlaze.scr /s
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
28baf5fd68df59a9964b94cb39ffee77

SHA1
b3fddc328582ee68eeb23616393db9abb9e27380

SHA256
c5dff2b8854fb9ed981ebdb1d6b621cf681bd1ac18ac44b14c138cd05352365b

SHA512
1487962f4c57144dac2278d6a0f04da56f6ba4f03c5467f9df1cc04896fe4fb8bb7286027ae274a95e46e6c0baad836384fe4ee969824efe295d4da2200ebcb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_94C1D6A45E9FF1EA81CCD165811FFC09

Filesize
472B

MD5
a52549ee23e693b4fb5e42cd9df599f5

SHA1
48e63f119f56620a8c98e0c78fac381d80bfc7b5

SHA256
c7adf780d86be95931f4020c2b96431053a3f3108eb41051187e734a64124d6b

SHA512
e33e73eb399d39b31e846dbb6dcd8df5d6f8d974124a2455bbd625a70306107435fbd399c86a0542117ee75b3acf18f2714be415349328713bee10388b3ebf7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_E8C9186ED5BC2F64FC58A60C8F09BA16

Filesize
472B

MD5
8ae2391eccee72d2698a55f5264acf86

SHA1
d1e32e3911c6162da1746085dcb6a21c3f3e8f0c

SHA256
c420b1032e74720dbad94b98e9b35d60ce9e87ecba9f1fd93a987b55ed57eb14

SHA512
d15ac95c13331b8e9454ed4c30b432ca695a75c62cae99478fed675bb6f0430d1f6b40bf0961547403f9030de37d7a53bae49a5d6ffb47229fd4a280f6ed47a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_39B83AB13ED8E512BB8030E3672AA4B8

Filesize
472B

MD5
6a2ff1a84cff6cba23389cda0e98e376

SHA1
e14c88301ad07ca9ab17240bd7d242be6173f45d

SHA256
88f730f96f14eff2da5a47b065312d2cb745e11458b520226d6f666159dc7920

SHA512
d01d18f42e1c22f195fcc0a89aad1f083a17e52031385852c6b8f7a05a5ab4ae964d013d698d2a838d21373908908878509a0d7ac96d35d1ed8366c9b049cd8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
b548a5379491206ff08914b022635ab8

SHA1
802f7220a383ca3eb7189bd3e300a8d120df7ab4

SHA256
f890984fe619f1ed3ac3dce6370ade30901eea01d9c5134a979feddf71c9e78b

SHA512
14c3c04b1b732d8bbd3e2b34493d238e0b6c929f5f24b440ad57c79201ce49e466c4c73eda78c246543d23ca84fae7b6de696fa081653ebf251091f656259310

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_94C1D6A45E9FF1EA81CCD165811FFC09

Filesize
402B

MD5
a55103538dbe52b283c849c62a2fa72d

SHA1
b1b2e74b7bde39535e724142e787746d0905dbc5

SHA256
b569a602c7d9ab248d9f4e8ec5b6158d2457f2be1fe9a7d39eb59ea4c69fb13c

SHA512
06df079f8906519ce69081e25ead29df445d0cae3f667e854eb6ca20d83944ab3c429b46c12b5d84114ea1e1185cdd3dc644bfdfbe6d83ad0efe6bd0811a6a76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_E8C9186ED5BC2F64FC58A60C8F09BA16

Filesize
410B

MD5
e4c29a95a18b91b3d829b4a2c60b51f0

SHA1
bff708bf79a58c3aa04c63b855fb5487b717f4b2

SHA256
7fb9c85bd6d44d6b1e970c47a311a515b590d84509de76683b0bb80399f39e0e

SHA512
d3a7907337051ea190d3a7d5606cd54eb3203e513bda5feea5cecf4d1149ece225339078535cac0c575d34cdd87c535ef2639240ffac0f2b7d2129eaaa9a7506

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
b2f78305c15002a8ebeca10920782c5a

SHA1
3c5d086fcc6b7642f135f99184073bd044e1f448

SHA256
c402f1e1e4d4f3c7d7f69c7850d32a0b1dcf4bf89b75ba7cd9d6f2e73a54ac8e

SHA512
bbf24bde5430baba0ff8976afa5b781fd0f6524913af223d1f9b6da4984e214375387c16933349ed2568815972a41fbdba10188bd4bd30396e79eb27a8877bce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_39B83AB13ED8E512BB8030E3672AA4B8

Filesize
402B

MD5
7f348329b9330a6fe2a651c4f8566e2b

SHA1
873f72fb405aee37df88baca82a4a63422177700

SHA256
5a2e62ae5eebad71ebb56fea7fa3bd442a8d8c0b4e37fd2a8b94e5dff9420104

SHA512
3375ad27db09f05f9b2d4bccc961ffb099c75ad7ca9f2533d940b292fe2ccc9d6f8ec3e5b12358bd77ac83f53118c6e3c2c57677aa8bf6900838ffc261894ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0A013ETK\KFOmCnqEu92Fr1Mu4mxO[1].eot

Filesize
17KB

MD5
b92a5a1a6e756eb073f57797ed451bd7

SHA1
8b67fbbeaf9e994c678a21bb26a6463aa30e3352

SHA256
d8170a9ddcf1b455f9279db2500275bca12ede9d48a311ead5cbef84ec1c707f

SHA512
885a945259dd094d99dd6dea007547041dbfbe18550c2d5ad25b66ee8ec1e052e9b604ce2c42cc6a005d4a566e379a922c57d52ed527f75babb81a96eebd1523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0A013ETK\css[1].css

Filesize
295B

MD5
c18654d2625359b3729697558589f400

SHA1
3ab115242225d36c21cb8ac37d4abb4b961cbd65

SHA256
f8892fc40e6f4ea4ffc6be8c43c5d1e61bd6f82d47e3aadefebcd4df8c8f6bd4

SHA512
fbb1830a40761f7a3a9f0bf99ebc3c47faff1e6af980ffbcdf816cff5868ed6442af1caf4988335616fd6bb7f06f86315b3101b150f9e72012c34526988ea99d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0A013ETK\css[2].css

Filesize
181B

MD5
2185e243008e7e21de1e91008e151338

SHA1
84edabccc8bb842762c91b5c0bf8952b98f93608

SHA256
24d65ce5cfaf00f3a3b267848cbd3c5dda4562b0b48020991dfeb283d4de38cb

SHA512
4679aa54508e988a0893085205c596ce631fa66139bf514b8cca0ccf3f01df9e73ec7e47017975e35a464289b73421a7fbdb3aefa42d112ef6e20fe404eef7a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0A013ETK\firefox[1].png

Filesize
9KB

MD5
7f980569ce347d0d4b8c669944946846

SHA1
80a8187549645547b407f81e468d4db0b6635266

SHA256
39f9942adc112194b8ae13ba1088794b6cb6e83bd05a4ed8ce87b53155d0e2f7

SHA512
17993496f11678c9680978c969accfa33b6ae650ba2b2c3327c45435d187b74e736e1489f625adf7255441baa61b65af2b5640417b38eefd541abff598b793c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ2SYU15\Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSH[1].eot

Filesize
16KB

MD5
df42336f8d85c95c2a36913287af9365

SHA1
c82c5b7dae6c27d2de5771813cf204a277441325

SHA256
aa93fa8d10e7509dc3780d2e5dbcc62b0961bd84a6b044c72fe2b0e17b732306

SHA512
254ef687e33cdc5afa585e9188d337187ffb75f51bc89ed39bcb2cc0373bb9db7bcee459ed02460dea5621befc2e7003b8fbbdf6b5baec680736e40c130dfae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ2SYU15\opera[1].png

Filesize
2KB

MD5
5cb98952519cb0dd822d622dbecaef70

SHA1
2849670ba8c4e2130d906a94875b3f99c57d78e1

SHA256
02f95fbdb68f232bffd4f2c0fdd033d6c83b829c610cddccc0b1d43e2274e6a7

SHA512
5f29b7459fbd01e16dbd196e4bcddf109af017cccf31337abe1cec6cc5a84711fc2cd34ad7a35d9432a9d7e42ca23d7f6c9d4315396429d7b8e48b9491696afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QPBAQNGM\css[2].css

Filesize
159B

MD5
ff0bf9d3cc4d07f95eef640c1d790a59

SHA1
cd8e2a8d6730f9e0462e4f6a638c8cb9d48fb6e3

SHA256
a050244d5ec49afeed7cc2c870e75dae86dfdbe8e7bc56fe533436e83e2b5ba2

SHA512
fe726865ce47079263e573a89393fa74879e264f8cb114c246e24076dce4aa72fc6f4a5450df3a6fa2c2b327f06d8e74ba1d7db6d5bca75fd51abfbc691764e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QPBAQNGM\edgium[1].png

Filesize
6KB

MD5
01010c21bdf1fc1d7f859071c4227529

SHA1
cd297bf459f24e417a7bf07800d6cf0e41dd36bc

SHA256
6fb31acdaf443a97183562571d52ce47dd44c1a8dcb4087338d77ea2617b286e

SHA512
8418d5ac3987ee8b6a7491167b0f90d0742e09f12fceb1e305923e60c78628d494fcd0fee64f8a6b5f6884796360e1e3ec1459dc754bbfb874504f9db5b56135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QPBAQNGM\yt_logo_rgb_light[1].png

Filesize
8KB

MD5
d654f892f287a28026cd4d4df56c29c8

SHA1
98779a55fe32a66ebec8338c838395d265e45013

SHA256
fc6f5d8f32f13d5855840234dc1bff5c91c35318ee2192d99b13eb3572f0bca8

SHA512
3668902aeaf792ad73ba51e0a4caaa520ebc38177791dfac9a9b28026c3bde99e721bf54d626f266a19cfd045a6d2dc8c8e70e53a2c5ee524c6f2736bb0ce409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RVXHSNZG\chrome[1].png

Filesize
6KB

MD5
ac10b50494982bc75d03bd2d94e382f6

SHA1
6c10df97f511816243ba82265c1e345fe40b95e6

SHA256
846a9b551e74f824fd7ace3439a319b0c0803449e8caec9f16e2666e38a80efd

SHA512
b6666b540aef6c9c221fe6da29f3e0d897929f7b6612c27630be4a33ae2f5d593bc7c1ee44166ce9f08c72e8608f57d66dd5763b17fec7c1fb92fc4d5c6dd278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RVXHSNZG\dinosaur[1].png

Filesize
57KB

MD5
bdda3ffd41c3527ad053e4afb8cd9e1e

SHA1
0ad1bb7ce8d8a4dc8ac2a28e1c5155980edfab9b

SHA256
1a9251dc3b3c064cfc5e2b90b6c7dc3c225f7017066db2b77e49dae90a94a399

SHA512
4dc21ef447b54d0e17ccd88db5597171047112ce1f3f228527e6df079ce2a43a463a3a1e4255828b12f802d70a68dbe40b791852134be71c74de97718b2f1d5f

Download Submit
C:\Windows\ScrBlaze.scr

Filesize
706KB

MD5
7ececa52c2515ff03dde629a91a4bd5b

SHA1
9544d75c030ff706e8d4322a53cbdc091bef130b

SHA256
37c42cfb7dfc85e6dfc151ff67c2e93122143f172261e6743413a45c05de5a91

SHA512
8e5fd4a42d51b3a13d6f788ad1e9fc9d90d514bbace7e35c37678f87b41331fe707762ec29f51fbd3200dfd117af463ea2201b864b7ad63e02fea19d1f82327a

Download Submit
C:\Windows\s18273659

Filesize
871B

MD5
86bdedc4391b3d508f54f071354c3749

SHA1
a0688946039809c2cf5227392a548a7a0963cefa

SHA256
64934bf2d4a833134f466658ccd079dc4a454b048d88d1d99c5f86b547a098b0

SHA512
632ac6263c6296cafbf7c861194b5c377c72f410d128afa2ac943b4423c9135ec73e77b8f8e2b9c9151aea6e27ddd57d96926cdea6f7da0922afb4901c2a965b

Download Submit
memory/440-74-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/440-79-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/440-37-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/2508-0-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/2508-73-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2508-76-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/4324-100-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download
memory/4324-117-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download