505d1b351e058bef471dac95fc21b46dcfc2a30479eef91533b2eff85a8654c5

Analysis

max time kernel
35s
max time network
41s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 19:59

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

slinkyloader.exe
Size

18.4MB
MD5

a2223005e6d186689577e5a2b785a16b
SHA1

1075e177247880d3e1ec940623500bf2e9b275e3
SHA256

cef5b60321f17991400a19072052535638c0a5c02d338234686552deadeea82e
SHA512

073f8e682d2468bfe7d55b82cf0ff5dafd2754da2813de2116551e2811809debba7f06c5d8ed5901a59703bfb306fd5fd05d9d1e797bf9e7887826709c6993c6
SSDEEP

393216:cKRqNWNKROYkhkpXorNv+oXsDS3LNK3HOU6x0pW/lJktSrZPLAB:/ANWKRrpYrNvou7NK3uU6E29dPL

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 15 IoCs

Processes:

LogonUI.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "63"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 44 IoCs

Processes:

slinkyloader.exe

pid	process
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe
3068	slinkyloader.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

4408 LogonUI.exe

pid	process
4408	LogonUI.exe

C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe
"C:\Users\Admin\AppData\Local\Temp\slinkyloader.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3068

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3987055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4408

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads