3b1e060398caff218b40e5e65462f4f226286b0ee90aeddb25c8d77a1cb26084

Analysis

max time kernel
25s
max time network
26s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
22/02/2024, 12:44

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

darkylauncher.exe
Size

6.1MB
MD5

2402abd5379a6f039ba7ea585d8226e6
SHA1

3677bdf32d82b1d5bb382e2f072f2e49bb345824
SHA256

3b1e060398caff218b40e5e65462f4f226286b0ee90aeddb25c8d77a1cb26084
SHA512

d432a718991bc5dff1de35436eff26da76fb4960d9258bf56b8ad0924d6a0774b2e6a82814983bc8ab059fb300941b9a1e6312498e1febaa9d011654c4f5f8f6
SSDEEP

196608:66zYN3CDfyGr21X5Sp6GemDMPwuWanCaR:jY4DfDSpfaMPHx

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4596	darkylauncher.exe
4596	darkylauncher.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4424	LogonUI.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 4596	2664	darkylauncher.exe	76
PID 2664 wrote to memory of 4596	2664	darkylauncher.exe	76
PID 4596 wrote to memory of 2016	4596	darkylauncher.exe	77
PID 4596 wrote to memory of 2016	4596	darkylauncher.exe	77

C:\Users\Admin\AppData\Local\Temp\darkylauncher.exe
"C:\Users\Admin\AppData\Local\Temp\darkylauncher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Users\Admin\AppData\Local\Temp\darkylauncher.exe
  "C:\Users\Admin\AppData\Local\Temp\darkylauncher.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c portablemc start 1.19.2
    3⤵
    PID:2016

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3aeb855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26642\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\_bz2.pyd

Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\_decimal.pyd

Filesize
73KB

MD5
68cd91c38f2e667204188f3d816c6878

SHA1
07dd4752e73ad9bb9b40d03caf5a52ebbe8025c8

SHA256
99641f7c6e7faf91778f05e6226d3b1101a0705ed9ac4dc8940b281e02127f77

SHA512
a6e742199df9b1d61eef8cae94a6e94ab3990cfee099e7d83ca85d14a7d8c9b6f4d6d91338a5da6cb6b4e5a98980c23a73f7bf39e3783d0bd856d33e6c437b41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\_hashlib.pyd

Filesize
63KB

MD5
787b82d4466f393366657b8f1bc5f1a9

SHA1
658639cddda55ac3bfc452db4ec9cf88851e606b

SHA256
241322647ba9f94bdc3ae387413ffb57ae14c8cf88bd564a31fe193c6ca43e37

SHA512
afcf66962958f38eec8b591aa30d380eb0e1b41028836058ff91b4d1472658de9fba3262f5c27ba688bd73da018e938f398e45911cd37584f623073067f575b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\_lzma.pyd

Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\_socket.pyd

Filesize
77KB

MD5
26dd19a1f5285712068b9e41808e8fa0

SHA1
90c9a112dd34d45256b4f2ed38c1cbbc9f24dba5

SHA256
eaabf6b78840daeaf96b5bdbf06adf0e4e2994dfeee5c5e27fefd824dbda5220

SHA512
173e1eda05d297d7da2193e8566201f05428437adcac80aecefe80f82d46295b15ce10990b5c080325dc59a432a587eef84a15ec688a62b82493ad501a1e4520

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\base_library.zip

Filesize
193KB

MD5
a4ae616ab3ff3b4d17850b7365b9e2f9

SHA1
44df091e5e6a66fc636b2b3e0ae10141ece51e0c

SHA256
fe8b168f434a13fa4e665e2867bfb3fae36034d4bbd4cfc1e944cfd5657449e4

SHA512
31999201d1baf9c577366b70e481cb9148493438be10d8b8479e862da8060c5a30a9e9ff78c4b602dede0920cded370e58b7915ee09aa8c2d570f3a583e3e705

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\libcrypto-1_1.dll

Filesize
214KB

MD5
f1f01e4275e2e377172ebf501864f7ed

SHA1
b991d65026b8cc93f58979c0015fbdf4dadd8d3c

SHA256
7a615ef26a340a2297dad0a1bcb2e481f4611605ca4d3752e7b046b14d438947

SHA512
a065bedc46824952f521b07f761697a185e77353580d2deb42f8f9be0d46ff2d4c55c5b32f9d60bffbe0b7389336685bb51eea6958b5e66839834ab08f1a2c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\python311.dll

Filesize
2.4MB

MD5
08f915f42c8c255fd730bc824cd167c3

SHA1
09122b9a0bb864539ec47225712f6cb7ae6154d0

SHA256
98682fdf6150d380dc264fe1613d1acec433104f0a53ddbe3c403a1077a09028

SHA512
10b641ac2cc6e8524efd36f408eecbbaef70347d90b21fe8cc4b2b9247988025ac1cef087e9e5d9721d21d83600f78a2fd06176ad1c2a7c3f7f90fe0d871c6b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\select.pyd

Filesize
29KB

MD5
756c95d4d9b7820b00a3099faf3f4f51

SHA1
893954a45c75fb45fe8048a804990ca33f7c072d

SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a

SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26642\unicodedata.pyd

Filesize
144KB

MD5
110684def7defcca0b6b04ae036a2e6c

SHA1
1fa1596d36a724f3354efe14829c88f38beb08a3

SHA256
249a69c2bffafaaf14478cf8bdbbf85f65b2fd8b204a50449dff6c38d44fc059

SHA512
a86ef2843bed0cf3fbd22782c91f458a6d3fdaf900e7960aaf4abbb096db0cbac8bf4ddc61c93b316e9452ae919720cf9afdb9a29c275232e3ff64743cf81a10

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26642\python311.dll

Filesize
511KB

MD5
ffdb7c76346a370823fdc790a29bddc1

SHA1
42eef82d4a752461c5441a40401dc3cec3a74b2e

SHA256
37139bf055f5334e623af4014490d5b3696c22e015a0ec3bfc4423f4e509c2cf

SHA512
d429cc3dbcd10b77e9315c013ab5d7c5a88600ce43ecbc94aa86d29a9be410d8947586791bf384687724a16a9fe9ff45886c4eda7cc68b253beccdb422b890d9

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads