1a5645f53c826b9a880d41ddae35cad990df005e3411f9d92402fa50ad32fde2

Analysis

max time kernel
151s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad2382a0db271615645f8a1702d3b006.exe
Size

378KB
MD5

ad2382a0db271615645f8a1702d3b006
SHA1

f94dd65276d4472308c94e81a52a22cdf583307e
SHA256

1a5645f53c826b9a880d41ddae35cad990df005e3411f9d92402fa50ad32fde2
SHA512

42e33ccc901c6e025c383c4f9b5a12730212eceb1fd5450f2558f92ba0b6b4c9286eb963c304d8f1ee3c3bfaea3dc768e2bb1470dd976e23119329e3fd64e38f
SSDEEP

6144:gpS1cNwPLvoqg0R2VhPefm0ToHAY/rBCCtY09H7b3N7ktlPo8bgZOIFlPo8bgZOU:gpS1c2obY7Mz9H7RktlPHbEVFlPHbEV3

Score

8^/10

persistence

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mhslcp\Parameters\ServiceDll = "%SystemRoot%\\System32\\vskygl.dll"	ad2382a0db271615645f8a1702d3b006.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\mhslcp\Parameters\ServiceDll = "%SystemRoot%\\System32\\vskygl.dll"	ad2382a0db271615645f8a1702d3b006.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\mhslcp\Parameters\ServiceDll = "%SystemRoot%\\System32\\vskygl.dll"	ad2382a0db271615645f8a1702d3b006.exe

Loads dropped DLL 2 IoCs

pid	Process
1572	ad2382a0db271615645f8a1702d3b006.exe
5080	svchost.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\00055d18.ini	ad2382a0db271615645f8a1702d3b006.exe
File created	C:\Windows\SysWOW64\vskygl.dll	ad2382a0db271615645f8a1702d3b006.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
5048	1572	WerFault.exe	92
2392	1572	WerFault.exe	92

C:\Users\Admin\AppData\Local\Temp\ad2382a0db271615645f8a1702d3b006.exe
"C:\Users\Admin\AppData\Local\Temp\ad2382a0db271615645f8a1702d3b006.exe"
1⤵
- Sets DLL path for service in the registry
- Loads dropped DLL
- Drops file in System32 directory
PID:1572
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 664
  2⤵
  - Program crash
  PID:5048
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 636
  2⤵
  - Program crash
  PID:2392

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k mhslcp
1⤵
- Loads dropped DLL
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1572 -ip 1572
1⤵
PID:2608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1572 -ip 1572
1⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2392 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\vskygl.dll

Filesize
89KB

MD5
3cc973336698bdf75d0f9433c3c4cb3c

SHA1
fc892d87eacc2eee3d5a4d6ebd7ddf0a1e60ffad

SHA256
06e71f8aee1d6eed137f3a7efa7bf9d7d238deb5ff90eef9f5bb5b9760ed2de8

SHA512
e4e0ef4a84f088421792612da8649fa1ef2ddc80307502385d0f1c3945a48de8cb73519d41c9657b398c96c80c27ec2630331068cf2a6bdeb1a8969a16f40e3b

Download Submit
memory/1572-0-0x0000000000A50000-0x0000000000AA0000-memory.dmp

Filesize
320KB

Download
memory/1572-2-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/1572-1-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/1572-5-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/1572-4-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/1572-6-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/1572-7-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/1572-8-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/1572-9-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/1572-10-0x0000000002CA0000-0x0000000002CA2000-memory.dmp

Filesize
8KB

Download
memory/1572-11-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

Filesize
4KB

Download
memory/1572-12-0x0000000002C90000-0x0000000002C92000-memory.dmp

Filesize
8KB

Download
memory/1572-13-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-14-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-17-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-20-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-16-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-21-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-22-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-23-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-24-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-25-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-26-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-27-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-28-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-29-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-30-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-31-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-32-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-33-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-34-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-35-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-36-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-37-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-38-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-39-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-40-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-41-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-42-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-43-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-44-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-45-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-46-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-48-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-47-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-49-0x0000000002D10000-0x0000000002E10000-memory.dmp

Filesize
1024KB

Download
memory/1572-50-0x0000000002CF0000-0x0000000002CF1000-memory.dmp

Filesize
4KB

Download
memory/1572-51-0x0000000002D00000-0x0000000002D01000-memory.dmp

Filesize
4KB

Download
memory/1572-55-0x0000000000400000-0x000000000044C0CE-memory.dmp

Filesize
304KB

Download
memory/1572-56-0x0000000000A50000-0x0000000000AA0000-memory.dmp

Filesize
320KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads