Overview
overview
10Static
static
10@_136 @828...SM.exe
windows7-x64
7@_136 @828...SM.exe
windows10-2004-x64
7TrashMalwa...in.exe
windows7-x64
8TrashMalwa...in.exe
windows10-2004-x64
8AdStRkJ.exe
windows7-x64
8AdStRkJ.exe
windows10-2004-x64
8Anatralier.exe
windows7-x64
7Anatralier.exe
windows10-2004-x64
7TrashMalwa...er.exe
windows7-x64
3TrashMalwa...er.exe
windows10-2004-x64
8TrashMalwa...nk.exe
windows7-x64
8TrashMalwa...nk.exe
windows10-2004-x64
8TrashMalwa...oN.bat
windows7-x64
8TrashMalwa...oN.bat
windows10-2004-x64
8TrashMalwa...zz.exe
windows7-x64
6TrashMalwa...zz.exe
windows10-2004-x64
6TrashMalwa...de.exe
windows7-x64
7TrashMalwa...de.exe
windows10-2004-x64
7TrashMalwa...20.exe
windows7-x64
4TrashMalwa...20.exe
windows10-2004-x64
7TrashMalwa...ll.exe
windows7-x64
7TrashMalwa...ll.exe
windows10-2004-x64
7TrashMalwa...le.exe
windows7-x64
8TrashMalwa...le.exe
windows10-2004-x64
8TrashMalwa...oe.bat
windows7-x64
8TrashMalwa...oe.bat
windows10-2004-x64
8TrashMalwa....0.exe
windows7-x64
6TrashMalwa....0.exe
windows10-2004-x64
7TrashMalwa....0.exe
windows7-x64
8TrashMalwa....0.exe
windows10-2004-x64
7TrashMalwa....0.exe
windows7-x64
7TrashMalwa....0.exe
windows10-2004-x64
7Analysis
-
max time kernel
8s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
02-03-2024 20:26
Behavioral task
behavioral1
Sample
@_136 @828#-138389J-SJFJDSM.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
@_136 @828#-138389J-SJFJDSM.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
TrashMalwares-main/AcidRain.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
TrashMalwares-main/AcidRain.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
AdStRkJ.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
AdStRkJ.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Anatralier.exe
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
Anatralier.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
TrashMalwares-main/Antivirus_Installer.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
TrashMalwares-main/Antivirus_Installer.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
TrashMalwares-main/Dro trojan. Virus prank.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
TrashMalwares-main/Dro trojan. Virus prank.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
TrashMalwares-main/FaZoN.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
TrashMalwares-main/FaZoN.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
TrashMalwares-main/Fizz.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
TrashMalwares-main/Fizz.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
TrashMalwares-main/Ginxide.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
TrashMalwares-main/Ginxide.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
TrashMalwares-main/Install Windows20.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
TrashMalwares-main/Install Windows20.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
TrashMalwares-main/MS-RickRoll.exe
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
TrashMalwares-main/MS-RickRoll.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
TrashMalwares-main/MercuryXhoffle.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
TrashMalwares-main/MercuryXhoffle.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
TrashMalwares-main/NetPakoe.bat
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
TrashMalwares-main/NetPakoe.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
TrashMalwares-main/NetPakoe3.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
TrashMalwares-main/NetPakoe3.0.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
TrashMalwares-main/NoEscape8.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
TrashMalwares-main/NoEscape8.0.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
TrashMalwares-main/PC shaking v4.0.exe
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
TrashMalwares-main/PC shaking v4.0.exe
Resource
win10v2004-20240226-en
General
-
Target
TrashMalwares-main/PC shaking v4.0.exe
-
Size
21.7MB
-
MD5
d2eb6a0f3b1353b6f60c1ce3a63ef8d1
-
SHA1
a879af3e84106f4da79519ce08643eeb91f72a15
-
SHA256
b8d65832342d1fec828025eacbcc6e1df9c2f3276524a4abb1a965707fd475ee
-
SHA512
9473e711b785eba3e5cfcb36437069a96290864fe9562a5619d95f9fac9c0b46b0c3c942be8ff7fec4204a938392e8be471ea6ce683027cd29b181028b0e2481
-
SSDEEP
393216:MUbg/uqZ8EuLjIlYgJMFBoJPYG6O4BcwikWGmivl4yA1cmBBS:6G9LjHgUOJPEOyresC4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
PCshakingv4.0.exepid process 2640 PCshakingv4.0.exe -
Loads dropped DLL 3 IoCs
Processes:
PC shaking v4.0.exepid process 2292 PC shaking v4.0.exe 2292 PC shaking v4.0.exe 2292 PC shaking v4.0.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
Processes:
PCshakingv4.0.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\Desktop\Wallpaper = "C:\\Windows\\Media\\logotip.jpg" PCshakingv4.0.exe -
Drops file in Windows directory 11 IoCs
Processes:
PC shaking v4.0.exedescription ioc process File created C:\Windows\Media\mouse.ico PC shaking v4.0.exe File opened for modification C:\Windows\Media\mouse.ico PC shaking v4.0.exe File created C:\Windows\Media\__tmp_rar_sfx_access_check_259407588 PC shaking v4.0.exe File created C:\Windows\Media\PCshakingv4.0.exe PC shaking v4.0.exe File opened for modification C:\Windows\Media\Tobu.wav PC shaking v4.0.exe File created C:\Windows\Media\logotip.jpg PC shaking v4.0.exe File opened for modification C:\Windows\Media\logotip.jpg PC shaking v4.0.exe File opened for modification C:\Windows\Media\PCshakingv4.0.exe PC shaking v4.0.exe File created C:\Windows\Media\Tobu.wav PC shaking v4.0.exe File created C:\Windows\Media\CustomBSoD.exe PC shaking v4.0.exe File opened for modification C:\Windows\Media\CustomBSoD.exe PC shaking v4.0.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
PCshakingv4.0.exepid process 2640 PCshakingv4.0.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
PCshakingv4.0.exepid process 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe 2640 PCshakingv4.0.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
PC shaking v4.0.exedescription pid process target process PID 2292 wrote to memory of 2640 2292 PC shaking v4.0.exe PCshakingv4.0.exe PID 2292 wrote to memory of 2640 2292 PC shaking v4.0.exe PCshakingv4.0.exe PID 2292 wrote to memory of 2640 2292 PC shaking v4.0.exe PCshakingv4.0.exe PID 2292 wrote to memory of 2640 2292 PC shaking v4.0.exe PCshakingv4.0.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\PC shaking v4.0.exe"C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\PC shaking v4.0.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2292 -
C:\Windows\Media\PCshakingv4.0.exe"C:\Windows\Media\PCshakingv4.0.exe"2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2640
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.8MB
MD59a9db1db236b2b45a432a622bd161b87
SHA1c51683ae43ec4ec9ec6cece0e12ca0ab7364f931
SHA2566d277f338cf460691f023946ecd56a0aa0ee27efaa98d3a29a2518a5c9fa3677
SHA512dfd9e25f0fd2adccf6b52aed5d1ffdcf05de198368f42597658a6955e3797edde300553b34d1c24164e1af73533f8b18b1a6a506aceca8ab58f1f8006d1c3dbb
-
Filesize
203KB
MD53abff26e58afe2b94ce801295336bf82
SHA1b3222e30303115469b5b3e3d03ed9aed846d830f
SHA256fb078b09259f96b032dce2c345c683b6b9d9316819dc363edd780b91dc11704d
SHA512ba546709378b529eb8887cc5f7ff9f4bc587bae61af009adf8778dc3972c2e57d9291df6f2b6cc8ba36b27c262b8eb6f650d610fc1d731c154bb4cad6df46ac2
-
Filesize
26.3MB
MD527380a8a6026509510e715efb0e31513
SHA1fa1307df97f5870d64d4f7d7941603ccb4507196
SHA25662282c6476f26088c1c5751a966098dc98e083cbdad456c8293dae62d4f8106f
SHA5124aa7fd31848e1379550dfcecaa6fd8ee125841763d331c5b94388212c628b73df50c806d9da95323ea9d54eb57e97077562f5f973b55cadb80d888d9d819f27e
-
Filesize
71KB
MD5129c1a8094f0a6a9cdc9f63e86f8a482
SHA1917c6809ae03670edbf5da4cb19c49e85390642c
SHA2562eadcdfd00b8bec4d18b71830cd334569844002a7971c56d3e1e38ff7972c4f3
SHA512076cf44955bebbad12ca905a36a12da4cd20520d8795e2f47f972ad996932731be4f007792954c9737b68330cd395a17ad19aa1e5b1c9e248379c37dcdf1a9e5