4a66b8391e3e4c7220a6ac39ec04dfefba034f8439b222e81c47d130bdf88ee6

Resubmissions

07/03/2024, 11:26

240307-nkakpabb7v 3

07/03/2024, 11:24

240307-nh7gmsbb5x 3

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lossless Scaling/LosslessScaling.exe
Size

953KB
MD5

67378d710b6b8265d7b65ae2cb658744
SHA1

6a2ea3a9cf0a515b87ba6ca89b2e6b672a392d35
SHA256

2ab27f79ace954023876aad019614df089180f8d915e633d134cb47a48f47b2d
SHA512

1725c59dc612cdd6ff94344fc06f1f348e6bb6ba4898354dfccc5650313c9beff8f82a5001b75871689ec1e9edf5103788f86a31377e91b4f28a45573a517b31
SSDEEP

12288:7SSEJEDS4MCLSyf6mOuGyW38yHJc+CKtOaO5Z7WhaGwnzE4ZbuRCwmhI2J+0sDy4:2SEgtMCLPf1Oi32OvzTo4ZiRlT/CS

Score

1^/10

Malware Config

Signatures

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\Colors	LosslessScaling.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2628	LosslessScaling.exe
2628	LosslessScaling.exe
2628	LosslessScaling.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2628	LosslessScaling.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2628	LosslessScaling.exe

C:\Users\Admin\AppData\Local\Temp\Lossless Scaling\LosslessScaling.exe
"C:\Users\Admin\AppData\Local\Temp\Lossless Scaling\LosslessScaling.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2628-6-0x000001BFDBD00000-0x000001BFDBD0A000-memory.dmp

Filesize
40KB

Download
memory/2628-11-0x000001BFF6090000-0x000001BFF60C8000-memory.dmp

Filesize
224KB

Download
memory/2628-3-0x000001BFF43E0000-0x000001BFF44C6000-memory.dmp

Filesize
920KB

Download
memory/2628-10-0x000001BFF6110000-0x000001BFF61CA000-memory.dmp

Filesize
744KB

Download
memory/2628-0-0x000001BFD9E70000-0x000001BFD9F64000-memory.dmp

Filesize
976KB

Download
memory/2628-5-0x000001BFDBCD0000-0x000001BFDBCD8000-memory.dmp

Filesize
32KB

Download
memory/2628-7-0x000001BFF44C0000-0x000001BFF44D0000-memory.dmp

Filesize
64KB

Download
memory/2628-8-0x000001BFF44C0000-0x000001BFF44D0000-memory.dmp

Filesize
64KB

Download
memory/2628-2-0x000001BFF44C0000-0x000001BFF44D0000-memory.dmp

Filesize
64KB

Download
memory/2628-9-0x000001BFF5FA0000-0x000001BFF6052000-memory.dmp

Filesize
712KB

Download
memory/2628-4-0x000001BFF4500000-0x000001BFF4526000-memory.dmp

Filesize
152KB

Download
memory/2628-12-0x000001BFF44C0000-0x000001BFF44D0000-memory.dmp

Filesize
64KB

Download
memory/2628-13-0x000001BFF8E50000-0x000001BFF8E58000-memory.dmp

Filesize
32KB

Download
memory/2628-15-0x000001BFF8E70000-0x000001BFF8E7E000-memory.dmp

Filesize
56KB

Download
memory/2628-1-0x00007FFBF55E0000-0x00007FFBF60A1000-memory.dmp

Filesize
10.8MB

Download
memory/2628-27-0x00007FFBF55E0000-0x00007FFBF60A1000-memory.dmp

Filesize
10.8MB

Download
memory/2628-28-0x000001BFF44C0000-0x000001BFF44D0000-memory.dmp

Filesize
64KB

Download
memory/2628-29-0x000001BFF44C0000-0x000001BFF44D0000-memory.dmp

Filesize
64KB

Download
memory/2628-30-0x000001BFF44C0000-0x000001BFF44D0000-memory.dmp

Filesize
64KB

Download