734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538

max time kernel
1373s
max time network
1173s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/ColorBug/[email protected]
Size

53KB
MD5

6536b10e5a713803d034c607d2de19e3
SHA1

a6000c05f565a36d2250bdab2ce78f505ca624b7
SHA256

775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de
SHA512

61727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018
SSDEEP

1536:ynqAKryDLrASOcRw52sjzIUK7RkYrJ2lrKX:SNdMT8Z8cX

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\~~CB = "cb.exe"	[email protected]

Modifies Control Panel 21 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\ActiveTitle = "241 128 69"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\ActiveBorder = "172 238 42"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\GrayText = "105 85 133"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\InactiveTitleText = "92 144 93"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\Background = "156 38 12"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\Window = "40 241 115"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\WindowText = "189 4 131"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\InactiveBorder = "148 80 31"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\ButtonShadow = "106 2 104"	[email protected]
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\WindowFrame = "216 241 83"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\Scrollbar = "242 25 176"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\Menu = "155 50 134"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\MenuText = "118 136 43"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\TitleText = "77 152 8"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\AppWorkspace = "126 226 168"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\Hilight = "64 74 185"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\HilightText = "70 43 231"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\ButtonFace = "207 96 17"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\InactiveTitle = "248 181 188"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Colors\ButtonText = "85 192 142"	[email protected]

C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\ColorBug\[email protected]
"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\ColorBug\[email protected]"
1⤵
- Adds Run key to start application
- Modifies Control Panel
PID:4788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4788-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads