Overview

overview

8

Static

static

1

CabFD.cab

windows7-x64

1

CabFD.cab

windows10-2004-x64

1

authroot.stl

windows7-x64

8

authroot.stl

windows10-2004-x64

3

Analysis

  • max time kernel
    270s
  • max time network
    275s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-03-2024 03:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    authroot.stl

  • Size

    171KB

  • MD5

    9c0c641c06238516f27941aa1166d427

  • SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

  • SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

  • SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • SSDEEP

    1536:+AuJ+lCUs0RvWqgCyPW5BXNWdm1wpyru2/3EwjYoz0VDTrubmt6mJp:+9J+q0RuXCyfdmAyru2/RAKtgp

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\authroot.stl
    1⤵
    • Modifies registry class
    PID:1628
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5008
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault672458a5h97f5h4253h823ch78b59ea9c7d3
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3344
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb007846f8,0x7ffb00784708,0x7ffb00784718
      2⤵
        PID:1128
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,88480648775195836,6881316073080407383,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        2⤵
          PID:488
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,88480648775195836,6881316073080407383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4012
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,88480648775195836,6881316073080407383,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
          2⤵
            PID:5024
        • C:\Windows\System32\CompPkgSrv.exe
          C:\Windows\System32\CompPkgSrv.exe -Embedding
          1⤵
            PID:5140
          • C:\Windows\System32\CompPkgSrv.exe
            C:\Windows\System32\CompPkgSrv.exe -Embedding
            1⤵
              PID:5228
            • C:\Windows\system32\SystemSettingsAdminFlows.exe
              "C:\Windows\system32\SystemSettingsAdminFlows.exe" OptionalFeaturesAdminHelper
              1⤵
                PID:5316

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                Filesize

                152B

                MD5

                0764f5481d3c05f5d391a36463484b49

                SHA1

                2c96194f04e768ac9d7134bc242808e4d8aeb149

                SHA256

                cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

                SHA512

                a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                Filesize

                5KB

                MD5

                1e2b5cd02a166cf647b71114904c1360

                SHA1

                615e1598da027479a35c83eefc27854c8cb9434d

                SHA256

                1acd0b01603f6a8e3496f82b186bd9f513ff9fd40ef065a984ec0e8114c47402

                SHA512

                04f4fb8ce4fd91caba4ccf65ecdcf9a41154139461208e26c03b2ff7d39228b4ecade87d73d819eebf8451f4731419439c5a0766b01b77985fe7ac4362020234

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                Filesize

                8KB

                MD5

                985bf36f9e9466ce979f1234ed59b016

                SHA1

                05dbe56230e1a6d3a8f78c44ff87f01ff0222b16

                SHA256

                7ed293181be107fb9d07a728cfad25b6ad65b0f9c1035dad5cef5f2dab62e0c6

                SHA512

                497baf2f4984e7415d487eaedc4399d837709f8d89bf0ba19e26dcee1d8b1051e5f5f37b7572b265ac9e2a1e2a842d60150c8b602eb2a890c1e4bd9d3b1ffd79

                Download Submit