Overview

overview

7

Static

static

3

Activat3r.exe

windows10-1703-x64

7

Resubmissions

12-03-2024 13:24

240312-qncwbsbh39 7

12-03-2024 13:18

240312-qj1ftsbg55 5

Analysis

  • max time kernel
    146s
  • max time network
    145s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12-03-2024 13:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Activat3r.exe

  • Size

    16.0MB

  • MD5

    121fe0c0b3190cbb187dca834166b1d8

  • SHA1

    55f31557a81a8897c811229e4a3de5ce2a9d9437

  • SHA256

    31fc4b763671e3c25fd5cf7853c274b9f0bcaabde0f5fcdc9b914d66b51aab86

  • SHA512

    cb5278e13bc0a981ea03219814a1d59ba1003b2e007aca1fb7e6c8769f4a8e6e55d8663dbd9047fabb14262b4e93538046360bdfde62b2dc79b22f008acb5841

  • SSDEEP

    393216:77MmoUQbeDZj95QuHjYZxFj5JdqcyPbtmRd:PMm3QbeDdQuDYrFj5KZbtm

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Activat3r.exe
    "C:\Users\Admin\AppData\Local\Temp\Activat3r.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4892
    • C:\Windows\SYSTEM32\cmd.exe
      cmd /c start ms-windows-store:
      2⤵
      • Modifies registry class
      PID:2844
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:3500
  • C:\Windows\system32\werfault.exe
    werfault.exe /h /shared Global\5375df7190e245b88b38aaca7db0aa91 /t 4316 /p 4892
    1⤵
      PID:2900

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\AutoHotkey.Interop\1.0.0.5\x64\AutoHotkey.dll
      Filesize

      1.3MB

      MD5

      15043409fec49cca12205c448d74e7d7

      SHA1

      86b591893b469a6ad4de8d98eef52eb30f8ea3e0

      SHA256

      6cff0d22fbf4395aa29207b341c9bce6812f68af3df3d3f386962833d8de7b6b

      SHA512

      a16141b177d2b5843e27aee3a333a512c0375095602d8df2d38f24e5e63961e767ad0e5b157c1287c56f4741d72f63eb9ff36cd5158edd2b735625246e1bd483

      Download Submit

    • memory/4892-12-0x000002194EEC0000-0x000002194EEC8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4892-5-0x000002194A200000-0x000002194A6A2000-memory.dmp

      Filesize

      4.6MB

      Download

    • memory/4892-13-0x000002194A0F0000-0x000002194A100000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4892-4-0x00000219318F0000-0x0000021931962000-memory.dmp

      Filesize

      456KB

      Download

    • memory/4892-14-0x000002194A0F0000-0x000002194A100000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4892-6-0x000002194A080000-0x000002194A0D0000-memory.dmp

      Filesize

      320KB

      Download

    • memory/4892-7-0x000002192FF80000-0x000002192FF8A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4892-15-0x000002194EF40000-0x000002194EF78000-memory.dmp

      Filesize

      224KB

      Download

    • memory/4892-9-0x000002194A7A0000-0x000002194AE58000-memory.dmp

      Filesize

      6.7MB

      Download

    • memory/4892-10-0x000002194A0F0000-0x000002194A100000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4892-11-0x000002194A0F0000-0x000002194A100000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4892-0-0x00007FF97A5D0000-0x00007FF97AFBC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/4892-3-0x000002194A0F0000-0x000002194A100000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4892-2-0x000002192FF50000-0x000002192FF51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4892-8-0x000002194A030000-0x000002194A056000-memory.dmp

      Filesize

      152KB

      Download

    • memory/4892-16-0x000002194A0F0000-0x000002194A100000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4892-17-0x00007FF97A5D0000-0x00007FF97AFBC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/4892-18-0x000002194A0F0000-0x000002194A100000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4892-19-0x000002194A0F0000-0x000002194A100000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4892-20-0x000002194A0F0000-0x000002194A100000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4892-21-0x000002194A0F0000-0x000002194A100000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4892-22-0x000002194A0F0000-0x000002194A100000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4892-23-0x000002194A0F0000-0x000002194A100000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4892-1-0x000002192D870000-0x000002192FBC4000-memory.dmp

      Filesize

      35.3MB

      Download

    • memory/4892-29-0x00007FF97A5D0000-0x00007FF97AFBC000-memory.dmp

      Filesize

      9.9MB

      Download