Overview

overview

10

Static

static

1

lonelyscre...er.exe

windows7-x64

7

lonelyscre...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lonelyscreen-win-installer.exe

  • Size

    538KB

  • Sample

    240410-ma9rcscb42

  • MD5

    64da00119c76c6e1d75f059ffc4a772d

  • SHA1

    ebaebff7db60430cad107d4efc45654d43f98075

  • SHA256

    039004b76a1bc5ac020958256bdcf97f1464398c13b0be2e0d0078f1aee8b3a7

  • SHA512

    d13544aa2ee6060510c0f906e3f174a4ec40878f36193a99d6c527b62fa6a379115e965e272069b0e3f0479df16e6899a096ede37fb0832262c72d3d24f824f3

  • SSDEEP

    12288:AS3yBV888888888888W88888888888pKfXGU69eTutORzK/AA9i6Zub02O9HtFbl:/3yLKfXG6wZ/D9kqtZaTq

Score
10/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      lonelyscreen-win-installer.exe

    • Size

      538KB

    • MD5

      64da00119c76c6e1d75f059ffc4a772d

    • SHA1

      ebaebff7db60430cad107d4efc45654d43f98075

    • SHA256

      039004b76a1bc5ac020958256bdcf97f1464398c13b0be2e0d0078f1aee8b3a7

    • SHA512

      d13544aa2ee6060510c0f906e3f174a4ec40878f36193a99d6c527b62fa6a379115e965e272069b0e3f0479df16e6899a096ede37fb0832262c72d3d24f824f3

    • SSDEEP

      12288:AS3yBV888888888888W88888888888pKfXGU69eTutORzK/AA9i6Zub02O9HtFbl:/3yLKfXG6wZ/D9kqtZaTq

    Score
    10/10
    discoveryevasionpersistence

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks