d2dbebaf7d20189a83c281bbab6cce71b8eb7859c09b8b09b3ebb23740dca1bb

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TYFrame.exe
Size

975KB
MD5

37a235ee25885b7d32f6e4758d97744f
SHA1

5f5365cb021169bab2e48c7e76f3f685b59bd4b8
SHA256

6554d3cdf92be4afb113c63ac57b0bf64f654b66ad7a881671b33ae523443830
SHA512

3102ac259141305de855b42c704f494cbca8dd651dcb67a2820a53fa83012bf81bf29958760b5c7ff6634072e12ca112cc5a9b69a40a2c328da5a4ca17c92cc5
SSDEEP

12288:WMpMLAkwN5VMsXtmzx/2ALo1/iEutcsY0whF6f7dnw40Yidsbf64bOJa88xsv1:HaAbzVp9mz2jdOwrsfBc/4bOQ88M1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2680	tyframe.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2680	tyframe.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1836	update.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
464	TYFrame.exe
464	TYFrame.exe
2680	tyframe.exe
2680	tyframe.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
464	TYFrame.exe
464	TYFrame.exe
2680	tyframe.exe
2680	tyframe.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 1836	464	TYFrame.exe	91
PID 464 wrote to memory of 1836	464	TYFrame.exe	91
PID 464 wrote to memory of 1836	464	TYFrame.exe	91
PID 1836 wrote to memory of 2680	1836	update.exe	92
PID 1836 wrote to memory of 2680	1836	update.exe	92
PID 1836 wrote to memory of 2680	1836	update.exe	92

C:\Users\Admin\AppData\Local\Temp\TYFrame.exe
"C:\Users\Admin\AppData\Local\Temp\TYFrame.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:464
- C:\Users\Admin\AppData\Local\Temp\update.exe
  C:\Users\Admin\AppData\Local\Temp\update.exe tyframe.exe restart
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1836
- - C:\Users\Admin\AppData\Local\Temp\tyframe.exe
    C:\Users\Admin\AppData\Local\Temp\tyframe.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TYFrame.exe

Filesize
981KB

MD5
d6f79d061aa638dd20f1ded12d8447ad

SHA1
7263ac01813bac63e87457fc9f28f52defb3b6a6

SHA256
12d2a55d16c7bf1c4b07712a2c80cc78d168af227d73fd0f70c009e0a1af19f0

SHA512
9927fc0e72a3041d63ce768fd095ed79d0c9379eb6a96136554d000d8982a2fc183ffba1563f163aa18318acd07e163a0d61fc285719c4eab72b5503b48c2ba2

Download Submit
memory/464-0-0x0000000000400000-0x0000000000685000-memory.dmp

Filesize
2.5MB

Download
memory/464-1-0x0000000000400000-0x0000000000685000-memory.dmp

Filesize
2.5MB

Download
memory/464-2-0x0000000000CC0000-0x0000000000D0B000-memory.dmp

Filesize
300KB

Download
memory/464-3-0x0000000000D20000-0x0000000000D21000-memory.dmp

Filesize
4KB

Download
memory/464-4-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/464-5-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/464-6-0x0000000000D30000-0x0000000000D31000-memory.dmp

Filesize
4KB

Download
memory/464-7-0x0000000000C90000-0x0000000000C91000-memory.dmp

Filesize
4KB

Download
memory/464-8-0x0000000000D10000-0x0000000000D11000-memory.dmp

Filesize
4KB

Download
memory/464-10-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/464-9-0x0000000002C00000-0x0000000002C01000-memory.dmp

Filesize
4KB

Download
memory/464-11-0x0000000002BF0000-0x0000000002BF2000-memory.dmp

Filesize
8KB

Download
memory/464-12-0x00000000026B0000-0x00000000026B1000-memory.dmp

Filesize
4KB

Download
memory/464-13-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/464-14-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/464-15-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/464-16-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/464-17-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/464-18-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/464-19-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/464-20-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/464-21-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/464-23-0x0000000002700000-0x0000000002701000-memory.dmp

Filesize
4KB

Download
memory/464-22-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/464-24-0x0000000002730000-0x0000000002731000-memory.dmp

Filesize
4KB

Download
memory/464-25-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/464-26-0x0000000002BE0000-0x0000000002BE2000-memory.dmp

Filesize
8KB

Download
memory/464-27-0x0000000002C80000-0x0000000002D80000-memory.dmp

Filesize
1024KB

Download
memory/464-28-0x0000000002C80000-0x0000000002D80000-memory.dmp

Filesize
1024KB

Download
memory/464-31-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/464-29-0x0000000002C80000-0x0000000002D80000-memory.dmp

Filesize
1024KB

Download
memory/464-32-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/464-33-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/464-30-0x0000000002C60000-0x0000000002C61000-memory.dmp

Filesize
4KB

Download
memory/464-34-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/464-35-0x0000000002C30000-0x0000000002C31000-memory.dmp

Filesize
4KB

Download
memory/464-37-0x0000000002C10000-0x0000000002C11000-memory.dmp

Filesize
4KB

Download
memory/464-38-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/464-36-0x0000000002C20000-0x0000000002C21000-memory.dmp

Filesize
4KB

Download
memory/464-40-0x0000000002E90000-0x0000000002F10000-memory.dmp

Filesize
512KB

Download
memory/464-39-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

Filesize
4KB

Download
memory/464-41-0x0000000002E90000-0x0000000002F10000-memory.dmp

Filesize
512KB

Download
memory/464-42-0x0000000002E90000-0x0000000002F10000-memory.dmp

Filesize
512KB

Download
memory/464-43-0x0000000002E90000-0x0000000002F10000-memory.dmp

Filesize
512KB

Download
memory/464-44-0x0000000002E90000-0x0000000002F10000-memory.dmp

Filesize
512KB

Download
memory/464-45-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/464-46-0x0000000002C80000-0x0000000002D80000-memory.dmp

Filesize
1024KB

Download
memory/464-47-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/464-49-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download
memory/464-48-0x0000000002860000-0x0000000002861000-memory.dmp

Filesize
4KB

Download
memory/464-50-0x0000000000400000-0x0000000000685000-memory.dmp

Filesize
2.5MB

Download
memory/464-51-0x0000000000400000-0x0000000000685000-memory.dmp

Filesize
2.5MB

Download
memory/464-52-0x0000000000CC0000-0x0000000000D0B000-memory.dmp

Filesize
300KB

Download
memory/1836-81-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2680-57-0x0000000000400000-0x0000000000688000-memory.dmp

Filesize
2.5MB

Download
memory/2680-58-0x0000000000A50000-0x0000000000A9B000-memory.dmp

Filesize
300KB

Download
memory/2680-60-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/2680-61-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/2680-64-0x0000000002AB0000-0x0000000002AB2000-memory.dmp

Filesize
8KB

Download
memory/2680-62-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/2680-63-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/2680-65-0x0000000002AA0000-0x0000000002AA2000-memory.dmp

Filesize
8KB

Download
memory/2680-66-0x0000000002B40000-0x0000000002C40000-memory.dmp

Filesize
1024KB

Download
memory/2680-67-0x0000000002B40000-0x0000000002C40000-memory.dmp

Filesize
1024KB

Download
memory/2680-68-0x0000000002B40000-0x0000000002C40000-memory.dmp

Filesize
1024KB

Download
memory/2680-69-0x0000000002B40000-0x0000000002C40000-memory.dmp

Filesize
1024KB

Download
memory/2680-70-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/2680-83-0x0000000000400000-0x0000000000688000-memory.dmp

Filesize
2.5MB

Download
memory/2680-99-0x0000000000400000-0x0000000000688000-memory.dmp

Filesize
2.5MB

Download