Resubmissions

Analysis

  • max time kernel
    453s
  • max time network
    455s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-04-2024 16:01

General

  • Target

    Muse_Hub.exe

  • Size

    38.2MB

  • MD5

    113b0b7cfcaf7b11d541d6860534ce2c

  • SHA1

    443a0f24974652fd2d081b952061a5e0f386e71a

  • SHA256

    0f9765f58fc4389dcd7541172a4454c0f646dbec174e828a64abc9aa19de4990

  • SHA512

    78f09c46d202d73194f7c648effd03c250a20dc280e07bddb9380128c6077ce86d78da1ce22be1fcc14024a09aa35bd23f9288f1a650d66233b21ddaaa93c9e4

  • SSDEEP

    786432:mt+ooIxXSZFxfPfRLtX630iml6R/YwsNnoPv7pAMVUZ4HG04Rgrk:mt+ooIJsxn1tq30iu6R/vsNnCVUZ4Hl4

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 4 IoCs
  • Executes dropped EXE 1 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Muse_Hub.exe
    "C:\Users\Admin\AppData\Local\Temp\Muse_Hub.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1116
    • C:\Users\Admin\AppData\Local\Temp\Muse Installer Temp\EXE_NETCORECHECK.EXE
      -N Microsoft.WindowsDesktop.App -v 6.0.9
      2⤵
      • Executes dropped EXE
      PID:2328
  • C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.exe
    "C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1516
  • C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.Service.exe
    "C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.Service.exe"
    1⤵
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Muse Installer Temp\EXE_NETCORECHECK.EXE

    Filesize

    142KB

    MD5

    3dd50757e38eed3ac598debec6936915

    SHA1

    ac54862b4de18850d111fe7e08a075f0e812cc89

    SHA256

    8d8f90ca3adc53d7862e82c72522674d4fee14d2b08566d378e46371d5db7f2a

    SHA512

    ff84fddf871f660b2b25e7f3b93ab01140d787a1fb167454cadad4e0eec25fd0789afee6bec3dea09de34343de7d3c4030e1282acddcda02e9f40784eb8aea88

  • memory/1516-39-0x00007FFC77CB0000-0x00007FFC781AE000-memory.dmp

    Filesize

    5.0MB

  • memory/1516-67-0x0000019A4CB90000-0x0000019A4CCA0000-memory.dmp

    Filesize

    1.1MB

  • memory/1516-68-0x00007FFC77CB0000-0x00007FFC781AE000-memory.dmp

    Filesize

    5.0MB

  • memory/4416-47-0x00007FFC77CB0000-0x00007FFC781AE000-memory.dmp

    Filesize

    5.0MB

  • memory/4416-69-0x00007FFC77CB0000-0x00007FFC781AE000-memory.dmp

    Filesize

    5.0MB