Resubmissions
Analysis
-
max time kernel
453s -
max time network
455s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
14-04-2024 16:01
Static task
static1
Behavioral task
behavioral1
Sample
Muse_Hub.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Muse_Hub.exe
Resource
win10v2004-20240412-en
General
-
Target
Muse_Hub.exe
-
Size
38.2MB
-
MD5
113b0b7cfcaf7b11d541d6860534ce2c
-
SHA1
443a0f24974652fd2d081b952061a5e0f386e71a
-
SHA256
0f9765f58fc4389dcd7541172a4454c0f646dbec174e828a64abc9aa19de4990
-
SHA512
78f09c46d202d73194f7c648effd03c250a20dc280e07bddb9380128c6077ce86d78da1ce22be1fcc14024a09aa35bd23f9288f1a650d66233b21ddaaa93c9e4
-
SSDEEP
786432:mt+ooIxXSZFxfPfRLtX630iml6R/YwsNnoPv7pAMVUZ4HG04Rgrk:mt+ooIJsxn1tq30iu6R/vsNnCVUZ4Hl4
Malware Config
Signatures
-
Drops file in System32 directory 4 IoCs
Processes:
Muse.Service.exedescription ioc process File created C:\Windows\system32\config\systemprofile\AppData\Local\Muse.Service\Muse.Service_Url_zmbqaeottvmi12bkaynsf5cuhyatvbia\tzyzr5j5.tmp Muse.Service.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Muse.Service\Muse.Service_Url_zmbqaeottvmi12bkaynsf5cuhyatvbia\tzyzr5j5.newcfg Muse.Service.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\AppCenter\a321e289-b026-4511-b667-d336ff995ee2\Logs.db Muse.Service.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\AppCenter\a321e289-b026-4511-b667-d336ff995ee2\Logs.db-journal Muse.Service.exe -
Executes dropped EXE 1 IoCs
Processes:
EXE_NETCORECHECK.EXEpid process 2328 EXE_NETCORECHECK.EXE -
Modifies data under HKEY_USERS 5 IoCs
Processes:
Muse.Service.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT Muse.Service.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates Muse.Service.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs Muse.Service.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs Muse.Service.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Muse.Service.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
Muse.Service.exepid process 4416 Muse.Service.exe 4416 Muse.Service.exe 4416 Muse.Service.exe 4416 Muse.Service.exe 4416 Muse.Service.exe 4416 Muse.Service.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Muse.Service.exedescription pid process Token: SeDebugPrivilege 4416 Muse.Service.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
Muse.exepid process 1516 Muse.exe 1516 Muse.exe 1516 Muse.exe -
Suspicious use of SendNotifyMessage 2 IoCs
Processes:
Muse.exepid process 1516 Muse.exe 1516 Muse.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
Muse_Hub.exedescription pid process target process PID 1116 wrote to memory of 2328 1116 Muse_Hub.exe EXE_NETCORECHECK.EXE PID 1116 wrote to memory of 2328 1116 Muse_Hub.exe EXE_NETCORECHECK.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\Muse_Hub.exe"C:\Users\Admin\AppData\Local\Temp\Muse_Hub.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1116 -
C:\Users\Admin\AppData\Local\Temp\Muse Installer Temp\EXE_NETCORECHECK.EXE-N Microsoft.WindowsDesktop.App -v 6.0.92⤵
- Executes dropped EXE
PID:2328
-
-
C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.exe"C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1516
-
C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.Service.exe"C:\Program Files\WindowsApps\Muse.MuseHub_1.0.2.800_x64__rb9pth70m6nz6\Muse.Service.exe"1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4416
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
142KB
MD53dd50757e38eed3ac598debec6936915
SHA1ac54862b4de18850d111fe7e08a075f0e812cc89
SHA2568d8f90ca3adc53d7862e82c72522674d4fee14d2b08566d378e46371d5db7f2a
SHA512ff84fddf871f660b2b25e7f3b93ab01140d787a1fb167454cadad4e0eec25fd0789afee6bec3dea09de34343de7d3c4030e1282acddcda02e9f40784eb8aea88