Overview

overview

10

Static

static

10

Guna.UI2.dll

windows11-21h2-x64

1

Siticone.UI.dll

windows11-21h2-x64

4

nixware.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19/04/2024, 12:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Siticone.UI.dll

  • Size

    1.3MB

  • MD5

    2474124f9a70301411e5a42caa0225f6

  • SHA1

    23c561479001148931601b14889d0c10c1420e85

  • SHA256

    283346e95883d2c51743b725ecd41f2afd97adbbf86ec9d9735072505d5726b4

  • SHA512

    a4c798779674fefde60b87cb7b57f1b7b723649189ce7f89e6993b1ee84e84c18eb5f97fce4a531fe8f361fa4ecda79e482f57f695b968e9543345cc40e321ff

  • SSDEEP

    24576:RVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8g:H8NlaVeuHF

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Siticone.UI.dll,#1
    1⤵
      PID:5092
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1688
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
        1⤵
          PID:3948
        • C:\Windows\System32\oobe\UserOOBEBroker.exe
          C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
          1⤵
          • Drops file in Windows directory
          PID:4988
        • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
          C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
          1⤵
            PID:4612
          • C:\Program Files\VideoLAN\VLC\vlc.exe
            "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CompressLock.mp4"
            1⤵
            • Suspicious behavior: AddClipboardFormatListener
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            PID:4596

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4596-3-0x00007FF68A4A0000-0x00007FF68A598000-memory.dmp

            Filesize

            992KB

            Download

          • memory/4596-4-0x00007FFC33240000-0x00007FFC33274000-memory.dmp

            Filesize

            208KB

            Download

          • memory/4596-5-0x00007FFC2B130000-0x00007FFC2B3E6000-memory.dmp

            Filesize

            2.7MB

            Download

          • memory/4596-6-0x00007FFC3E220000-0x00007FFC3E238000-memory.dmp

            Filesize

            96KB

            Download

          • memory/4596-7-0x00007FFC3E070000-0x00007FFC3E087000-memory.dmp

            Filesize

            92KB

            Download

          • memory/4596-9-0x00007FFC343E0000-0x00007FFC343F7000-memory.dmp

            Filesize

            92KB

            Download

          • memory/4596-8-0x00007FFC3D670000-0x00007FFC3D681000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-10-0x00007FFC2E760000-0x00007FFC2E771000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-11-0x00007FFC2D610000-0x00007FFC2D62D000-memory.dmp

            Filesize

            116KB

            Download

          • memory/4596-12-0x00007FFC2C150000-0x00007FFC2C161000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-13-0x00007FFC2AF20000-0x00007FFC2B12B000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/4596-14-0x00007FFC2B7D0000-0x00007FFC2B811000-memory.dmp

            Filesize

            260KB

            Download

          • memory/4596-15-0x000001E93DB20000-0x000001E93EBD0000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/4596-16-0x00007FFC2B7A0000-0x00007FFC2B7C1000-memory.dmp

            Filesize

            132KB

            Download

          • memory/4596-17-0x00007FFC2B780000-0x00007FFC2B798000-memory.dmp

            Filesize

            96KB

            Download

          • memory/4596-18-0x00007FFC2B760000-0x00007FFC2B771000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-19-0x00007FFC29E50000-0x00007FFC29E61000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-20-0x00007FFC29E30000-0x00007FFC29E41000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-21-0x00007FFC29E10000-0x00007FFC29E2B000-memory.dmp

            Filesize

            108KB

            Download

          • memory/4596-22-0x00007FFC29DF0000-0x00007FFC29E01000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-24-0x00007FFC29DA0000-0x00007FFC29DD0000-memory.dmp

            Filesize

            192KB

            Download

          • memory/4596-23-0x00007FFC29DD0000-0x00007FFC29DE8000-memory.dmp

            Filesize

            96KB

            Download

          • memory/4596-25-0x00007FFC29D30000-0x00007FFC29D97000-memory.dmp

            Filesize

            412KB

            Download

          • memory/4596-26-0x00007FFC29CB0000-0x00007FFC29D2C000-memory.dmp

            Filesize

            496KB

            Download

          • memory/4596-27-0x00007FFC29C90000-0x00007FFC29CA1000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-28-0x00007FFC29C30000-0x00007FFC29C87000-memory.dmp

            Filesize

            348KB

            Download

          • memory/4596-29-0x00007FFC29C00000-0x00007FFC29C28000-memory.dmp

            Filesize

            160KB

            Download

          • memory/4596-30-0x00007FFC29BD0000-0x00007FFC29BF4000-memory.dmp

            Filesize

            144KB

            Download

          • memory/4596-31-0x00007FFC29BB0000-0x00007FFC29BC8000-memory.dmp

            Filesize

            96KB

            Download

          • memory/4596-32-0x00007FFC29B80000-0x00007FFC29BA3000-memory.dmp

            Filesize

            140KB

            Download

          • memory/4596-33-0x00007FFC29B60000-0x00007FFC29B71000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-34-0x00007FFC29B40000-0x00007FFC29B52000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4596-35-0x00007FFC29B10000-0x00007FFC29B31000-memory.dmp

            Filesize

            132KB

            Download

          • memory/4596-37-0x00007FFC29AD0000-0x00007FFC29AE2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4596-36-0x00007FFC29AF0000-0x00007FFC29B03000-memory.dmp

            Filesize

            76KB

            Download

          • memory/4596-38-0x00007FFC29990000-0x00007FFC29ACB000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4596-39-0x00007FFC29960000-0x00007FFC2998C000-memory.dmp

            Filesize

            176KB

            Download

          • memory/4596-40-0x00007FFC297A0000-0x00007FFC2995A000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/4596-41-0x00007FFC29740000-0x00007FFC2979C000-memory.dmp

            Filesize

            368KB

            Download

          • memory/4596-43-0x00007FFC29680000-0x00007FFC29718000-memory.dmp

            Filesize

            608KB

            Download

          • memory/4596-42-0x00007FFC29720000-0x00007FFC29731000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-44-0x00007FFC2B6C0000-0x00007FFC2B6D2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4596-45-0x00007FFC29420000-0x00007FFC29673000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/4596-46-0x00007FFC29310000-0x00007FFC2941E000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/4596-47-0x00007FFC2B720000-0x00007FFC2B755000-memory.dmp

            Filesize

            212KB

            Download

          • memory/4596-48-0x00007FFC2B6F0000-0x00007FFC2B715000-memory.dmp

            Filesize

            148KB

            Download

          • memory/4596-49-0x00007FFC2E740000-0x00007FFC2E751000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-50-0x00007FFC291F0000-0x00007FFC29303000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/4596-51-0x00007FFC2B6A0000-0x00007FFC2B6B1000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-52-0x00007FFC2B400000-0x00007FFC2B412000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4596-53-0x00007FFC291D0000-0x00007FFC291E3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/4596-62-0x00007FFC28F50000-0x00007FFC28F66000-memory.dmp

            Filesize

            88KB

            Download

          • memory/4596-61-0x00007FFC28F70000-0x00007FFC28F88000-memory.dmp

            Filesize

            96KB

            Download

          • memory/4596-63-0x00007FFC28F20000-0x00007FFC28F4A000-memory.dmp

            Filesize

            168KB

            Download

          • memory/4596-64-0x00007FFC28F00000-0x00007FFC28F12000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4596-60-0x00007FFC28F90000-0x00007FFC28FA2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4596-59-0x00007FFC28FB0000-0x00007FFC28FC1000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-66-0x00007FFC28EC0000-0x00007FFC28ED1000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-65-0x00007FFC28EE0000-0x00007FFC28EF1000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-58-0x00007FFC28FD0000-0x00007FFC28FE1000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-57-0x00007FFC28FF0000-0x00007FFC29001000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-56-0x00007FFC29010000-0x00007FFC2910F000-memory.dmp

            Filesize

            1020KB

            Download

          • memory/4596-55-0x00007FFC29110000-0x00007FFC29121000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4596-54-0x00007FFC29130000-0x00007FFC291D0000-memory.dmp

            Filesize

            640KB

            Download