Analysis
-
max time kernel
289s -
max time network
258s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
23/04/2024, 11:11
Static task
static1
Behavioral task
behavioral1
Sample
Frantic Allis.glb
Resource
win11-20240412-en
windows11-21h2-x64
5 signatures
600 seconds
Behavioral task
behavioral2
Sample
Frantic Allis.glb
Resource
android-33-x64-arm64-20240229-en
android-13-x64
0 signatures
600 seconds
Behavioral task
behavioral3
Sample
Frantic Allis.glb
Resource
macos-20240410-en
macos-10.15-amd64
1 signatures
600 seconds
Behavioral task
behavioral4
Sample
Frantic Allis.glb
Resource
ubuntu2004-amd64-20240221-en
ubuntu-20.04-amd64
0 signatures
600 seconds
General
-
Target
Frantic Allis.glb
-
Size
108KB
-
MD5
c4cf12905311129e6c2b9c57664cea44
-
SHA1
e1d6fffda1dad6cb865499c5c5a97c5931374f2d
-
SHA256
605019c11a006d48e9473ea5a04025a0294a9dff79d6e2c1423afb68171e695a
-
SHA512
83dcde151a8ce0dd2d1601071a5f05cc393064ebc3d64c5d9902711b80f93448103e2d3d685fb9333823db6a9e4f4920f50156234cb8c5ff857543241f7767f1
-
SSDEEP
1536:OHomQjJHijhF07IR6tP4I6Kow5Y4q4inD/BqlSuyVsvNhRGg1DR7:OHOHi6Iy5K+lSevN2g1J
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "222" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" LogonUI.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 2200 Process not Found 1832 Process not Found 3720 Process not Found 4336 Process not Found 5056 Process not Found 5052 Process not Found 1656 Process not Found 684 Process not Found 204 Process not Found 2388 Process not Found 1312 Process not Found 2996 Process not Found 1044 Process not Found 1616 Process not Found 752 Process not Found 3864 Process not Found 3852 Process not Found 696 Process not Found 3788 Process not Found 412 Process not Found 4604 Process not Found 4440 Process not Found 4896 Process not Found 2112 Process not Found 2488 Process not Found 1476 Process not Found 4668 Process not Found 2508 Process not Found 1088 Process not Found 3172 Process not Found 4356 Process not Found 4232 Process not Found 3400 Process not Found 4552 Process not Found 2504 Process not Found 4384 Process not Found 2284 Process not Found 3504 Process not Found 980 Process not Found 1372 Process not Found 788 Process not Found 2420 Process not Found 2252 Process not Found 4620 Process not Found 4948 Process not Found 676 Process not Found 1920 Process not Found 2852 Process not Found 4272 Process not Found 3308 Process not Found 1668 Process not Found 1208 Process not Found 2004 Process not Found 1472 Process not Found 2108 Process not Found 3128 Process not Found 4500 Process not Found 4704 Process not Found 4576 Process not Found 2276 Process not Found 4160 Process not Found 4204 Process not Found 3120 Process not Found 2336 Process not Found -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4496 OpenWith.exe 2580 LogonUI.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Frantic Allis.glb"1⤵
- Modifies registry class
PID:5016
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4496
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3936855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2580