0f95960120449aeba54a96103c366bfa8d922bc2fe72cbe0ff3565ec3ae03d42

Analysis

max time kernel
141s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 12:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WallpaperMakerApp.exe
Size

508KB
MD5

a404f73eb5dc271f6a7ee6e040a70336
SHA1

805653284804b80a61d552e8ce68789b09645081
SHA256

1be7904fdd826733e01e7ac2785d2ecb195d467a4e4ebce6bbcfedb0e0761fdb
SHA512

1bf295566612bee2f66df744ea27e8cd4e0ec1a5a3b8b078497b86cab04dc5e227c1c707eeda2a625b70230d4cfa5b7f1cdd3b2ec487f47039c5e819163cd5fe
SSDEEP

6144:3lTMgYkkBQAzUCJwYVwzInODD0nRSq7FkLgdbFuBv485VaIOV/uzus:3lTXYf+mTtkwOH0RpbFu6rs

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	WallpaperMakerApp.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	WallpaperMakerApp.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	WallpaperMakerApp.exe
File created	C:\Windows\assembly\Desktop.ini	WallpaperMakerApp.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	WallpaperMakerApp.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
836	WallpaperMakerApp.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 3564	836	WallpaperMakerApp.exe	93
PID 836 wrote to memory of 3564	836	WallpaperMakerApp.exe	93
PID 836 wrote to memory of 3564	836	WallpaperMakerApp.exe	93
PID 3564 wrote to memory of 4604	3564	csc.exe	95
PID 3564 wrote to memory of 4604	3564	csc.exe	95
PID 3564 wrote to memory of 4604	3564	csc.exe	95
PID 836 wrote to memory of 2388	836	WallpaperMakerApp.exe	96
PID 836 wrote to memory of 2388	836	WallpaperMakerApp.exe	96
PID 836 wrote to memory of 2388	836	WallpaperMakerApp.exe	96
PID 2388 wrote to memory of 1100	2388	csc.exe	98
PID 2388 wrote to memory of 1100	2388	csc.exe	98
PID 2388 wrote to memory of 1100	2388	csc.exe	98

C:\Users\Admin\AppData\Local\Temp\WallpaperMakerApp.exe
"C:\Users\Admin\AppData\Local\Temp\WallpaperMakerApp.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:836
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\w927brqd.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3564
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1C3E.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1C3D.tmp"
    3⤵
    PID:4604
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ncahgtdp.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2388
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1E04.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1E03.tmp"
    3⤵
    PID:1100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1400 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
1⤵
PID:1624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES1C3E.tmp

Filesize
1KB

MD5
ac2b5fd14294d8e54143b089f7973f53

SHA1
5c654b7597bd0ffaca7a86bd11a65ca078f65329

SHA256
7ca832b7c485f3379450dd13fe9bfec10bc852510301c8625278532bf2d0366b

SHA512
f392c2f483396dd366080a91a7b82ec2717a50bc4966feb446238a9ad7a028d1184cdf2ac9689c4d47f269661707cf8f9dd7294c6dd0f7f50aacd60cb3f0f75f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES1E04.tmp

Filesize
1KB

MD5
9207455be2c4fe72d19782d8880ab2bf

SHA1
b89201aad7718178222a41646f66042df718ee5d

SHA256
97959e4ddc80ee6babbafa86d662d0d282990e05cb2b0cea88617e826b49cb7e

SHA512
7f547cd96b2ae065e460a52466abba4eb4ff8bacb983912d23829978894871dc060c80bec22d8116a83ae7a9090e63e132d252fb427061fd36f83b7ea2169f6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ncahgtdp.dll

Filesize
12KB

MD5
69b8c17fc152e75819dcf49a663f8223

SHA1
0efb6cc8971b74af3b6bab346ced6fbd437dfabd

SHA256
4967cbf111827d6c11d1a5c4462c7d52e451c3125162ea7e6bc1f30ad140d8f2

SHA512
f38f0e05acee1fd1d4f8f617463b7dfaaaf2037b33439ffd618f81d387315e489dc9200b10a9ce691a9c3fa2efbab10e29a2a23a606fa9eaaeca444d7fc79432

Download Submit
C:\Users\Admin\AppData\Local\Temp\w927brqd.dll

Filesize
8KB

MD5
334045145f4cedaf3486eb078b7ff390

SHA1
73b105b49b98035970fce07c52acba348ef9a490

SHA256
a3e570137754eb0115154fe262c300ed77f3a4c094153983dc11afb3c6a494b5

SHA512
61b0718960eb799b818b6661367d3586a50a9ed8a98fb740c7ce98485891f6009c84b319f788a00d60b658b646b8584aa59c7ebfa1aabf7a6ffb0def7215c838

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC1C3D.tmp

Filesize
652B

MD5
b7ebfa4e4c01c346125a52b11c253119

SHA1
2657662cf5a02f7434983420c59e9c14923274a6

SHA256
ad4c549f0b0760ed4f067a49101bdc483926bd5008e802fc3a063bc7d78f2f10

SHA512
833f324c6339117e4aed3129ba94fc3c00b655cff2bed714185db66e25cad952a7763e992c20af90949f36aafa41a8d94739747e2c10648d07e381fe7660cc87

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC1E03.tmp

Filesize
652B

MD5
82926e3c61e79ff923fa15ceabaf764b

SHA1
2b1154369561d6054bf76135f0b8b3151dbfda90

SHA256
d7747d437e49d2289ca240a0bff738ffe83ac09fc91b8a70d4a3918af12445bc

SHA512
ef52298bc3dd4be2148f66e36f9b8cab9c5afff35820e27463578ce6959e16140a5ab0e54ea88d2a2b717db46c478c63cb8e363a4545d2078e3b7fedb065729e

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ncahgtdp.0.cs

Filesize
28KB

MD5
e451f0e9cd32966341f6aa80c15ccfaa

SHA1
279b4d7b13b344b66fdd04ab3a64b93446c146bc

SHA256
547a45567c7140990e89fdc6bdb18db70e29262a494cc00da7de09ebd0e73056

SHA512
2d558e13fdd7b26afdc8555c373475a7d680bd924773a44179852cc2ed60ad2c7dba338f8b66acd5d1fe08258823ac00dc0884a2320582dac63fbc558d22f0a2

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ncahgtdp.cmdline

Filesize
408B

MD5
4bbfc51db1fcb51ec7a8faab041a5356

SHA1
e4e17d25ad3d2abcb419b0dc82bf53b7b6ef90a0

SHA256
98860aac0059ef59e214e0096e33210a1e92f9ce8ece09a6b63bff2aaa28d0ae

SHA512
256c9ae841bda04de045de8666a059bd126185f0fd4fec22cdbc0ef10d321a2a5dcf761e3141035124febcc8bd9546c99750ec8679aea90dc5439f33dcdbfe3e

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\w927brqd.0.cs

Filesize
12KB

MD5
62eed98115e1c0d4d580da2ac8294d3a

SHA1
e08e65a096b534275a57cafcfe5a62c28c068b80

SHA256
60ab8891325ef907d5d58d9ac77ba983e94f603e2bc8c63157b9411d29cfe51b

SHA512
504e0b2d8b986dc831b06e16acbd8d632b2397b7000bd9ac3ec409bea7adf799b7ff193eb7528d288ba4fa4a0886e7d318f8b08b71e7c95241fe20946003b6f9

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\w927brqd.cmdline

Filesize
408B

MD5
a009cacbfdee423b2028c4efc85847b6

SHA1
b298e037625fc13d87611abe68296072b334b361

SHA256
f23702414fc11923c8f97847df5f56933bbc762e790d1ae44369e4d56683b10b

SHA512
9ca61e566103a353057f23d3dedc85192d3d12ee25c68c3a78c9e105ce0f75d8429925300c544b8ee9f489897c8681eb5cccc57434b233c6be1eb8f4904bf232

Download Submit
memory/836-15-0x0000000074700000-0x0000000074CB1000-memory.dmp

Filesize
5.7MB

Download
memory/836-2-0x0000000074700000-0x0000000074CB1000-memory.dmp

Filesize
5.7MB

Download
memory/836-0-0x0000000074702000-0x0000000074703000-memory.dmp

Filesize
4KB

Download
memory/836-64-0x0000000074700000-0x0000000074CB1000-memory.dmp

Filesize
5.7MB

Download
memory/836-5-0x0000000005BF0000-0x0000000005C04000-memory.dmp

Filesize
80KB

Download
memory/836-8-0x0000000005C20000-0x0000000005C49000-memory.dmp

Filesize
164KB

Download
memory/836-7-0x0000000005B50000-0x0000000005BEA000-memory.dmp

Filesize
616KB

Download
memory/836-3-0x0000000005B30000-0x0000000005B50000-memory.dmp

Filesize
128KB

Download
memory/836-63-0x0000000074700000-0x0000000074CB1000-memory.dmp

Filesize
5.7MB

Download
memory/836-62-0x0000000074700000-0x0000000074CB1000-memory.dmp

Filesize
5.7MB

Download
memory/836-1-0x0000000074700000-0x0000000074CB1000-memory.dmp

Filesize
5.7MB

Download
memory/836-61-0x0000000074700000-0x0000000074CB1000-memory.dmp

Filesize
5.7MB

Download
memory/836-49-0x0000000074700000-0x0000000074CB1000-memory.dmp

Filesize
5.7MB

Download
memory/836-50-0x0000000074702000-0x0000000074703000-memory.dmp

Filesize
4KB

Download
memory/836-55-0x0000000074700000-0x0000000074CB1000-memory.dmp

Filesize
5.7MB

Download
memory/836-60-0x0000000074700000-0x0000000074CB1000-memory.dmp

Filesize
5.7MB

Download
memory/2388-45-0x0000000074700000-0x0000000074CB1000-memory.dmp

Filesize
5.7MB

Download
memory/2388-40-0x0000000074700000-0x0000000074CB1000-memory.dmp

Filesize
5.7MB

Download
memory/3564-23-0x0000000074700000-0x0000000074CB1000-memory.dmp

Filesize
5.7MB

Download
memory/3564-30-0x0000000074700000-0x0000000074CB1000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads