c4079adbd900f429976e7363d635dca803e7d244675263ebb30b1ea8fc889e29

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 23:30

Target

SignatureSetEnv.exe
Size

50KB
MD5

82eadecc6119d1772eaad999795360e2
SHA1

dee65cc3646bdb7494f91da4f7ea7def84dcf59e
SHA256

e6bb55d3eb82283c98c654a36b80ddba02a727d004f9e86ee1f361c42db88a81
SHA512

ca05f12447a7167f194bf6d1332cc603c424997d8b58436fc1ea014f4544d861410b6ee390ac6a91492c7b867f2c08f9804f0289e9c013aced55d7c83f5a5499
SSDEEP

768:M5ZaYE8BqNJNtWN2BfsdortwYlq9Y/doyXfH:M5cYE8BqNJNtW4Wsw2q4oyvH

Score

10^/10

evasion trojan

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

Disable or Modify Tools

Modify Registry

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	SignatureSetEnv.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	SignatureSetEnv.exe

Modifies Control Panel 4 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\sLongDate = "yyyy'Äê'M'ÔÂ'd'ÈÕ'"	SignatureSetEnv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\sShortDate = "yyyy-M-d"	SignatureSetEnv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\iDate = "2"	SignatureSetEnv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\sDate = "-"	SignatureSetEnv.exe

Modifies Internet Explorer Protected Mode 1 TTPs 2 IoCs

Modify Registry

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500 = "3"	SignatureSetEnv.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3"	SignatureSetEnv.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

Modify Registry

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\MAIN	SignatureSetEnv.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\DEPOff = "3"	SignatureSetEnv.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MAIN	SignatureSetEnv.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\UseSWRender = "1"	SignatureSetEnv.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2500	SignatureSetEnv.exe

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	SignatureSetEnv.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	SignatureSetEnv.exe