95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a

Analysis

max time kernel
134s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe
Size

1.4MB
MD5

f7c4ee2c7c8868ec8ed89401689726bf
SHA1

b2ca092400891a0d10f68a6db69c5c6a593db24e
SHA256

95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a
SHA512

fb990626614e6804ed2227f8afeae0496ab7455e1c9de77ef8f4297e6637f14ef3fa18c9989cc54b77cfeafb55d94ca3b96a7068971c6e08eff7fd8a65f72917
SSDEEP

24576:iy9VNOgj8q1toCaYLsTMZF1Zg76hxnT+UaBYKSnaaQOMFMlxNWormOm6+YifTuCl:iwp1toCaYgQF1Zg76PyUafShQfFM/KDJ

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe

pid	process
4788	95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe
4788	95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe
4788	95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe
4788	95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe

Suspicious use of SendNotifyMessage 4 IoCs

Processes:

95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe

pid	process
4788	95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe
4788	95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe
4788	95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe
4788	95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe

pid process

4788 95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe

C:\Users\Admin\AppData\Local\Temp\95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe
"C:\Users\Admin\AppData\Local\Temp\95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4788

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads