70cfaa55a423f2e124af81f0f28479349b48d1a73974aaab6480c81c82b5b4a9

Analysis

max time kernel
148s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 14:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SmileboxTray.exe
Size

365KB
MD5

6ee6910662dac0c229c8f4e59d854c8a
SHA1

a01a65976b83cb4d9229301070298b98ecd3f5e6
SHA256

db3f4c24d5a01d3f406f33054422bd90e61acdf432ad53f2a3ed93dba33dc7b6
SHA512

2b98ef167e97e314bbe74cc814d14bf8745f860c0dc5ab8bd7fa517e1384c842f374d1abbb372be05f3f8df2f0d8deab6b34459d34926d8f69dc9a1ea13bde28
SSDEEP

6144:W5Nt04Rm7CvclG12VhrMqZOaCeilo62SG7XMhDYDkwbQxdbkrnC9Qe85CqJ7SL:W5Nt0km7CvclG12VhrzOaCeie62SG78n

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SmileboxTray = "\"C:\\Users\\Admin\\AppData\\Roaming\\Smilebox\\SmileboxTray.exe\""	SmileboxTray.exe

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\MIME\Database\Content Type	SmileboxTray.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\MIME\Database\Content Type\application/smilebox	SmileboxTray.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Smilebox.archive\shell\open	SmileboxTray.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\smilebox	SmileboxTray.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\smilebox\shell\open	SmileboxTray.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\MIME	SmileboxTray.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Smilebox.archive	SmileboxTray.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Smilebox.archive\shell\open\command	SmileboxTray.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Smilebox.archive\DefaultIcon	SmileboxTray.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\smilebox\DefaultIcon	SmileboxTray.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\smilebox\shell	SmileboxTray.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\smilebox\shell\open\command	SmileboxTray.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\.smilebox	SmileboxTray.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\MIME\Database	SmileboxTray.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Smilebox.archive\shell	SmileboxTray.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2916	SmileboxTray.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2916	SmileboxTray.exe

C:\Users\Admin\AppData\Local\Temp\SmileboxTray.exe
"C:\Users\Admin\AppData\Local\Temp\SmileboxTray.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Smilebox\smilebox.log

Filesize
212B

MD5
435383f0b6441f6e79a5e546231d6c95

SHA1
8a8a45169e81caffdd32993421573fefd138ec9c

SHA256
00d7bea410f9c49f6a68903f65f3b57b6311a1ce94624e0311dbdf238164da33

SHA512
b18f3bb8bcc39730ade7ac08f21fb9910d488cbf0a7413a8fef135ec807ea74c738eefa03b6a411682b05953c4d724a2d3e0125b13cb8872b8602af63c009e1b

Download Submit
memory/2916-0-0x0000000003010000-0x0000000003011000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads