db87edad86fe4938bd117a0e67f73c6bb2a27d9e6b7b14cc55135ed2f6dd192c

Analysis

max time kernel
135s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Directx 12 Master Win Tutoriales.exe
Size

107.7MB
MD5

88b4c19ad6f9e403339aef2616c8bbaa
SHA1

a6d05ec4f7ae784739c93c0f21902519f697212d
SHA256

db87edad86fe4938bd117a0e67f73c6bb2a27d9e6b7b14cc55135ed2f6dd192c
SHA512

c8191807068f921785869aee2dba2cdf8f2dbbdea0f340f057808aa38ae56f9c4277bfc69ca1b25641a49b83b9521875e33cf49a9a7e3dda960e74891c2fad12
SSDEEP

3145728:b++TUJs4kTpwTOtmI1ywC/l0/ZcGTsttmIW2Jx:b++4JdklwXInC/lQZcqSmIW2L

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4380	autorun.exe

Loads dropped DLL 1 IoCs

pid	Process
4380	autorun.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4380	autorun.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3572	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3572	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3200	Directx 12 Master Win Tutoriales.exe
3200	Directx 12 Master Win Tutoriales.exe
4380	autorun.exe
4380	autorun.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 4380	3200	Directx 12 Master Win Tutoriales.exe	86
PID 3200 wrote to memory of 4380	3200	Directx 12 Master Win Tutoriales.exe	86
PID 3200 wrote to memory of 4380	3200	Directx 12 Master Win Tutoriales.exe	86

C:\Users\Admin\AppData\Local\Temp\Directx 12 Master Win Tutoriales.exe
"C:\Users\Admin\AppData\Local\Temp\Directx 12 Master Win Tutoriales.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
  "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\Directx 12 Master Win Tutoriales.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4380

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Audio\DeeJayOne - Sounds like a Melody.mp3

Filesize
4.1MB

MD5
8e41e72855828363d758b0f4b252ac27

SHA1
3d74fe2c8fd942a712b42ca2008487361bba5dc6

SHA256
16f26111da44b1a57f4031f3bca70e75615d9b5c3035c6302b7bb927a53cd187

SHA512
6322827be6414cbaa8b489f700019197d7f520dc1cb261ab3e2d91ae70f9bd088445c9ffe9233d70aaf8182014b4e464957bf73e4c62de40a62ea100cbc55fbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\HALO_(102).png

Filesize
1.0MB

MD5
96238c49bb6461849f2b79e6f391c2e5

SHA1
86e3e858ef0a667e39f014d5fadae8ecc5bba216

SHA256
0a46043a98cbfca5af88d6ad671a3625a906902c3b2e7a0e0758be2b8a90c8af

SHA512
dac75c31bebd4cbedf207b6b09c115405646ec62a3928806f245c0caf81a1397e9f8a9e14ef1d4187bf4eb0793ea235dbca1ee9cf8822d5d30bfc9cda8fa9299

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Master-Chief-PNG-Photos.png

Filesize
1.5MB

MD5
c279a3804e368f868137e069d91ba603

SHA1
d8e93af2ef9fe4c96a9b13adad02e100efdea240

SHA256
32b5fe3c276104ebf848d85acc90a296dcc9a5a42f52796bc950dffb20d9e47f

SHA512
db0acdf777dc1f047a4fad63761c62bc395e7385435a251d408c68cf4af3f60444771c254221bf1a9c1db79249c919cba1f7f47e665c37e1f9def7011c8c3121

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\T-Rex-vs-Spinosaurus-Facts-700x398.png

Filesize
362KB

MD5
2cbf970ea14bf17049d49c916adae8ab

SHA1
0b45ab48d4f55419d608a3d953f35006cb5a5cd9

SHA256
3def17d2b4edad17f5728cdeed91f58a2c2d690b67f314b302066b099d279400

SHA512
b27ae4ef90280f2d9f33b653c5c2b91e13ba9d6c22f12e169ad426bee0a241dc8436975d58cf8072244580b56b317aa3ff31594ae77958bbc181e0f6578a0c76

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\a1cf611a2d2ab39a41941e9866e83ede.png

Filesize
237KB

MD5
a1cf611a2d2ab39a41941e9866e83ede

SHA1
7ef04c1c3c02be77398e13674c508f85d1e93432

SHA256
6a688e3c6203f9b9c6ca79ead110cb3e63516a167648134ab119024beb54a218

SHA512
56b4c761693f981dce0c83db62de9d9d45564683d513e36e5e1876d63b1cbdf404db681135d9ee4d9c4c43e31f6b0662f49b3d8b73a32222ef38d098488c15b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\color-blanco.png

Filesize
2KB

MD5
e6700666a413b6de6f55857a67142edc

SHA1
866f7a2c03cb584c1507c043ad8fc94eb809a946

SHA256
c4d5026ab95890105feb2a31852a847634a4f3e97b73ce2a3b33e302e77a4c02

SHA512
5c9a0e980c607fa2dc0db71e31970ec631d4077262c394f137e8e6378f502b341b8528c4c2e9a452a62f701982736889a7386765680defd7ecdf7dbf3ab95630

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\directx-12-logo-green-640x354.jpg

Filesize
29KB

MD5
8ccc53e09d63b3e2acf0c1ab139e0058

SHA1
cd545fcda3c012b4e2c04d9405554b1e780a2811

SHA256
2ae715f00db6142f78ecd095f1b96baf7cc39c1d2fb5397c13f47a24ef50712d

SHA512
047e00cc2b2e06e4e93011f6d351d4006e04c3cc1fca5ca019fcb084db3414c1f2f0dc7091fd1ae21bd86cbbfd6fdbd0c5ccce64a400e9467d26ee6e51c034ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\directx12-windows10-logo.jpg

Filesize
21KB

MD5
fce7dfd14fba7305bc18631a8fff8915

SHA1
0bc838f1ec1f7d2404b6a728e149c7f665d7e08d

SHA256
60398bbd10ee84c91cefcbe906ac3c213d4fd7972949c26edae9d67ee9a806af

SHA512
062cef1855345a6abc571ef370052bc90bb795eb02f4ddbd2d3f87d147338bfd4b49d97b263d44fa1df1ff698fd2b0756d00b117fdafe17dc4cf651353926473

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd

Filesize
521KB

MD5
03a3e3b56031394ae3cb33640fb8397c

SHA1
542f1cfddb495698d8b28ec1222e94158d820135

SHA256
4a72db82557b9e169a123d670cf69c0d2cbe37d3901e1ecfd5e5fa0f21fda4c0

SHA512
e568139fc6889ef9662782a1c9ad3fd1da2871b9bb278f4a625df5565e30f7c3fcdb7c8e76abd5aff72cf3084e0d413e5ccca0d4dc2712fbc83dd37cb5cd11a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
6.8MB

MD5
0d45b81cd52edfd5fc46f17726b9c36a

SHA1
5465aaee0b73dec759e08714f6b97489a04d7344

SHA256
ddf470f9b527c0f3e5b2beeadcf10fea56410c883c8038ea278f91c187fcae25

SHA512
6ed614906ec4866462cb8f14d735271d9cdf5bf0fdcf3738917b3db27ff60ed84e30e63fdab566668190f8de2cc7ef9a79198cbf17e047a55c6a80c10a0f38ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\images.ico

Filesize
116KB

MD5
a8d56a2ae167060362b4d192b99046f8

SHA1
71c9a33a23af8a4cc20b7928973c3d5654d66eab

SHA256
8e190a070894237437bd744dd5ea9d2e880b74586d59e1922455a984ec7f8203

SHA512
844f98ec1b7d75297157a2f8dd0004eb9f16a457a9adcbc8c6a035bed3612464e57d7859a9df86b98d1d5f69ebef29bc54b3e745240b0045e7ba176e5c560e0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

Filesize
318KB

MD5
6ba309b082299fd3e3e4ce68323438aa

SHA1
679f9abdcb03db3ebd77c2c4fdfd138cca4e3a43

SHA256
cd19f435dc980ef59ce5719a11705a81fd2f236f3a10a73de2502e05e6156188

SHA512
5cd27b2be6b42d8b50195bde83b9bb1e45a9975dfba1f2b52c86bf126f5354f6650e80a78bb541b40f58d78f0243c8a5b52f49a9288eebf214497c393976deaf

Download Submit