Resubmissions
02/06/2024, 02:37
240602-c4kdfsge88 402/06/2024, 02:36
240602-c3plsage64 302/06/2024, 02:35
240602-c3d52sge55 1Analysis
-
max time kernel
63s -
max time network
64s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 02:36
Static task
static1
Behavioral task
behavioral1
Sample
unnamed.jpg
Resource
win10v2004-20240508-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
unnamed.jpg
-
Size
25KB
-
MD5
fc9a55f8132a6f2f7ed8c1503a00b392
-
SHA1
5c55602dbb0c080c05847a1c523253f12edb4b63
-
SHA256
45683ff4823552cd4bc962fe26d16f7cb9aea1b607f8962042151e5a6d55465c
-
SHA512
eb113b8e39d28ddb949e1ee18562c7127f24091376e51d3a07fb4e7e76b3d9147f250ab561310de7094114fa8eac3604d201c42df913f079a8fc2febd6783995
-
SSDEEP
384:U3/TcJR+qoXgGWObD2W78o9MxftTFbJdho08iSbmA+A7tgO0cVvbTu:M4C11g5Jd5h8eiBTu
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "137" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 456 Process not Found 5008 Process not Found 1768 Process not Found 620 Process not Found 1148 Process not Found 1344 Process not Found 4328 Process not Found 2036 Process not Found 1568 Process not Found 4488 Process not Found 3008 Process not Found 1856 Process not Found 4048 Process not Found 4476 Process not Found 648 Process not Found 4068 Process not Found 3868 Process not Found 4684 Process not Found 1968 Process not Found 4308 Process not Found 1212 Process not Found 2964 Process not Found 3780 Process not Found 3208 Process not Found 4544 Process not Found 1432 Process not Found 2232 Process not Found 452 Process not Found 756 Process not Found 1996 Process not Found 3972 Process not Found 2028 Process not Found 2316 Process not Found 4344 Process not Found 4316 Process not Found 2200 Process not Found 5000 Process not Found 5004 Process not Found 768 Process not Found 3452 Process not Found 2508 Process not Found 1408 Process not Found 4888 Process not Found 2392 Process not Found 1920 Process not Found 5076 Process not Found 4228 Process not Found 860 Process not Found 2720 Process not Found 1844 Process not Found 4012 Process not Found 1360 Process not Found 1040 Process not Found 1044 Process not Found 4116 Process not Found 1652 Process not Found 5020 Process not Found 2472 Process not Found 5044 Process not Found 1108 Process not Found 3904 Process not Found 632 Process not Found 3920 Process not Found 1388 Process not Found -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2804 LogonUI.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\unnamed.jpg1⤵PID:3112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4488,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=3900 /prefetch:81⤵PID:5000
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3970055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2804