Analysis
-
max time kernel
20s -
max time network
13s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
05/06/2024, 13:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
omniaim_[unknowncheats.me]_.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
5 signatures
300 seconds
General
-
Target
omniaim_[unknowncheats.me]_.exe
-
Size
1.5MB
-
MD5
aa4168494f8eebf337e14df7c53dd5d7
-
SHA1
2fbd73ace0af2a2b057a129565a67f67cdefcbde
-
SHA256
73355cfaf5405590cc8d4ac7b6654b6ba898679f4e0de924a198db75f1be4ca1
-
SHA512
9fd84a837418dbb8daa54b35306caa06bba8732c86aaf2f2811de02db157db77ae50ca342387916c151b6dbda8d0a12e125d0bd026e92c33b5e4819855dd0f65
-
SSDEEP
24576:jFyZXTKIE3PVXDdliGM3EHSX9HY/Ioxp0NYQ9dv1kdObFIYsFQTnjdEZu4tWVK:WKIw1m5Y/IoxpmYcvkOJdnjM
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 1324 omniaim_[unknowncheats.me]_.exe 1324 omniaim_[unknowncheats.me]_.exe 1324 omniaim_[unknowncheats.me]_.exe 1324 omniaim_[unknowncheats.me]_.exe 1324 omniaim_[unknowncheats.me]_.exe 1324 omniaim_[unknowncheats.me]_.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 208 taskmgr.exe Token: SeSystemProfilePrivilege 208 taskmgr.exe Token: SeCreateGlobalPrivilege 208 taskmgr.exe Token: 33 208 taskmgr.exe Token: SeIncBasePriorityPrivilege 208 taskmgr.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe -
Suspicious use of SendNotifyMessage 34 IoCs
pid Process 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe 208 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\omniaim_[unknowncheats.me]_.exe"C:\Users\Admin\AppData\Local\Temp\omniaim_[unknowncheats.me]_.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1324
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:208