Overview

overview

7

Static

static

3

42d41456f2...1f.exe

windows7-x64

7

42d41456f2...1f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2024, 20:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42d41456f2eccff630138c1ac9d50d1f.exe

  • Size

    1.5MB

  • MD5

    42d41456f2eccff630138c1ac9d50d1f

  • SHA1

    009ff7b30e15f3180d16df59de3bd43c5b78f6c2

  • SHA256

    1184e49148bacb2652d94849149ba98650ce30fb381d65a3b0b1c1a194115651

  • SHA512

    27e453a9aee1bc3869544c3bca3385f5970713252a427eb38962bac03e2f1e150944979af4e816ac19186db74bf7e70dcec8dadcc6b096c1be83882592059934

  • SSDEEP

    24576:/6nVMk+HIj90cldHK+xAEsSwI6WnzkVCscpaoORD3KGzDKlz2Ev3rKXC+RYKe1gp:yVz7tXJsKLWl1DzDK8e+S+q58o1Hw7

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\42d41456f2eccff630138c1ac9d50d1f.exe
    "C:\Users\Admin\AppData\Local\Temp\42d41456f2eccff630138c1ac9d50d1f.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\ProgramData\Lightshot\Lightshot.exe
      "C:\ProgramData\Lightshot\Lightshot.exe" --install
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:4572
      • C:\ProgramData\Lightshot\Lightshot.exe
        "C:\ProgramData\Lightshot\Lightshot.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Lightshot\DXGIODScreenshot.dll
    Filesize

    93KB

    MD5

    25c632cd2f529ba142fa706205ac00c9

    SHA1

    495b777348d26e5fa75dfbf6b50498428fe7748b

    SHA256

    6acdcd817cc5df637aa4cd101c25c9e0a69c778347a7a40ce7511eeea26fd6f0

    SHA512

    606e9856eb8153f9dab7f4c23ff967b2d9ce9fcf1902823a424ca4b4ee0a4f1a95bfdd316356dd65831c494f7e74ec4562bf684ab6a20c3376abef8ff10f6c7a

    Download Submit

  • C:\ProgramData\Lightshot\Lightbase.dll
    Filesize

    490KB

    MD5

    f256a9c7e68a249fe760019d19c022ce

    SHA1

    5a6279ef4f82270b756053cd34bba96d7fe0ce05

    SHA256

    04a27f0d1e89341722461119e00a10e00ec2a52f5e305961161ec4378e610e93

    SHA512

    a97f1cd4554d59ee0d69df6ebfc234e025c5e6e64c057f28c62f3743c8ccf8b502ce3eafc437a34a492b6b590fe62591293e551d0e7db5b6036890a64e6d8de9

    Download Submit

  • C:\ProgramData\Lightshot\Lightshot.dll
    Filesize

    287KB

    MD5

    34599b979f2b176a2f0da646bc3a9a6e

    SHA1

    5980a51246c95cbc16c3ba88d997b0104dc82068

    SHA256

    ba4aae9062457ee85a38636a28a98a956f27878b6d20aa0110597f2e2d74bb60

    SHA512

    8249ca7a145eae9560eb6ff0d489b85eedfacc89436a2ec881566ff0975b22d69ef15e42dc575abde98676aca073f55d17e373ae032a6cf7b586add41ebc9f9e

    Download Submit

  • C:\ProgramData\Lightshot\Lightshot.exe
    Filesize

    487KB

    MD5

    1e1c83b9680029ad4a9f8d3b3ac93197

    SHA1

    fa7b69793454131a5b21b32867533305651e2dd4

    SHA256

    0b899508777d7ed5159e2a99a5eff60c54d0724493df3d630525b837fa43aa51

    SHA512

    fe6f8df3dbbcc7535ead60028ec3e45801a33ccc81c9137b2288bc0d18be42379564c907eb406ce9491f46930690efa9a86a9f6506414992b5dba75adb3d1136

    Download Submit

  • C:\ProgramData\Lightshot\locales\EN.txt
    Filesize

    10KB

    MD5

    4d195562c84403dd347bd2c45403efc5

    SHA1

    4203bd1c9f0c0a2133ba7dc5ff1f9c86c942d131

    SHA256

    4a57246bd4ce9d387ec10f0ab2084c3d91e8463d03c1412f3665aee3885a85a5

    SHA512

    3de1ba358834c7d238e35f533a192c6e6e41fdf276a29b6714cf02636cad123eff571614a1185025757bec3e9f9f351d612598496600684e4ac676e576e8c601

    Download Submit

  • C:\ProgramData\Lightshot\uploader.dll
    Filesize

    215KB

    MD5

    08cf9e363d79c9379cabd75382131315

    SHA1

    22ce1f3506fc46976f2d5dcc5a5735ce8ede63bf

    SHA256

    037ee2f3243918fffa71b9e3fe0541245f75f89abcac0ccf2ea6a57020ddaad7

    SHA512

    cab0c8a5b8596054315c69f1ff858da1fad89ea1e3c28d4c90411c293b6b40438e2be67e029a51279637f2704e30903d0d4751e31fa1d1b2af0393af90c8907b

    Download Submit