548e2da838240cabcd139cd7afb4c3db56593107152655d055d3a9f4d8780697

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2024 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

游戏窗口无损缩小放大工具 v2.2.6/LosslessScaling.exe
Size

944KB
MD5

473c4e73973a8864b88727d3192ac186
SHA1

318377286e430a0fd23de1fc6a7c4ce8ac8d30cd
SHA256

62ab2440ae2c5cc2a55cd7665c809dbf3c6f036db34f2b36c71c6937c8bf93f9
SHA512

0ea881ce3f015728b06ad91dd8764f3cddbd3efc366a0f6255d73fb160736fc51d4aa263bf0b11e27256e4cc191f95c5a4b89ddd819905d175718d3ff70387b8
SSDEEP

12288:mPHEDS4MCLSyf6mOuGyW38yHJc+CKtOaO5Z7WhaGwnzE4ZbuRCwmhI2J+0sDzh1p:m2tMCLPf1Oi32OvzTo4ZiRlT/31

Score

1^/10

Malware Config

Signatures

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\Colors	LosslessScaling.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1828	LosslessScaling.exe
1828	LosslessScaling.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1828	LosslessScaling.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1828	LosslessScaling.exe

C:\Users\Admin\AppData\Local\Temp\游戏窗口无损缩小放大工具 v2.2.6\LosslessScaling.exe
"C:\Users\Admin\AppData\Local\Temp\游戏窗口无损缩小放大工具 v2.2.6\LosslessScaling.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Lossless Scaling\Settings.xml

Filesize
2KB

MD5
50bb1f9fe80513b57f8ebcb7348ef42d

SHA1
511dd7926dd603c0a99db80cacc019777b48266d

SHA256
332e9efa5c32adc92538edd777b2def6f241c24833c4c7490e13928cc40dca5e

SHA512
6e654d344ed2020f131f3d86258e2d347b6cc1fa801fd96d0dcabec86ada244fec49658eb462e547bbb6ced0a028e48cac3a362d807321dc335039efd44d917f

Download Submit
memory/1828-8-0x000002BDF9CF0000-0x000002BDF9DAA000-memory.dmp

Filesize
744KB

Download
memory/1828-5-0x000002BDF7F70000-0x000002BDF7F7A000-memory.dmp

Filesize
40KB

Download
memory/1828-9-0x00007FFE24C40000-0x00007FFE25701000-memory.dmp

Filesize
10.8MB

Download
memory/1828-4-0x000002BDF7820000-0x000002BDF7828000-memory.dmp

Filesize
32KB

Download
memory/1828-10-0x000002BDF9C70000-0x000002BDF9CA8000-memory.dmp

Filesize
224KB

Download
memory/1828-6-0x00007FFE24C40000-0x00007FFE25701000-memory.dmp

Filesize
10.8MB

Download
memory/1828-7-0x000002BDF9B80000-0x000002BDF9C32000-memory.dmp

Filesize
712KB

Download
memory/1828-11-0x00007FFE24C40000-0x00007FFE25701000-memory.dmp

Filesize
10.8MB

Download
memory/1828-3-0x000002BDF98F0000-0x000002BDF9916000-memory.dmp

Filesize
152KB

Download
memory/1828-2-0x000002BDF8090000-0x000002BDF8176000-memory.dmp

Filesize
920KB

Download
memory/1828-0-0x00007FFE24C43000-0x00007FFE24C45000-memory.dmp

Filesize
8KB

Download
memory/1828-12-0x000002BDFD500000-0x000002BDFD508000-memory.dmp

Filesize
32KB

Download
memory/1828-13-0x00007FFE24C40000-0x00007FFE25701000-memory.dmp

Filesize
10.8MB

Download
memory/1828-15-0x000002BDFCE20000-0x000002BDFCE2E000-memory.dmp

Filesize
56KB

Download
memory/1828-1-0x000002BDF5A30000-0x000002BDF5B22000-memory.dmp

Filesize
968KB

Download
memory/1828-25-0x00007FFE24C43000-0x00007FFE24C45000-memory.dmp

Filesize
8KB

Download
memory/1828-26-0x00007FFE24C40000-0x00007FFE25701000-memory.dmp

Filesize
10.8MB

Download