Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 18:07

General

  • Target

    noclick.exe

  • Size

    137KB

  • MD5

    66a6b7cbea8224b95d218f2a350a672d

  • SHA1

    ac827fc12a64b6728c2a68bee125439904dc9d5e

  • SHA256

    4c33cafb4c0fb2d93417bfadd870f7b12d2bcf0a1cc2454aeba8a26e69af7649

  • SHA512

    61deeb7b08c7e9a1d0405043106ec8ce19119719147f8d55bc990f10cddd0aa3d87ef9744fefc19ab16b5e0234f5f708f21f3a6e8fa550f6f71dbc27003e18ac

  • SSDEEP

    1536:68mAkOs/WhP1f4/VgzgWHNPJ0BvWhvqM5zmQd3vyL3+rMPAruINeTbLLRAst3lYq:67lD+x1f4/YgBWs5iu7bLxX

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies data under HKEY_USERS 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\noclick.exe
    "C:\Users\Admin\AppData\Local\Temp\noclick.exe"
    1⤵
      PID:4124
    • C:\Windows\system32\dwm.exe
      "dwm.exe"
      1⤵
      • Checks SCSI registry key(s)
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:5932

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4124-0-0x00007FF74EDC0000-0x00007FF74EDE4000-memory.dmp

      Filesize

      144KB

    • memory/4124-1-0x00007FF74EDC0000-0x00007FF74EDE4000-memory.dmp

      Filesize

      144KB