6ca47c3e4b2b2b1952bba1d201a6777deca4089d9b261c03447190ed5ecf3b7a

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lossless Scaling/LosslessScaling.exe
Size

960KB
MD5

e27c616ad41a73f23170e264581bf1ea
SHA1

175b43bf60a71fa0512283c3c4ad48821f658d04
SHA256

4974f4dc44d177e4cdbce794be53876b4b05f7ce9a1d8f08ba911e2ee6c5f631
SHA512

dbe0fb2f9350659250153f66380ceb72c79d677cd9667728cec47a50509b57cefbcbf8f3d2aa61d6056fe30e1542b44b51bebfad6a3db8ef46fd748093d07d4e
SSDEEP

12288:T0u/oEDS4MCLSyf6mOuGyW38yHJc+CKtOaO5Z7WhaGwnzE4ZbuRCwmhI2J+0sDKr:T1/xtMCLPf1Oi32OvzTo4ZiRlT/bM

Score

1^/10

Malware Config

Signatures

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Colors	LosslessScaling.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
244	LosslessScaling.exe
244	LosslessScaling.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	244	LosslessScaling.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
244	LosslessScaling.exe

C:\Users\Admin\AppData\Local\Temp\Lossless Scaling\LosslessScaling.exe
"C:\Users\Admin\AppData\Local\Temp\Lossless Scaling\LosslessScaling.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3760,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
1⤵
PID:4308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Lossless Scaling\Settings.xml

Filesize
2KB

MD5
8fe9785f802b07b37863f39629ef385b

SHA1
25b5b8b722752e7e60d7e17b3eea068e7f1d19c3

SHA256
d10d9560b8909403017befb52cf0957102a4e43187c7f7bea4dc567da5eea04a

SHA512
fcf255d505f6ce4b88d04c938b1cdff813570b99486dc6b2e42e714bbc5d0f77a601fe861ea9f227a31081a716e98588116435b8c39d175630d58eab2bd7fe04

Download Submit
memory/244-8-0x00007FFCAD0E0000-0x00007FFCADBA1000-memory.dmp

Filesize
10.8MB

Download
memory/244-5-0x000001D30D000000-0x000001D30D00A000-memory.dmp

Filesize
40KB

Download
memory/244-10-0x000001D32A840000-0x000001D32A8FA000-memory.dmp

Filesize
744KB

Download
memory/244-4-0x000001D30CFF0000-0x000001D30CFF8000-memory.dmp

Filesize
32KB

Download
memory/244-11-0x00007FFCAD0E0000-0x00007FFCADBA1000-memory.dmp

Filesize
10.8MB

Download
memory/244-6-0x00007FFCAD0E0000-0x00007FFCADBA1000-memory.dmp

Filesize
10.8MB

Download
memory/244-7-0x000001D328380000-0x000001D328432000-memory.dmp

Filesize
712KB

Download
memory/244-12-0x000001D32A7C0000-0x000001D32A7F8000-memory.dmp

Filesize
224KB

Download
memory/244-3-0x000001D3280F0000-0x000001D328116000-memory.dmp

Filesize
152KB

Download
memory/244-2-0x000001D328010000-0x000001D3280F6000-memory.dmp

Filesize
920KB

Download
memory/244-0-0x00007FFCAD0E3000-0x00007FFCAD0E5000-memory.dmp

Filesize
8KB

Download
memory/244-13-0x000001D32AFF0000-0x000001D32AFF8000-memory.dmp

Filesize
32KB

Download
memory/244-14-0x00007FFCAD0E0000-0x00007FFCADBA1000-memory.dmp

Filesize
10.8MB

Download
memory/244-16-0x000001D32AF10000-0x000001D32AF1E000-memory.dmp

Filesize
56KB

Download
memory/244-1-0x000001D30CAC0000-0x000001D30CBB6000-memory.dmp

Filesize
984KB

Download
memory/244-28-0x00007FFCAD0E3000-0x00007FFCAD0E5000-memory.dmp

Filesize
8KB

Download
memory/244-29-0x00007FFCAD0E0000-0x00007FFCADBA1000-memory.dmp

Filesize
10.8MB

Download