Overview
overview
9Static
static
3EXE.LOL/Form1.vbs
windows10-2004-x64
1EXE.LOL/Form1.vbs
windows11-21h2-x64
1EXE.LOL/Pr...er.vbs
windows10-2004-x64
1EXE.LOL/Pr...er.vbs
windows11-21h2-x64
1EXE.LOL/Pr...es.vbs
windows10-2004-x64
1EXE.LOL/Pr...es.vbs
windows11-21h2-x64
1EXE.LOL/bi...PI.dll
windows10-2004-x64
1EXE.LOL/bi...PI.dll
windows11-21h2-x64
1EXE.LOL/bi...t1.exe
windows10-2004-x64
1EXE.LOL/bi...t1.exe
windows11-21h2-x64
1EXE.LOL/bi...UI.dll
windows10-2004-x64
1EXE.LOL/bi...UI.dll
windows11-21h2-x64
1EXE.LOL/bi...er.exe
windows10-2004-x64
6EXE.LOL/bi...er.exe
windows11-21h2-x64
9EXE.LOL/ob...t1.exe
windows10-2004-x64
3EXE.LOL/ob...t1.exe
windows11-21h2-x64
3Analysis
-
max time kernel
30s -
max time network
31s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17-06-2024 09:20
Static task
static1
Behavioral task
behavioral1
Sample
EXE.LOL/Form1.vbs
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
EXE.LOL/Form1.vbs
Resource
win11-20240419-en
Behavioral task
behavioral3
Sample
EXE.LOL/Properties/Resources.Designer.vbs
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
EXE.LOL/Properties/Resources.Designer.vbs
Resource
win11-20240611-en
Behavioral task
behavioral5
Sample
EXE.LOL/Properties/Resources.vbs
Resource
win10v2004-20240611-en
Behavioral task
behavioral6
Sample
EXE.LOL/Properties/Resources.vbs
Resource
win11-20240611-en
Behavioral task
behavioral7
Sample
EXE.LOL/bin/Debug/AnonymeAPI.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral8
Sample
EXE.LOL/bin/Debug/AnonymeAPI.dll
Resource
win11-20240611-en
Behavioral task
behavioral9
Sample
EXE.LOL/bin/Debug/ExecutorTest1.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral10
Sample
EXE.LOL/bin/Debug/ExecutorTest1.exe
Resource
win11-20240611-en
Behavioral task
behavioral11
Sample
EXE.LOL/bin/Debug/Guna.UI.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral12
Sample
EXE.LOL/bin/Debug/Guna.UI.dll
Resource
win11-20240611-en
Behavioral task
behavioral13
Sample
EXE.LOL/bin/Debug/Solara/SolaraBootstrapper.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral14
Sample
EXE.LOL/bin/Debug/Solara/SolaraBootstrapper.exe
Resource
win11-20240611-en
Behavioral task
behavioral15
Sample
EXE.LOL/obj/Debug/ExecutorTest1.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
EXE.LOL/obj/Debug/ExecutorTest1.exe
Resource
win11-20240508-en
General
-
Target
EXE.LOL/Form1.vbs
-
Size
5KB
-
MD5
4eb5913a0e5aa842250f7419538fa230
-
SHA1
31fb76e5d9babe97a11fea041081f96ce426107a
-
SHA256
4363cd7d5b8671c72442ce1a1bfc10d64ebd24b2d718b54bd4fcd025e4967298
-
SHA512
846207f9db4c05d2070482c27af72c50b8f423ac1c7efb5266b059f6a41362704e9f5a590e428f4aefd791edd2e21c1b34473361911cbeea2cfcaf741b5bebff
-
SSDEEP
96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT2+0qSdvabvDBwbjBu3FqvuFZ:KjrbLPD9sLvIzSvKgIqUyahFZ
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
taskmgr.exepid process 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
Processes:
taskmgr.exedescription pid process Token: SeDebugPrivilege 1860 taskmgr.exe Token: SeSystemProfilePrivilege 1860 taskmgr.exe Token: SeCreateGlobalPrivilege 1860 taskmgr.exe Token: 33 1860 taskmgr.exe Token: SeIncBasePriorityPrivilege 1860 taskmgr.exe -
Suspicious use of FindShellTrayWindow 37 IoCs
Processes:
taskmgr.exepid process 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe -
Suspicious use of SendNotifyMessage 37 IoCs
Processes:
taskmgr.exepid process 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe 1860 taskmgr.exe
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\EXE.LOL\Form1.vbs"1⤵PID:2468
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1860