Analysis

  • max time kernel
    48s
  • max time network
    37s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 09:20

General

  • Target

    EXE.LOL/bin/Debug/ExecutorTest1.exe

  • Size

    10KB

  • MD5

    094040ad513cb85e337be83469c826f4

  • SHA1

    6666c34a46d743adeb94a32723dcdc5a75034a32

  • SHA256

    a73c6bb0ef714638b35826fbd0dfa7ac8ac076afd9b4ffcc7704a4c9986716dc

  • SHA512

    ae6e17e8660bb561a78c724e5d006e9158ce061874cc6d280196f41ebd348206e8bf0d17d8de8aadb908e6b62a79ee4ca24add6914fb063e11fe35c4d4ea8715

  • SSDEEP

    192:P9F5djm9YTqpJyTNWT9ACq97edbu/HgoI3CB45X8T5odoKsr/Ii1lVj8fs7a:P9Ddjm9YTqpJyTNWT9ACq9edbC+OACoM

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 24 IoCs
  • Suspicious use of SendNotifyMessage 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\EXE.LOL\bin\Debug\ExecutorTest1.exe
    "C:\Users\Admin\AppData\Local\Temp\EXE.LOL\bin\Debug\ExecutorTest1.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:3108
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /7
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\EXE.LOL\bin\Debug\Solara\workspace\inject.txt

    Filesize

    94B

    MD5

    b91615faa0cba1e0815b46de7b7b1f24

    SHA1

    877bf26be05dba8f8850e7c42a4836cadb493a22

    SHA256

    e0468f2f2928c18af9342e40d6737c00ce516009de9308c2fafb77b3fc561e92

    SHA512

    52b7d6af4654c6619484aeb7446acddda1cf68834df767335b9c1002246f5e1aaad93c99cff5ef18b8689ef68338c85619c0b4648da5001aa5ee42f0e5bba0a8

  • memory/3108-13-0x00000000749A0000-0x0000000075150000-memory.dmp

    Filesize

    7.7MB

  • memory/3108-0-0x00000000749AE000-0x00000000749AF000-memory.dmp

    Filesize

    4KB

  • memory/3108-12-0x00000000749AE000-0x00000000749AF000-memory.dmp

    Filesize

    4KB

  • memory/3108-4-0x0000000005200000-0x000000000520A000-memory.dmp

    Filesize

    40KB

  • memory/3108-5-0x00000000749A0000-0x0000000075150000-memory.dmp

    Filesize

    7.7MB

  • memory/3108-6-0x0000000005530000-0x000000000564A000-memory.dmp

    Filesize

    1.1MB

  • memory/3108-7-0x0000000005F10000-0x0000000005F76000-memory.dmp

    Filesize

    408KB

  • memory/3108-8-0x00000000073B0000-0x000000000744C000-memory.dmp

    Filesize

    624KB

  • memory/3108-9-0x00000000749A0000-0x0000000075150000-memory.dmp

    Filesize

    7.7MB

  • memory/3108-1-0x00000000007E0000-0x00000000007E8000-memory.dmp

    Filesize

    32KB

  • memory/3108-3-0x0000000005250000-0x00000000052E2000-memory.dmp

    Filesize

    584KB

  • memory/3108-2-0x0000000005760000-0x0000000005D04000-memory.dmp

    Filesize

    5.6MB

  • memory/3108-10-0x0000000006DB0000-0x0000000006DB8000-memory.dmp

    Filesize

    32KB

  • memory/3412-28-0x00000171D87C0000-0x00000171D87C1000-memory.dmp

    Filesize

    4KB

  • memory/3412-22-0x00000171D87C0000-0x00000171D87C1000-memory.dmp

    Filesize

    4KB

  • memory/3412-20-0x00000171D87C0000-0x00000171D87C1000-memory.dmp

    Filesize

    4KB

  • memory/3412-27-0x00000171D87C0000-0x00000171D87C1000-memory.dmp

    Filesize

    4KB

  • memory/3412-32-0x00000171D87C0000-0x00000171D87C1000-memory.dmp

    Filesize

    4KB

  • memory/3412-31-0x00000171D87C0000-0x00000171D87C1000-memory.dmp

    Filesize

    4KB

  • memory/3412-26-0x00000171D87C0000-0x00000171D87C1000-memory.dmp

    Filesize

    4KB

  • memory/3412-30-0x00000171D87C0000-0x00000171D87C1000-memory.dmp

    Filesize

    4KB

  • memory/3412-29-0x00000171D87C0000-0x00000171D87C1000-memory.dmp

    Filesize

    4KB

  • memory/3412-21-0x00000171D87C0000-0x00000171D87C1000-memory.dmp

    Filesize

    4KB