Overview
overview
9Static
static
3EXE.LOL/Form1.vbs
windows10-2004-x64
1EXE.LOL/Form1.vbs
windows11-21h2-x64
1EXE.LOL/Pr...er.vbs
windows10-2004-x64
1EXE.LOL/Pr...er.vbs
windows11-21h2-x64
1EXE.LOL/Pr...es.vbs
windows10-2004-x64
1EXE.LOL/Pr...es.vbs
windows11-21h2-x64
1EXE.LOL/bi...PI.dll
windows10-2004-x64
1EXE.LOL/bi...PI.dll
windows11-21h2-x64
1EXE.LOL/bi...t1.exe
windows10-2004-x64
1EXE.LOL/bi...t1.exe
windows11-21h2-x64
1EXE.LOL/bi...UI.dll
windows10-2004-x64
1EXE.LOL/bi...UI.dll
windows11-21h2-x64
1EXE.LOL/bi...er.exe
windows10-2004-x64
6EXE.LOL/bi...er.exe
windows11-21h2-x64
9EXE.LOL/ob...t1.exe
windows10-2004-x64
3EXE.LOL/ob...t1.exe
windows11-21h2-x64
3Analysis
-
max time kernel
48s -
max time network
37s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
17-06-2024 09:20
Static task
static1
Behavioral task
behavioral1
Sample
EXE.LOL/Form1.vbs
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
EXE.LOL/Form1.vbs
Resource
win11-20240419-en
Behavioral task
behavioral3
Sample
EXE.LOL/Properties/Resources.Designer.vbs
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
EXE.LOL/Properties/Resources.Designer.vbs
Resource
win11-20240611-en
Behavioral task
behavioral5
Sample
EXE.LOL/Properties/Resources.vbs
Resource
win10v2004-20240611-en
Behavioral task
behavioral6
Sample
EXE.LOL/Properties/Resources.vbs
Resource
win11-20240611-en
Behavioral task
behavioral7
Sample
EXE.LOL/bin/Debug/AnonymeAPI.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral8
Sample
EXE.LOL/bin/Debug/AnonymeAPI.dll
Resource
win11-20240611-en
Behavioral task
behavioral9
Sample
EXE.LOL/bin/Debug/ExecutorTest1.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral10
Sample
EXE.LOL/bin/Debug/ExecutorTest1.exe
Resource
win11-20240611-en
Behavioral task
behavioral11
Sample
EXE.LOL/bin/Debug/Guna.UI.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral12
Sample
EXE.LOL/bin/Debug/Guna.UI.dll
Resource
win11-20240611-en
Behavioral task
behavioral13
Sample
EXE.LOL/bin/Debug/Solara/SolaraBootstrapper.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral14
Sample
EXE.LOL/bin/Debug/Solara/SolaraBootstrapper.exe
Resource
win11-20240611-en
Behavioral task
behavioral15
Sample
EXE.LOL/obj/Debug/ExecutorTest1.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
EXE.LOL/obj/Debug/ExecutorTest1.exe
Resource
win11-20240508-en
General
-
Target
EXE.LOL/bin/Debug/ExecutorTest1.exe
-
Size
10KB
-
MD5
094040ad513cb85e337be83469c826f4
-
SHA1
6666c34a46d743adeb94a32723dcdc5a75034a32
-
SHA256
a73c6bb0ef714638b35826fbd0dfa7ac8ac076afd9b4ffcc7704a4c9986716dc
-
SHA512
ae6e17e8660bb561a78c724e5d006e9158ce061874cc6d280196f41ebd348206e8bf0d17d8de8aadb908e6b62a79ee4ca24add6914fb063e11fe35c4d4ea8715
-
SSDEEP
192:P9F5djm9YTqpJyTNWT9ACq97edbu/HgoI3CB45X8T5odoKsr/Ii1lVj8fs7a:P9Ddjm9YTqpJyTNWT9ACq9edbC+OACoM
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
taskmgr.exepid process 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
taskmgr.exedescription pid process Token: SeDebugPrivilege 3412 taskmgr.exe Token: SeSystemProfilePrivilege 3412 taskmgr.exe Token: SeCreateGlobalPrivilege 3412 taskmgr.exe -
Suspicious use of FindShellTrayWindow 24 IoCs
Processes:
ExecutorTest1.exetaskmgr.exepid process 3108 ExecutorTest1.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe -
Suspicious use of SendNotifyMessage 23 IoCs
Processes:
taskmgr.exepid process 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe 3412 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\EXE.LOL\bin\Debug\ExecutorTest1.exe"C:\Users\Admin\AppData\Local\Temp\EXE.LOL\bin\Debug\ExecutorTest1.exe"1⤵
- Suspicious use of FindShellTrayWindow
PID:3108
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3412
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
94B
MD5b91615faa0cba1e0815b46de7b7b1f24
SHA1877bf26be05dba8f8850e7c42a4836cadb493a22
SHA256e0468f2f2928c18af9342e40d6737c00ce516009de9308c2fafb77b3fc561e92
SHA51252b7d6af4654c6619484aeb7446acddda1cf68834df767335b9c1002246f5e1aaad93c99cff5ef18b8689ef68338c85619c0b4648da5001aa5ee42f0e5bba0a8