Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
17-06-2024 09:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ClickslutV2wU.exe
Resource
win10v2004-20240611-en
14 signatures
150 seconds
Behavioral task
behavioral2
Sample
ClickslutV2wU.exe
Resource
win11-20240611-en
7 signatures
150 seconds
General
-
Target
ClickslutV2wU.exe
-
Size
962KB
-
MD5
427f703786c6885d6eef5cd1311de4ce
-
SHA1
44900361fe9e751df32b6c95fc62b99e44601157
-
SHA256
1b0796e08e15c24e162752368f3a5b4181f255bfd11500d81b258b94d0552ec6
-
SHA512
aa6ca1ef2d4e06b5c268de45c4e9a49bed25a53a885d614518ac4c348af8b4ab9618b237c021e9f3784a11337ce55065924b54bdcf96c48f3d191434f03010fb
-
SSDEEP
24576:QU+9XNrenyktDLdYNtcdvQNC9wHAP5c1gf6+mR0y:G5OVeyff6d
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1448 ClickslutV2wU.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 2364 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2364 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1448 ClickslutV2wU.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 1448 ClickslutV2wU.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1448 ClickslutV2wU.exe 1448 ClickslutV2wU.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1448 wrote to memory of 1940 1448 ClickslutV2wU.exe 82 PID 1448 wrote to memory of 1940 1448 ClickslutV2wU.exe 82 PID 1448 wrote to memory of 1940 1448 ClickslutV2wU.exe 82 PID 1448 wrote to memory of 4848 1448 ClickslutV2wU.exe 83 PID 1448 wrote to memory of 4848 1448 ClickslutV2wU.exe 83 PID 1448 wrote to memory of 4848 1448 ClickslutV2wU.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\ClickslutV2wU.exe"C:\Users\Admin\AppData\Local\Temp\ClickslutV2wU.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1448 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe"2⤵PID:1940
-
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe"2⤵PID:4848
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004DC1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2364