79d09a008ac61e606845d0e17b4fd423bb584807a5c6ae8eb6584215c6856e7b

Analysis

max time kernel
92s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
17-06-2024 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$SYSDIR/Live Screensaver.scr
Size

2.9MB
MD5

8c78a65d57a66d312e63ac2785fe1c91
SHA1

c7325ee8ab0ff76e6270ad9e6d41addc448e736d
SHA256

b5c06208e3101120d70b7e1f84d8bcc169432a94482126a5a9c0ff3565d86aa0
SHA512

a58542ed77b863992e8d3ed65675b31bb1e7fae9b94d8e7282d3e1e5017d4637ba302ddf6a39b286aa1508e4733fb5a37829f072e39313798afa06881794481e
SSDEEP

49152:3r9kvdQ2RdiMQdEC2El7AP/Dy5q+66UOE7qmOdGhWTjlPkZlxWeqOMMkA8xeLHAO:3r21Q4cMQdEIl70/DMq+66UOEemOdGhr

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	Live Screensaver.scr
Set value (int)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\LIVESC~1.SCR = "1"	Live Screensaver.scr
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALIGNED_TIMERS	Live Screensaver.scr
Set value (int)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALIGNED_TIMERS\Live Screensaver.scr = "1"	Live Screensaver.scr
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Live Screensaver.scr
Set value (int)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Live Screensaver.scr = "11000"	Live Screensaver.scr
Set value (int)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\LIVESC~1.SCR = "11000"	Live Screensaver.scr
Set value (int)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\Live Screensaver.scr = "1"	Live Screensaver.scr
Set value (int)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALIGNED_TIMERS\LIVESC~1.SCR = "1"	Live Screensaver.scr

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1524	Live Screensaver.scr

C:\Users\Admin\AppData\Local\Temp\$SYSDIR\Live Screensaver.scr
"C:\Users\Admin\AppData\Local\Temp\$SYSDIR\Live Screensaver.scr" /S
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads