Analysis

  • max time kernel
    124s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-06-2024 22:52

General

  • Target

    Window Renamer.exe

  • Size

    6.8MB

  • MD5

    ef8e75ffd4022cd4008ca53d72b586cb

  • SHA1

    784b48e5c5ca0ee35684d7568cb1b3d26f2c0299

  • SHA256

    2b0a5b3b41371469cba89974d25e3f71bd31923d085236b9ab23702ae8faa395

  • SHA512

    7af31156e8793361c6c6623ad27f975c4d2ad600691614395b0705f0cbe5db87892e1562801c7bcc77d72f36ec4ae32dc753eea22e5538149c8f18743a1ec335

  • SSDEEP

    196608:AzoY0JDfyGZ21X5Sp6GemDMPwYWh1Lm0pXYPUVZ9:3Y0JDfD0pfaMP6JlJ9

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Window Renamer.exe
    "C:\Users\Admin\AppData\Local\Temp\Window Renamer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1012
    • C:\Users\Admin\AppData\Local\Temp\Window Renamer.exe
      "C:\Users\Admin\AppData\Local\Temp\Window Renamer.exe"
      2⤵
      • Loads dropped DLL
      PID:4976
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4252,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=3896 /prefetch:8
    1⤵
      PID:2888
    • C:\Windows\system32\notepad.exe
      "C:\Windows\system32\notepad.exe"
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:2768

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI10122\VCRUNTIME140.dll

      Filesize

      106KB

      MD5

      4585a96cc4eef6aafd5e27ea09147dc6

      SHA1

      489cfff1b19abbec98fda26ac8958005e88dd0cb

      SHA256

      a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

      SHA512

      d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

    • C:\Users\Admin\AppData\Local\Temp\_MEI10122\VCRUNTIME140_1.dll

      Filesize

      48KB

      MD5

      7e668ab8a78bd0118b94978d154c85bc

      SHA1

      dbac42a02a8d50639805174afd21d45f3c56e3a0

      SHA256

      e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f

      SHA512

      72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

    • C:\Users\Admin\AppData\Local\Temp\_MEI10122\base_library.zip

      Filesize

      1.7MB

      MD5

      df673df8c5f4b100f5588b8cf1834b68

      SHA1

      dc82a6a581fc4ad98ef94046753a107f3079e2a8

      SHA256

      61f8ceeb90d4321ea6b9593627ee414acac0de654327e703c679aebc8c520c6f

      SHA512

      6836c4bc80a15b89401006d1b061a7ce7c1431b742dcc903bcf027713bf8886189f88e8937dd13bd2c5e21671063adb09939d1c1fcf2db755d8935abd846dc3e

    • C:\Users\Admin\AppData\Local\Temp\_MEI10122\python311.dll

      Filesize

      5.5MB

      MD5

      e2bd5ae53427f193b42d64b8e9bf1943

      SHA1

      7c317aad8e2b24c08d3b8b3fba16dd537411727f

      SHA256

      c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

      SHA512

      ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

    • C:\Users\Admin\AppData\Local\Temp\_MEI10122\pywin32_system32\pywintypes311.dll

      Filesize

      131KB

      MD5

      90b786dc6795d8ad0870e290349b5b52

      SHA1

      592c54e67cf5d2d884339e7a8d7a21e003e6482f

      SHA256

      89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

      SHA512

      c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

    • C:\Users\Admin\AppData\Local\Temp\_MEI10122\win32\win32gui.pyd

      Filesize

      212KB

      MD5

      3c81c0ceebb2b5c224a56c024021efad

      SHA1

      aee4ddcc136856ed2297d7dbdc781a266cf7eab9

      SHA256

      6085bc00a1f157c4d2cc0609e20e1e20d2572fe6498de3bec4c9c7bebcfbb629

      SHA512

      f2d6c06da4f56a8119a931b5895c446432152737b4a7ae95c2b91b1638e961da78833728d62e206e1d886e7c36d7bed3fa4403d0b57a017523dd831dd6b7117f