Analysis
-
max time kernel
124s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
18-06-2024 22:52
Behavioral task
behavioral1
Sample
Window Renamer.exe
Resource
win10v2004-20240611-en
General
-
Target
Window Renamer.exe
-
Size
6.8MB
-
MD5
ef8e75ffd4022cd4008ca53d72b586cb
-
SHA1
784b48e5c5ca0ee35684d7568cb1b3d26f2c0299
-
SHA256
2b0a5b3b41371469cba89974d25e3f71bd31923d085236b9ab23702ae8faa395
-
SHA512
7af31156e8793361c6c6623ad27f975c4d2ad600691614395b0705f0cbe5db87892e1562801c7bcc77d72f36ec4ae32dc753eea22e5538149c8f18743a1ec335
-
SSDEEP
196608:AzoY0JDfyGZ21X5Sp6GemDMPwYWh1Lm0pXYPUVZ9:3Y0JDfD0pfaMP6JlJ9
Malware Config
Signatures
-
Loads dropped DLL 6 IoCs
Processes:
Window Renamer.exepid process 4976 Window Renamer.exe 4976 Window Renamer.exe 4976 Window Renamer.exe 4976 Window Renamer.exe 4976 Window Renamer.exe 4976 Window Renamer.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
notepad.exepid process 2768 notepad.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
Window Renamer.exedescription pid process target process PID 1012 wrote to memory of 4976 1012 Window Renamer.exe Window Renamer.exe PID 1012 wrote to memory of 4976 1012 Window Renamer.exe Window Renamer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Window Renamer.exe"C:\Users\Admin\AppData\Local\Temp\Window Renamer.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1012 -
C:\Users\Admin\AppData\Local\Temp\Window Renamer.exe"C:\Users\Admin\AppData\Local\Temp\Window Renamer.exe"2⤵
- Loads dropped DLL
PID:4976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4252,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=3896 /prefetch:81⤵PID:2888
-
C:\Windows\system32\notepad.exe"C:\Windows\system32\notepad.exe"1⤵
- Suspicious use of FindShellTrayWindow
PID:2768
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
106KB
MD54585a96cc4eef6aafd5e27ea09147dc6
SHA1489cfff1b19abbec98fda26ac8958005e88dd0cb
SHA256a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736
SHA512d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286
-
Filesize
48KB
MD57e668ab8a78bd0118b94978d154c85bc
SHA1dbac42a02a8d50639805174afd21d45f3c56e3a0
SHA256e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f
SHA51272bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032
-
Filesize
1.7MB
MD5df673df8c5f4b100f5588b8cf1834b68
SHA1dc82a6a581fc4ad98ef94046753a107f3079e2a8
SHA25661f8ceeb90d4321ea6b9593627ee414acac0de654327e703c679aebc8c520c6f
SHA5126836c4bc80a15b89401006d1b061a7ce7c1431b742dcc903bcf027713bf8886189f88e8937dd13bd2c5e21671063adb09939d1c1fcf2db755d8935abd846dc3e
-
Filesize
5.5MB
MD5e2bd5ae53427f193b42d64b8e9bf1943
SHA17c317aad8e2b24c08d3b8b3fba16dd537411727f
SHA256c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400
SHA512ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036
-
Filesize
131KB
MD590b786dc6795d8ad0870e290349b5b52
SHA1592c54e67cf5d2d884339e7a8d7a21e003e6482f
SHA25689f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a
SHA512c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72
-
Filesize
212KB
MD53c81c0ceebb2b5c224a56c024021efad
SHA1aee4ddcc136856ed2297d7dbdc781a266cf7eab9
SHA2566085bc00a1f157c4d2cc0609e20e1e20d2572fe6498de3bec4c9c7bebcfbb629
SHA512f2d6c06da4f56a8119a931b5895c446432152737b4a7ae95c2b91b1638e961da78833728d62e206e1d886e7c36d7bed3fa4403d0b57a017523dd831dd6b7117f