Overview
overview
5Static
static
3Blindness/...ok.dll
windows10-1703-x64
1Blindness/...64.dll
windows10-1703-x64
1Blindness/...ok.dll
windows10-1703-x64
1Blindness/...64.dll
windows10-1703-x64
1Blindness/...ix.exe
windows10-1703-x64
1Blindness/...ave.js
windows10-1703-x64
3Blindness/...are.js
windows10-1703-x64
3Blindness/...ons.js
windows10-1703-x64
3Blindness/...TI.dll
windows10-1703-x64
1Blindness/...TI.dll
windows10-1703-x64
1Blindness/...ss.exe
windows10-1703-x64
5Blindness/...ok.dll
windows10-1703-x64
1Blindness/...64.dll
windows10-1703-x64
1Blindness/...fs.dll
windows10-1703-x64
1Blindness/d3dhook.dll
windows10-1703-x64
3Blindness/...64.dll
windows10-1703-x64
1Blindness/...32.dll
windows10-1703-x64
3Blindness/...64.dll
windows10-1703-x64
1Blindness/lua/lua.js
windows10-1703-x64
3Blindness/...ua.exe
windows10-1703-x64
1Blindness/...32.exe
windows10-1703-x64
1Blindness/...64.exe
windows10-1703-x64
1Blindness/...es.bat
windows10-1703-x64
1Blindness/process.exe
windows10-1703-x64
1Blindness/run.exe
windows10-1703-x64
1Blindness/...e1.exe
windows10-1703-x64
1Blindness/tiny.exe
windows10-1703-x64
1Blindness/...lp.dll
windows10-1703-x64
1Blindness/...lp.dll
windows10-1703-x64
1Blindness/...rv.dll
windows10-1703-x64
1Blindness/...e3.dll
windows10-1703-x64
1Blindness/...rv.dll
windows10-1703-x64
1Analysis
-
max time kernel
149s -
max time network
142s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
20/06/2024, 08:14
Static task
static1
Behavioral task
behavioral1
Sample
Blindness/CED3D10Hook.dll
Resource
win10-20240611-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
Blindness/CED3D10Hook64.dll
Resource
win10-20240611-en
windows10-1703-x64
Behavioral task
behavioral3
Sample
Blindness/CED3D11Hook.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral4
Sample
Blindness/CED3D11Hook64.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral5
Sample
Blindness/InjectFix.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral6
Sample
Blindness/autorun/autosave.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral7
Sample
Blindness/autorun/ceshare.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral8
Sample
Blindness/autorun/ceshare/ceshare_permissions.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral9
Sample
Blindness/autorun/dlls/32/CEJVMTI.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral10
Sample
Blindness/autorun/dlls/64/CEJVMTI.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral11
Sample
Blindness/blindness.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral12
Sample
Blindness/ced3d9hook.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral13
Sample
Blindness/ced3d9hook64.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral14
Sample
Blindness/clibs64/lfs.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral15
Sample
Blindness/d3dhook.dll
Resource
win10-20240611-en
windows10-1703-x64
Behavioral task
behavioral16
Sample
Blindness/d3dhook64.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral17
Sample
Blindness/libipt-32.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral18
Sample
Blindness/libipt-64.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral19
Sample
Blindness/lua/lua.js
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral20
Sample
Blindness/lua_extra/lua.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral21
Sample
Blindness/lua_extra/luac32.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral22
Sample
Blindness/lua_extra/luac64.exe
Resource
win10-20240611-en
windows10-1703-x64
Behavioral task
behavioral23
Sample
Blindness/packfiles.bat
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral24
Sample
Blindness/process.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral25
Sample
Blindness/run.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral26
Sample
Blindness/standalonephase1.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral27
Sample
Blindness/tiny.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral28
Sample
Blindness/win64/dbghelp.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral29
Sample
Blindness/win64/old/dbghelp.dll
Resource
win10-20240611-en
windows10-1703-x64
Behavioral task
behavioral30
Sample
Blindness/win64/old/symsrv.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral31
Sample
Blindness/win64/sqlite3.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral32
Sample
Blindness/win64/symsrv.dll
Resource
win10-20240404-en
windows10-1703-x64
General
-
Target
Blindness/blindness.exe
-
Size
16.3MB
-
MD5
bfcedc7b86fff9e36e0889a8b321a3b1
-
SHA1
b0a6af2ce0580f1d629886ec26b1ffa4eab43d8f
-
SHA256
df2108aaa31cab9f7b965f7c1652a446693cb529c96ea852869c85e037c438b2
-
SHA512
0478733da658c4269abe0075c467b6f176cbefd7c4c188ef66c6d959dc5443ed94fa182e705b67682f33254c43f3e745e6b2cec2f877fade1f3f1ef3e4f6f5e6
-
SSDEEP
393216:y3Z8A06vEQ3ITvzx46SxiILGREuV3WjRI85:y3ZIzx46YNL6W9Ie
Malware Config
Signatures
-
Drops file in System32 directory 43 IoCs
description ioc Process File opened for modification C:\Windows\System32\RPCRT4.dll blindness.exe File opened for modification C:\Windows\SYSTEM32\version.dll blindness.exe File opened for modification C:\Windows\SYSTEM32\wininet.dll blindness.exe File opened for modification C:\Windows\system32\explorerframe.dll blindness.exe File opened for modification C:\Windows\System32\MSCTF.dll blindness.exe File opened for modification C:\Windows\System32\user32.dll blindness.exe File opened for modification C:\Windows\System32\shcore.dll blindness.exe File opened for modification C:\Windows\System32\imm32.dll blindness.exe File opened for modification C:\Windows\SYSTEM32\wsock32.dll blindness.exe File opened for modification C:\Windows\SYSTEM32\hhctrl.ocx blindness.exe File opened for modification C:\Windows\SYSTEM32\uxtheme.dll blindness.exe File opened for modification C:\Windows\SYSTEM32\ntdll.dll blindness.exe File opened for modification C:\Windows\System32\msvcp_win.dll blindness.exe File opened for modification C:\Windows\System32\GDI32.dll blindness.exe File opened for modification C:\Windows\System32\shell32.dll blindness.exe File opened for modification C:\Windows\SYSTEM32\opengl32.dll blindness.exe File opened for modification C:\Windows\SYSTEM32\GLU32.dll blindness.exe File opened for modification C:\Windows\System32\gdi32full.dll blindness.exe File opened for modification C:\Windows\System32\advapi32.dll blindness.exe File opened for modification C:\Windows\System32\cfgmgr32.dll blindness.exe File opened for modification C:\Windows\System32\powrprof.dll blindness.exe File opened for modification C:\Windows\SYSTEM32\winmm.dll blindness.exe File opened for modification C:\Windows\System32\KERNEL32.DLL blindness.exe File opened for modification C:\Windows\System32\win32u.dll blindness.exe File opened for modification C:\Windows\System32\windows.storage.dll blindness.exe File opened for modification C:\Windows\System32\ole32.dll blindness.exe File opened for modification C:\Windows\SYSTEM32\WINMMBASE.dll blindness.exe File opened for modification C:\Windows\System32\combase.dll blindness.exe File opened for modification C:\Windows\SYSTEM32\msimg32.dll blindness.exe File opened for modification C:\Windows\System32\clbcatq.dll blindness.exe File opened for modification C:\Windows\System32\bcryptPrimitives.dll blindness.exe File opened for modification C:\Windows\System32\shlwapi.dll blindness.exe File opened for modification C:\Windows\System32\comdlg32.dll blindness.exe File opened for modification C:\Windows\System32\psapi.dll blindness.exe File opened for modification C:\Windows\System32\kernel.appcore.dll blindness.exe File opened for modification C:\Windows\System32\profapi.dll blindness.exe File opened for modification C:\Windows\System32\ws2_32.dll blindness.exe File opened for modification C:\Windows\System32\KERNELBASE.dll blindness.exe File opened for modification C:\Windows\System32\oleaut32.dll blindness.exe File opened for modification C:\Windows\System32\ucrtbase.dll blindness.exe File opened for modification C:\Windows\System32\msvcrt.dll blindness.exe File opened for modification C:\Windows\System32\sechost.dll blindness.exe File opened for modification C:\Windows\SYSTEM32\PROPSYS.dll blindness.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\comctl32.dll blindness.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3572 blindness.exe 3572 blindness.exe 3572 blindness.exe 3572 blindness.exe -
Suspicious use of AdjustPrivilegeToken 16 IoCs
description pid Process Token: SeDebugPrivilege 3572 blindness.exe Token: SeTcbPrivilege 3572 blindness.exe Token: SeTcbPrivilege 3572 blindness.exe Token: SeLoadDriverPrivilege 3572 blindness.exe Token: SeCreateGlobalPrivilege 3572 blindness.exe Token: SeLockMemoryPrivilege 3572 blindness.exe Token: 33 3572 blindness.exe Token: SeSecurityPrivilege 3572 blindness.exe Token: SeTakeOwnershipPrivilege 3572 blindness.exe Token: SeManageVolumePrivilege 3572 blindness.exe Token: SeBackupPrivilege 3572 blindness.exe Token: SeCreatePagefilePrivilege 3572 blindness.exe Token: SeShutdownPrivilege 3572 blindness.exe Token: SeRestorePrivilege 3572 blindness.exe Token: 33 3572 blindness.exe Token: SeIncBasePriorityPrivilege 3572 blindness.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3572 blindness.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Blindness\blindness.exe"C:\Users\Admin\AppData\Local\Temp\Blindness\blindness.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3572
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
142B
MD53884fb959fad700da29722b14c1dd645
SHA16612989411d0f47a2ca3ffdf6d1fb4c50b223536
SHA2564b8de0aac70e1b75709d6b3f0be1ae3d77408196506fa8300215f484ebc718d8
SHA5120b2be4fd787402bbc4f71480a6248a4f5cd909a8c76aa7b63c48f621a736fbf40c07adf4c4e7ee6398225fa3906c6aecd6b70fc4cac026b3092ce5bc030a0be2