Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
22-06-2024 02:18
Static task
static1
Behavioral task
behavioral1
Sample
Tango Release.rar
Resource
win11-20240611-en
Behavioral task
behavioral2
Sample
Tango Release/Tango Release V1.6.exe
Resource
win11-20240611-en
Behavioral task
behavioral3
Sample
Tango Release/assets.dll
Resource
win11-20240508-en
Behavioral task
behavioral4
Sample
Tango Release/instructions.txt
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
Tango Release/license.txt
Resource
win11-20240611-en
General
-
Target
Tango Release.rar
-
Size
39.6MB
-
MD5
632ca437cdd3f0a06af0797d839e59de
-
SHA1
d5579d2459f619958b039db479edc6b55a9a3f25
-
SHA256
84e74424f9c3409c334e62f98d8325ad7f2c0e39fe7a17cc0aa2bf042d41c11e
-
SHA512
84f3cb4776b05c6351d339359e689a33eaf9de2323d71cfa3462077e2a1f1675b206fe78ef085334ea8b08a55b25efc0d9e461fdbcd12070db60d19018b79d00
-
SSDEEP
786432:/ynXMl6nhvoJVWcFJ3DKlL117O7VnuerVB7pq48D3R/UBzFbaxH+3Thk:yMl6hcFF+8VzrzkRcLaV+dk
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 3 IoCs
Processes:
MiniSearchHost.execmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
MiniSearchHost.exeOpenWith.exepid process 744 MiniSearchHost.exe 4752 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Tango Release.rar"1⤵
- Modifies registry class
PID:2200
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:744
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4752
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD5a05de6626e878c11872bcf9a152a692c
SHA18e2e338228d149511acd9740a84d5310c33f7f2c
SHA2562b028061471208157f927bc0495bd6814ebce7edb5c6a0cf5f6d8d065845d704
SHA5129f73b10f2acb9d22d8c02428f55759d55c4a6d8f4521f2c8f698c7d20280aded26a3e2ecd565507d5e8334ba4843076fbc42e3df74b49a8bc20eeb71d9ceb520