2dbf27909ae942e4750db2a186e7548b37919fe638f82cddca7e95b29fb847f0

Analysis

max time kernel
51s
max time network
58s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/06/2024, 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lossless.Scaling.v2.8.2/Lossless Scaling/LosslessScaling.exe
Size

961KB
MD5

5be20e358feea280b6773c134448a665
SHA1

62dc5bec0409c5e7370f79007d624be5b47a62d4
SHA256

9ab8c76faae81e74ea05d63b0ec2a451eeaa5a4b9f0a3ad2e378c9299629b9d5
SHA512

e5a24d12558d6bf391aab20e6775c58f2086f59ef445afe6023507b7695dd43453fc26274456c814d79166c9167838b1c5523c48df1d973e55c8d7bfd099ca6c
SSDEEP

12288:TSn1gEDS4MCLSyf6mOuGyW38yHJc+CKtOaO5Z7WhaGwnzE4ZbuRCwmhI2J+0sDVn:TC1ZtMCLPf1Oi32OvzTo4ZiRlT/Kk

Score

1^/10

Malware Config

Signatures

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\Colors	LosslessScaling.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1460	LosslessScaling.exe
1460	LosslessScaling.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1460	LosslessScaling.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1460	LosslessScaling.exe

C:\Users\Admin\AppData\Local\Temp\Lossless.Scaling.v2.8.2\Lossless Scaling\LosslessScaling.exe
"C:\Users\Admin\AppData\Local\Temp\Lossless.Scaling.v2.8.2\Lossless Scaling\LosslessScaling.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Lossless Scaling\Settings.xml

Filesize
2KB

MD5
8fe9785f802b07b37863f39629ef385b

SHA1
25b5b8b722752e7e60d7e17b3eea068e7f1d19c3

SHA256
d10d9560b8909403017befb52cf0957102a4e43187c7f7bea4dc567da5eea04a

SHA512
fcf255d505f6ce4b88d04c938b1cdff813570b99486dc6b2e42e714bbc5d0f77a601fe861ea9f227a31081a716e98588116435b8c39d175630d58eab2bd7fe04

Download Submit
memory/1460-10-0x00007FF800FD0000-0x00007FF801A91000-memory.dmp

Filesize
10.8MB

Download
memory/1460-11-0x00000187F92E0000-0x00000187F939A000-memory.dmp

Filesize
744KB

Download
memory/1460-3-0x00007FF800FD0000-0x00007FF801A91000-memory.dmp

Filesize
10.8MB

Download
memory/1460-4-0x00000187F6A70000-0x00000187F6A96000-memory.dmp

Filesize
152KB

Download
memory/1460-5-0x00000187F61C0000-0x00000187F61C8000-memory.dmp

Filesize
32KB

Download
memory/1460-6-0x00000187F61D0000-0x00000187F61DA000-memory.dmp

Filesize
40KB

Download
memory/1460-7-0x00007FF800FD0000-0x00007FF801A91000-memory.dmp

Filesize
10.8MB

Download
memory/1460-0-0x00007FF800FD3000-0x00007FF800FD5000-memory.dmp

Filesize
8KB

Download
memory/1460-2-0x00000187F6AC0000-0x00000187F6BA6000-memory.dmp

Filesize
920KB

Download
memory/1460-12-0x00000187F9220000-0x00000187F9258000-memory.dmp

Filesize
224KB

Download
memory/1460-9-0x00000187F9170000-0x00000187F9222000-memory.dmp

Filesize
712KB

Download
memory/1460-13-0x00000187F95A0000-0x00000187F95A8000-memory.dmp

Filesize
32KB

Download
memory/1460-14-0x00007FF800FD0000-0x00007FF801A91000-memory.dmp

Filesize
10.8MB

Download
memory/1460-16-0x00000187F95C0000-0x00000187F95CE000-memory.dmp

Filesize
56KB

Download
memory/1460-1-0x00000187F43C0000-0x00000187F44B6000-memory.dmp

Filesize
984KB

Download
memory/1460-28-0x00007FF800FD3000-0x00007FF800FD5000-memory.dmp

Filesize
8KB

Download
memory/1460-29-0x00007FF800FD0000-0x00007FF801A91000-memory.dmp

Filesize
10.8MB

Download