Analysis
-
max time kernel
134s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 08:55
Behavioral task
behavioral1
Sample
4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe
-
Size
5.8MB
-
MD5
84bec2889d12c078a49080c8c7209755
-
SHA1
65474940fece0c564bb8c9d0e43058de3ee6be78
-
SHA256
4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b
-
SHA512
d2c49562e5c5d402269dc6f8c04543135c11aa1afd7eee478b86a725800f7c2ef666ee74a0a8b9eedc1ee4a119a51c7ec4a252645f14ff96009d5a5fbef5251c
-
SSDEEP
98304:XlGTBmm7uHdabHRl70nha4JwIRUvMY5qV6d52016z9/jbsXmj2YY6h2:VGBVkdWMha4SfvhqVS52u4JnsXmK
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2380-44-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-46-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-58-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-56-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-52-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-50-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-48-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-42-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-40-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-38-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-36-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-34-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-32-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-30-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-28-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-26-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-20-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-18-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-17-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-16-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-15-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-54-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-24-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-22-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/2380-13-0x0000000010000000-0x000000001003E000-memory.dmp upx -
resource yara_rule behavioral2/memory/2380-7-0x0000000000400000-0x0000000000E61000-memory.dmp vmprotect behavioral2/memory/2380-12-0x0000000000400000-0x0000000000E61000-memory.dmp vmprotect behavioral2/memory/2380-59-0x0000000000400000-0x0000000000E61000-memory.dmp vmprotect behavioral2/memory/2380-60-0x0000000000400000-0x0000000000E61000-memory.dmp vmprotect behavioral2/memory/2380-61-0x0000000000400000-0x0000000000E61000-memory.dmp vmprotect behavioral2/memory/2380-62-0x0000000000400000-0x0000000000E61000-memory.dmp vmprotect behavioral2/memory/2380-64-0x0000000000400000-0x0000000000E61000-memory.dmp vmprotect -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2380 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe"C:\Users\Admin\AppData\Local\Temp\4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe"1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2380
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4136,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=4124 /prefetch:81⤵PID:4428
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:940