29dc64e0ada4c711d0452801d3364b2f44cf4bd52337547aaa2f40744da97cd1

Resubmissions

29-06-2024 07:53

240629-jrbzwatdqe 10

29-06-2024 07:51

29-06-2024 07:48

29-06-2024 07:37

29-06-2024 07:36

29-06-2024 07:34

29-06-2024 07:33

29-06-2024 07:29

Analysis

max time kernel
44s
max time network
46s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 07:48

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

The-MALWARE-Repo
Size

284KB
MD5

1c0a02c3390b9fd77746574def84b1d1
SHA1

2e62ae7936cf5b6398308f702ddbb06427091109
SHA256

29dc64e0ada4c711d0452801d3364b2f44cf4bd52337547aaa2f40744da97cd1
SHA512

4f62bc5c219a6fa412dc06653227561b10cb32d144be733e0b2e57dea24baa17683dc09b84c57237326e6909e27f42ea7e1f70032eeff455d12423364bc433a2
SSDEEP

6144:ibRoQ02n9dH5M2vkm0y3Cl3pId9Rj9vvZJT3CqbMrhryfQNRPaCieMjAkvCJv1VZ:qRoQ02n9dH5M2vkm0y3Cl3pId9Rj9vvC

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "205"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1436	shutdown.exe
Token: SeRemoteShutdownPrivilege	1436	shutdown.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2632	LogonUI.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3684 wrote to memory of 1436	3684	cmd.exe	104
PID 3684 wrote to memory of 1436	3684	cmd.exe	104

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo
1⤵
PID:1440

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Windows\system32\shutdown.exe
  shutdown /s
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1436

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\UnprotectTrace.js"
1⤵
PID:1544

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa396a855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\ApproveHide.hta

Filesize
532KB

MD5
e72717dc74646f975b09e880d9c3aa4e

SHA1
0e46c0bb31db5529053b5993fd0a80ee682dd2d1

SHA256
acc47d746e7e660a659065bba0591b8eb755d73e1617cc93328cb6a8c00b98ca

SHA512
59a478dd0baea056e804a6bdeab2e973efb0def56e6ff6a56f5c90f8f809061c4a3c929cc91d4fb8588e31a38692007b311b7391201a45e289c3d2f9c2766ac3

Download Submit
C:\Users\Admin\Desktop\ApproveRestore.htm

Filesize
204KB

MD5
f12d370b4f13fce939a419c178a24a98

SHA1
be161531093d4ae91e0585040318d4014c9dd550

SHA256
fe37b32db3ddfe1c51478d65b8a611dd3f3e34cf6cac7231871591d1b47ce2be

SHA512
0ac26aab23f2ad4d752148a70fe6ebdc496cecf6bf146b4a9b85c1faa83010526310eadad5058918f79f8aafa25742475bf23393d228c09503e1a2777c24fa32

Download Submit
C:\Users\Admin\Desktop\BlockConvertFrom.mp2

Filesize
286KB

MD5
9996cf2a6c5f86c7a2aa102567fabfb8

SHA1
d0a61fb4d278b2c98e9afea2345467aaf2b03f12

SHA256
66643babfb67e0b2c15b1856bd2187a705eea95cafe388db4278dc34967aa9c3

SHA512
c054065a6688a35ce86824396dbf5e23339685bb8b1c7cf011c8f1d560e1e1b5948c10b91f7f9ccad6be1e4cc941eb35ac12ba42e8942b8de3e866c217bcea28

Download Submit
C:\Users\Admin\Desktop\CheckpointWait.001

Filesize
798KB

MD5
d37734a09737137abe12b15bc2cb7f8a

SHA1
7a23da81acc4aa5820eda45791c2af17f64d2cba

SHA256
32e6e6595e0411868b6f6c8a1152e32e312208b7f861643deed3d1df845cb7ae

SHA512
2aa4ca4b4ddbac036c600a2ecec203482fc708d741a35b79adef2d77d09bd9b21b6dea2086310cd8a5407f0eb89c9817def0ed96d1f6681b63a5c1fd4caabb03

Download Submit
C:\Users\Admin\Desktop\ConvertToRename.mp4

Filesize
368KB

MD5
84f1fc0f8cd5dcc2597db9b46574e259

SHA1
9a39049a95d647ac2e3a98a02cac43be4405f613

SHA256
6925197a34b07feed338635a3d022e7b55259ac5e62b52ff082afa651250ffd7

SHA512
e063d4b6a8039658827d6cafe6f7da661e11b393b42bd5a4f85632fc8d65f46ab4e35832eb599d179241feb4926d5aa4a23eb323036c1cd898ee32f0ad68160d

Download Submit
C:\Users\Admin\Desktop\DebugUninstall.svgz

Filesize
327KB

MD5
0caa8f76a5b8b7ee653ee2654b0cf2da

SHA1
c63f530e468e6afb5c301df08142a152d343262d

SHA256
be69918a98b585d8e1aa7e52e7040a5d255d72cec07288674bc1df0c312d9286

SHA512
8d59d125cc44cf2cf3e0789ddc0bee9734ddb4a544bc5341e29f1ca4104ca8e96407e6954b4c760c2a1ed071a09be39bb3245144e4eab78f72efdb30989e860f

Download Submit
C:\Users\Admin\Desktop\DenyUpdate.midi

Filesize
573KB

MD5
8fa0a8d89871bfe030aa1661489310a0

SHA1
6f033aeaa992aaf1fbba85567ee1cc7a867be7b4

SHA256
5c3c173d58d8cf8f38bf13bb06eb4ae2a8d0277cd76dbeb590a5d63a3eb122b6

SHA512
15c55910d2bcc127bec6a5ec69801a8d1fbe6fd005a477031d4d5f04d40fcaec2fa3552611c25103c5dccc15291ad0bf36a247d169c495b82455325e4bc56e17

Download Submit
C:\Users\Admin\Desktop\DisconnectSend.txt

Filesize
389KB

MD5
885c24a7a66d64d85baaf862f172b6f2

SHA1
acdb0a371abe267eec7a2fc5452d2363a3148f8a

SHA256
b7cfb97efd9d9c99b9d0281434c41ae9c4f5150cb8e7cab787638d64351bc924

SHA512
82e271a097c06539d42fe05291611704ef9bbbec85cb0941bf1ac59d653c99ea4df67787e62171b19c92f3ff2fc9d212452c7b8569c84f50a44204e8973c5e9f

Download Submit
C:\Users\Admin\Desktop\ExpandGroup.mht

Filesize
430KB

MD5
c5b0ca62afef4810d7054d9ed88c01ee

SHA1
707d0f3f8137927e429c8302f49dccd075de1581

SHA256
45dd1f3357d5d6140e7e1818d5dd7f93ab201154fa1095a3808098e6b5080814

SHA512
66c4010345c7446a708d4452c983d9f206e74f17467686e88383883745486feb65af76806b18e49575318bcd665d75ab4c66bfd2e205140f55b26587ef954793

Download Submit
C:\Users\Admin\Desktop\FormatExport.gif

Filesize
491KB

MD5
c497f49f696e02afea2787d81d46c59c

SHA1
f6fd5b9c22605a11f3cb2caf520fb24b8649419f

SHA256
fea8769b58bf36d8f5c00b40e2a0686343acecbaf2fd0e4c0cc5dc6f3d702400

SHA512
71038b186a674585e29093f6fe8c31feb3194eeb41b70cd33dd9a9501b8987b3e29a7e1689e85ebc1facc005fd8bd92dce09a4072ec3f0435a91b3770cd308f5

Download Submit
C:\Users\Admin\Desktop\NewRegister.ods

Filesize
225KB

MD5
8f616b208a9d4e3042e4d318fe1a43fa

SHA1
c4cf7973027597a47c9cc45aee7baf59c6eac074

SHA256
53b5c86d8ef180a47ab0d47a6f9263f9dbe907cb3a56f3340ae0a8d05e49e67c

SHA512
eb232ce5ebc17bc4b3cc51e8d9d777b687767d203ef9abedc6aa681622c52bce92e0fc97ed6c7562393790eccab007914ef78bc4bcfdef939270bbe766c6413b

Download Submit
C:\Users\Admin\Desktop\OutExport.001

Filesize
552KB

MD5
25025118052bcad61b2979c689d572be

SHA1
63d7343791bc700cfa7ab915f45e0f42226e4ed5

SHA256
c70678f57943ef858a0c0308fd255f49c9d7469414d7d2307174b0e1d6dc7d04

SHA512
3b08f7edf8a4477c5e95cfe17c209c5e1ac76432edc4ff75ea69a6ab703ca4fa9d1d2875d639b409f02a2dd2f2113c554a39e3d7000c592cef941193b5021c09

Download Submit
C:\Users\Admin\Desktop\RedoLimit.otf

Filesize
307KB

MD5
a9ed2cfe29552f30f1ded737938b9358

SHA1
b1d747ef7870f7b934d5e7d920c1121a06568c45

SHA256
7ebd9dd832cf976f8ddd549fd2ff9462f70c4a68b31c9591eec262bd6808c56c

SHA512
e65761019a83421d6ea82d15de5d74640c2ecf67e477e074ce0ab34d1850718a992eeaa712421f1b205c59981ef8141c35e9d815cdfce0d28925451c99ffd683

Download Submit
C:\Users\Admin\Desktop\RepairApprove.mp3

Filesize
450KB

MD5
e1c4405da80555ee03bbc750dd8dc967

SHA1
879c609595243f3d8f4c5e0911d7cb5d7dc96bce

SHA256
31edd2516dd18dc305f15e169a09eaa7d490a6dde0cab8a127c2eef9adc2e517

SHA512
8d478371e5a41db52371e27f177bdc0bb14877a4a905ed7341f2462f0444fd37d85953d83ee28e1d21a4af7828ebf39b2fdb8444e4fbb9da8f2abebd951197cc

Download Submit
C:\Users\Admin\Desktop\RevokeClear.mp4

Filesize
512KB

MD5
ecf312e67388434a41be396b191dba6f

SHA1
1e641ad395cf1e2202195651856201d4ba3ded9c

SHA256
d101b531ffc7f2c3c687eb580bd7baa73d86e1c945d1e0e3e1ac4a0b905a2009

SHA512
5e4f9d7f1b48cab20957886353141f954bba8d0af85405b15390e745f0a6ca501bfb61b478d28c04a822ed5fa9765bfdb528f82b2c66c406b583332868e5ca38

Download Submit
C:\Users\Admin\Desktop\SendMove.asp

Filesize
348KB

MD5
81f1f053b46bfbd8fb5b45fb70a2747e

SHA1
dc13025efee2c900f95994acbed349afdd770e8b

SHA256
a9b03139aa2adbe22e84cb36964eb5c797477ed7b3c70a5c15a2a1356cff2318

SHA512
63a08e11f3496fad40ec565843462543814dd946ad0eeee717d01aef9d9d6ce3843e214ccdae618a92b3134985510dd282b2283d06b8b2b77affb9ae415e31c1

Download Submit
C:\Users\Admin\Desktop\UnblockEnter.m4v

Filesize
266KB

MD5
9a8f712d4e3cd2f504083891f79cc24b

SHA1
a31d8351974b224ff95543568491737725f3bd69

SHA256
252a307cd26dc73886172560d567ff1632a98a5dcf3d1065336a4aa664f9ac81

SHA512
9a5859af609e152c686161dc30223a972ec0a92410933614e673e9d8498ee7a49614549b5ab13d757bf2d5812a60ecdf4d3958bab53854ef0aaefc120289e007

Download Submit
C:\Users\Admin\Desktop\UnblockGet.jpeg

Filesize
409KB

MD5
7db286c5671041ae2e4e9a9d934d1a0e

SHA1
4d105c4841cbfb01d0dfa134f962a90f67c1d74e

SHA256
15a86b297fd2e2b95c8edee9d2671ef2476a50c729114bf00d706986b073f747

SHA512
f435eb8dc17d4eb7bb986bb7d8e51ddcd119e14b58f3be144e15e2df0f74c4c0a6d093236eb7bfb5b8ca49ae7f815c1b2b48f589e59b5478e36a97f2baf995b4

Download Submit
C:\Users\Admin\Desktop\UnprotectTrace.js

Filesize
245KB

MD5
51380fb466673102f7efba675f80d098

SHA1
dfde8a1f688c40c2e76903bd9d55a3b7498c2e55

SHA256
b95df96d739aac5f4d7687329f02a122a2c2352555e5c7121c3ed05b4226c660

SHA512
b52572fe5bf4d94bc3783b6f618a284483a06eb05cb548104ed3aa8200a3ad48ad204a907f007c8e0bb65a3f16824a5f08364eb43c6770d214f6dc32719b3236

Download Submit
C:\Users\Admin\Desktop\WriteDebug.xsl

Filesize
471KB

MD5
c366b37965bd9d1cf31ed4bad736e7bc

SHA1
a7fb29d2865c9dfbe8b7ba8ff9f3e2d6708f8a87

SHA256
b9828c793f11dffb23febf119e0e1151a02329bf6b00c4278ed71415027acb90

SHA512
90611108fa9361b93120d5f3baad3ef42c6f3d642e318a5943225ed43b5963e231f90bc24d9789ba4c4babdafab2c67c9af9d2e451fa452de6bdd8eebf7033de

Download Submit