Resubmissions
30-06-2024 01:15
240630-bl765a1enb 1030-06-2024 00:49
240630-a6bg8athpn 1029-06-2024 12:42
240629-pxbtysxfle 10Analysis
-
max time kernel
93s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
30-06-2024 00:49
Behavioral task
behavioral1
Sample
x360ce.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
x360ce.exe
Resource
win10v2004-20240508-en
General
-
Target
x360ce.exe
-
Size
14.7MB
-
MD5
be80f3348b240bcee1aa96d33fe0e768
-
SHA1
40ea5de9a7a15f6e0d891cd1ba4bca8519bb85ed
-
SHA256
74faf334cb0bdd3e9dfab8c323d4eb3b9b089bcaadc7dbd639d9aa93a4f6f829
-
SHA512
dfb3b191152981f21180e93597c7b1891da6f10b811db2c8db9f45bbecc9feb54bc032bdd648c7ad1134e9b09e5e2b9705d5e21294e1ae328a4390350745536a
-
SSDEEP
196608:n+/7/fO/vBSVnf+viDyJBwhsCArf+viDyJBQhsCAaIF/f+viDyJBaF9hsCA6EJ0k:nX/vu0Bwhs8vu0BQhsvFOvu0BaF9hsR
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Windows directory 6 IoCs
description ioc Process File created C:\Windows\INF\c_monitor.PNF x360ce.exe File created C:\Windows\INF\c_volume.PNF x360ce.exe File created C:\Windows\INF\c_diskdrive.PNF x360ce.exe File created C:\Windows\INF\c_media.PNF x360ce.exe File created C:\Windows\INF\c_display.PNF x360ce.exe File created C:\Windows\INF\c_processor.PNF x360ce.exe -
Loads dropped DLL 1 IoCs
pid Process 4072 x360ce.exe -
Checks SCSI registry key(s) 3 TTPs 31 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID x360ce.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName x360ce.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc x360ce.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags x360ce.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName x360ce.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 x360ce.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom x360ce.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc x360ce.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg x360ce.exe -
Suspicious behavior: EnumeratesProcesses 35 IoCs
pid Process 4072 x360ce.exe 4072 x360ce.exe 4072 x360ce.exe 4072 x360ce.exe 4072 x360ce.exe 4072 x360ce.exe 4072 x360ce.exe 4072 x360ce.exe 4072 x360ce.exe 4072 x360ce.exe 4072 x360ce.exe 4072 x360ce.exe 4072 x360ce.exe 4072 x360ce.exe 4072 x360ce.exe 4072 x360ce.exe 4072 x360ce.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeDebugPrivilege 4072 x360ce.exe Token: SeDebugPrivilege 1884 taskmgr.exe Token: SeSystemProfilePrivilege 1884 taskmgr.exe Token: SeCreateGlobalPrivilege 1884 taskmgr.exe Token: 33 1884 taskmgr.exe Token: SeIncBasePriorityPrivilege 1884 taskmgr.exe -
Suspicious use of FindShellTrayWindow 45 IoCs
pid Process 4072 x360ce.exe 4072 x360ce.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe -
Suspicious use of SendNotifyMessage 44 IoCs
pid Process 4072 x360ce.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4072 x360ce.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\x360ce.exe"C:\Users\Admin\AppData\Local\Temp\x360ce.exe"1⤵
- Drops file in Windows directory
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4072
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1884
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
29KB
MD5a8781afcba77ccb180939fdbd5767168
SHA13cb4fe39072f12309910dbe91ce44d16163d64d5
SHA25602b50cbe797600959f43148991924d93407f04776e879bce7b979f30dd536ba9
SHA5128184e22bb4adfcb40d0e0108d2b97c834cba8ab1e60fee5fd23332348298a0b971bd1d15991d8d02a1bc1cc504b2d34729ed1b8fea2c6adb57e36c33ac9559e9