7f396996a4c9d7ba40e095fab6fdb5778cdd859116412b7343a8969077cb52fc

Analysis

max time kernel
130s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

windowsdesktop-runtime-6.0.31-win-x64.exe
Size

55.0MB
MD5

0041e68d90de7ae648885a07f9bd3956
SHA1

768f34b688c81595d2044a44776eafabb7747f33
SHA256

7f396996a4c9d7ba40e095fab6fdb5778cdd859116412b7343a8969077cb52fc
SHA512

5202b008e0f885c2c78cd23a8dc0970e1281e905e3c6c796e2d77e5aad15eb312661a6b459b0b29b7b16979cd6c8f29d0ac52b0573a60da4f9e032c17a8acd9c
SSDEEP

1572864:e86YK0PsNLNNvWEe/dnayvm40TCDFWPeAC5BtZtF:e8fKJvvWEe4am40Gzv

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 1 IoCs

pid	Process
220	windowsdesktop-runtime-6.0.31-win-x64.exe

Loads dropped DLL 1 IoCs

pid	Process
220	windowsdesktop-runtime-6.0.31-win-x64.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 220	3064	windowsdesktop-runtime-6.0.31-win-x64.exe	88
PID 3064 wrote to memory of 220	3064	windowsdesktop-runtime-6.0.31-win-x64.exe	88
PID 3064 wrote to memory of 220	3064	windowsdesktop-runtime-6.0.31-win-x64.exe	88

C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.31-win-x64.exe
"C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.31-win-x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\Temp\{E2B32A0F-0575-4575-8E98-C388781041CE}\.cr\windowsdesktop-runtime-6.0.31-win-x64.exe
  "C:\Windows\Temp\{E2B32A0F-0575-4575-8E98-C388781041CE}\.cr\windowsdesktop-runtime-6.0.31-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.31-win-x64.exe" -burn.filehandle.attached=556 -burn.filehandle.self=692
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4200,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=3464 /prefetch:8
1⤵
PID:3160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\{69FE8167-1F54-42A4-A60B-D5A56E49C699}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{69FE8167-1F54-42A4-A60B-D5A56E49C699}\.ba\wixstdba.dll

Filesize
215KB

MD5
f68f43f809840328f4e993a54b0d5e62

SHA1
01da48ce6c81df4835b4c2eca7e1d447be893d39

SHA256
e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e

SHA512
a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1

Download Submit
C:\Windows\Temp\{E2B32A0F-0575-4575-8E98-C388781041CE}\.cr\windowsdesktop-runtime-6.0.31-win-x64.exe

Filesize
636KB

MD5
7dfa2d16780a7dc5976dc9503ef132b7

SHA1
d744c2bbd0f0f489a559d7376e4294589cedf8ad

SHA256
2551b141649dbd49ac35abf4ad54240abb88f97f488788aae33ec9cc06d5f065

SHA512
3f2fb1afb3899a234e05d819eda4395318a8cd3e043ca2a8dd895763e5076ab4798d3a202db8fa99c228baf72728b4618b74869f5f241fc5305a603339052112

Download Submit