Resubmissions
04-07-2024 02:13
240704-cnpy1aygpn 10Analysis
-
max time kernel
60s -
max time network
62s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
04-07-2024 02:13
Behavioral task
behavioral1
Sample
Release/Discord rat.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
builder.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
4 signatures
150 seconds
Behavioral task
behavioral3
Sample
dnlib.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
builder.exe
-
Size
10KB
-
MD5
4f04f0e1ff050abf6f1696be1e8bb039
-
SHA1
bebf3088fff4595bfb53aea6af11741946bbd9ce
-
SHA256
ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa
-
SHA512
94713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12
-
SSDEEP
96:IJXYAuB2glBLgyOk3LxdjP2rm549JSTuwUYXzP+B1izXTa/HFpff3LG+tzNt:IJXDk7LI4uwtDPC1ijCHffSs
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "197" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 2308 Process not Found 884 Process not Found 4784 Process not Found 220 Process not Found 1420 Process not Found 4876 Process not Found 4776 Process not Found 3664 Process not Found 4276 Process not Found 2744 Process not Found 2120 Process not Found 208 Process not Found 2136 Process not Found 3028 Process not Found 1376 Process not Found 3456 Process not Found 3940 Process not Found 4228 Process not Found 4936 Process not Found 1256 Process not Found 4964 Process not Found 1340 Process not Found 4884 Process not Found 4428 Process not Found 2020 Process not Found 2448 Process not Found 4932 Process not Found 4812 Process not Found 5016 Process not Found 960 Process not Found 2016 Process not Found 4488 Process not Found 3660 Process not Found 1688 Process not Found 1760 Process not Found 4440 Process not Found 4788 Process not Found 1828 Process not Found 2824 Process not Found 4140 Process not Found 3908 Process not Found 3856 Process not Found 3548 Process not Found 3876 Process not Found 896 Process not Found 5052 Process not Found 4748 Process not Found 4296 Process not Found 3828 Process not Found 4312 Process not Found 532 Process not Found 880 Process not Found 4540 Process not Found 452 Process not Found 3916 Process not Found 3712 Process not Found 4780 Process not Found 1996 Process not Found 3848 Process not Found 2700 Process not Found 4792 Process not Found 1000 Process not Found 3328 Process not Found 1948 Process not Found -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 756 LogonUI.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 1704 wrote to memory of 4596 1704 cmd.exe 113 PID 1704 wrote to memory of 4596 1704 cmd.exe 113
Processes
-
C:\Users\Admin\AppData\Local\Temp\builder.exe"C:\Users\Admin\AppData\Local\Temp\builder.exe"1⤵PID:2216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4324,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=4028 /prefetch:81⤵PID:4944
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Windows\system32\shutdown.exeshutdown /l2⤵PID:4596
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3901855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:756