Overview
overview
3Static
static
3background...st.exe
windows10-2004-x64
1bash.exe
windows10-2004-x64
1bcdboot.exe
windows10-2004-x64
1bcdedit.exe
windows10-2004-x64
1bdeunlock.exe
windows10-2004-x64
1bitsadmin.exe
windows10-2004-x64
1bootim.exe
windows10-2004-x64
1bootsect.exe
windows10-2004-x64
1bridgeunattend.exe
windows10-2004-x64
1browser_broker.exe
windows10-2004-x64
1browserexport.exe
windows10-2004-x64
1bthudtask.exe
windows10-2004-x64
1cacls.exe
windows10-2004-x64
1calc.exe
windows10-2004-x64
1certreq.exe
windows10-2004-x64
3certutil.exe
windows10-2004-x64
1changepk.exe
windows10-2004-x64
1charmap.exe
windows10-2004-x64
1chkdsk.exe
windows10-2004-x64
1chkntfs.exe
windows10-2004-x64
1choice.exe
windows10-2004-x64
1cipher.exe
windows10-2004-x64
1cleanmgr.exe
windows10-2004-x64
1cliconfg.exe
windows10-2004-x64
1clip.exe
windows10-2004-x64
1cmd.exe
windows10-2004-x64
1cmdkey.exe
windows10-2004-x64
1cmdl32.exe
windows10-2004-x64
1cmmon32.exe
windows10-2004-x64
1cmstp.exe
windows10-2004-x64
1cofire.exe
windows10-2004-x64
1csrss.sys
windows10-2004-x64
1Resubmissions
09/07/2024, 13:39
240709-qydwdayanf 709/07/2024, 07:52
240709-jqdr3swdle 609/07/2024, 06:42
240709-hgkzcs1bjl 509/07/2024, 06:34
240709-hb2d6azhjn 309/07/2024, 05:47
240709-ggxgqa1crh 4Analysis
-
max time kernel
136s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2024, 06:34
Static task
static1
Behavioral task
behavioral1
Sample
backgroundTaskHost.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
bash.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
bcdboot.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
bcdedit.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
bdeunlock.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
bitsadmin.exe
Resource
win10v2004-20240708-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
bootim.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
bootsect.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
bridgeunattend.exe
Resource
win10v2004-20240708-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
browser_broker.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
browserexport.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
bthudtask.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
cacls.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
calc.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
certreq.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
certutil.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
changepk.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
charmap.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
chkdsk.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
chkntfs.exe
Resource
win10v2004-20240708-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
choice.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
cipher.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
cleanmgr.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
cliconfg.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
clip.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
cmd.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
cmdkey.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
cmdl32.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
cmmon32.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
cmstp.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
cofire.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
csrss.sys
Resource
win10v2004-20240704-en
windows10-2004-x64
General
-
Target
certreq.exe
-
Size
480KB
-
MD5
c665264e47391b4d763ecd3111b1052e
-
SHA1
22f53b823f40a1115b303f91370d07b72b72a8c9
-
SHA256
07480dc8cad237515bcea89f8566e58ea360b57b20ad025e8aea83ec24106ac1
-
SHA512
6c05e253867ecaff27943a71e91a027ef59f5bd4aee397fd0fa87e37d5687d1188061eb1c3e4bd3d30945c1d233507646e9217aa0a1016d68398b07df2a93d20
-
SSDEEP
12288:vPv/eIv7RbTIDZ7i3ci+lD8c7U8WiX6qacsuXXoPu79JpJNKKY6JGyAM:vPv/eIv7RbTIDZ7i3ci+L7UKX6qacsuP
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 33 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 certreq.exe Set value (data) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 certreq.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ certreq.exe Set value (str) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" certreq.exe Set value (int) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" certreq.exe Set value (int) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" certreq.exe Set value (data) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff certreq.exe Key created \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell certreq.exe Key created \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg certreq.exe Key created \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings certreq.exe Set value (data) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots certreq.exe Set value (data) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 certreq.exe Set value (int) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" certreq.exe Key created \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU certreq.exe Set value (data) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff certreq.exe Set value (data) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff certreq.exe Key created \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags certreq.exe Key created \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 certreq.exe Set value (int) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" certreq.exe Key created \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell certreq.exe Set value (data) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 certreq.exe Set value (data) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff certreq.exe Set value (int) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" certreq.exe Set value (int) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" certreq.exe Set value (int) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" certreq.exe Key created \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} certreq.exe Set value (int) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" certreq.exe Set value (str) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" certreq.exe Set value (data) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 certreq.exe Set value (data) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 certreq.exe Key created \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 certreq.exe Key created \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ certreq.exe Set value (int) \REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" certreq.exe -
Suspicious use of SetWindowsHookEx 11 IoCs
pid Process 1828 certreq.exe 1828 certreq.exe 1828 certreq.exe 1828 certreq.exe 1828 certreq.exe 1828 certreq.exe 1828 certreq.exe 1828 certreq.exe 1828 certreq.exe 1828 certreq.exe 1828 certreq.exe