32fec5f5a1e77d6fdb8b27016d70c923429b9530459850d8207c925e563dfe09

Analysis

max time kernel
125s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_lossless_scaling_2.9.0.exe
Size

5.9MB
MD5

3f484fb41e85aa1875ab0e966a13fbff
SHA1

f2591e8c9e46520a10cbfbb4f80fa0cff1722701
SHA256

32fec5f5a1e77d6fdb8b27016d70c923429b9530459850d8207c925e563dfe09
SHA512

d761369016596a51a3a8c2ee8364f0608771e05c95517ac256126eb74a77ef5ff87e39949d33ce0c7b046ad7f642d6354513968842035e6206a974e8eca54b8d
SSDEEP

49152:kBuZrEUNBUJiQXPfoYV7hZiRZieAlA89hAnqQQDI7QPmJLJZ2iZ3vxm3c7ldk:6kLNAXXoYTZblA89hAqQsOQPCXvm3chG

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2196	setup_lossless_scaling_2.9.0.tmp
4652	LosslessScaling.exe

Loads dropped DLL 1 IoCs

pid	Process
4652	LosslessScaling.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\devmgmt.msc	mmc.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Lossless Scaling\Shaders\is-1NFHN.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-4FECE.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-6L1PA.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-2QD7R.tmp	setup_lossless_scaling_2.9.0.tmp
File opened for modification	C:\Program Files\Lossless Scaling\Lossless.dll	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-I802T.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-E77O3.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-U130S.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-LGQ6B.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-CI86D.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-5LK8S.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\fr\is-HBQQ1.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-7RFQF.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-099QE.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-N9DP2.tmp	setup_lossless_scaling_2.9.0.tmp
File opened for modification	C:\Program Files\Lossless Scaling\hr\LosslessScaling.resources.dll	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-09M9C.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-M9DKA.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-POACL.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-OCU3Q.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-0PI90.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-M399H.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-POAFJ.tmp	setup_lossless_scaling_2.9.0.tmp
File opened for modification	C:\Program Files\Lossless Scaling\ro\LosslessScaling.resources.dll	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-1R0F6.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-FDR6C.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-55HCS.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-2A1GJ.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-IFD3R.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\ko\is-M6UCV.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-IBK3J.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\ja\is-CLJ5D.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-HQ57G.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-OT9EM.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\uk\is-C0G1C.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-55I2F.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-KKRJ7.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-1NOA9.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-ODL2M.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-FVLU7.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-4023I.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-QVF93.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\is-A0TQL.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-HR4P6.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-483HD.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-PDJR6.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-36AU0.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-RRI7L.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-CJL6G.tmp	setup_lossless_scaling_2.9.0.tmp
File opened for modification	C:\Program Files\Lossless Scaling\ko\LosslessScaling.resources.dll	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-R49M1.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-1FBTH.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-S59KP.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-OBTEB.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-77PB0.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-3KM0N.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-QBMD2.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-JVLVC.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\tr\is-DTIGH.tmp	setup_lossless_scaling_2.9.0.tmp
File opened for modification	C:\Program Files\Lossless Scaling\LosslessScaling.exe	setup_lossless_scaling_2.9.0.tmp
File opened for modification	C:\Program Files\Lossless Scaling\zh-CN\LosslessScaling.resources.dll	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-DGGCT.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-FEET1.tmp	setup_lossless_scaling_2.9.0.tmp
File created	C:\Program Files\Lossless Scaling\Shaders\is-RSQ76.tmp	setup_lossless_scaling_2.9.0.tmp

Drops file in Windows directory 57 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 23 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\Colors	LosslessScaling.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings	control.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
2196	setup_lossless_scaling_2.9.0.tmp
2196	setup_lossless_scaling_2.9.0.tmp
4652	LosslessScaling.exe
4652	LosslessScaling.exe
4652	LosslessScaling.exe
4652	LosslessScaling.exe
4652	LosslessScaling.exe
4652	LosslessScaling.exe
4652	LosslessScaling.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
4652	LosslessScaling.exe
4652	LosslessScaling.exe
4652	LosslessScaling.exe
4652	LosslessScaling.exe
4652	LosslessScaling.exe
4652	LosslessScaling.exe
4652	LosslessScaling.exe
4652	LosslessScaling.exe
4652	LosslessScaling.exe
4652	LosslessScaling.exe
4652	LosslessScaling.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1972	mmc.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	4652	LosslessScaling.exe
Token: SeDebugPrivilege	552	taskmgr.exe
Token: SeSystemProfilePrivilege	552	taskmgr.exe
Token: SeCreateGlobalPrivilege	552	taskmgr.exe
Token: 33	552	taskmgr.exe
Token: SeIncBasePriorityPrivilege	552	taskmgr.exe
Token: SeShutdownPrivilege	4180	control.exe
Token: SeCreatePagefilePrivilege	4180	control.exe
Token: 33	1972	mmc.exe
Token: SeIncBasePriorityPrivilege	1972	mmc.exe
Token: 33	1972	mmc.exe
Token: SeIncBasePriorityPrivilege	1972	mmc.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2196	setup_lossless_scaling_2.9.0.tmp
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
4652	LosslessScaling.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4652	LosslessScaling.exe
1972	mmc.exe
1972	mmc.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 2196	4716	setup_lossless_scaling_2.9.0.exe	86
PID 4716 wrote to memory of 2196	4716	setup_lossless_scaling_2.9.0.exe	86
PID 4716 wrote to memory of 2196	4716	setup_lossless_scaling_2.9.0.exe	86
PID 4180 wrote to memory of 1972	4180	control.exe	97
PID 4180 wrote to memory of 1972	4180	control.exe	97

C:\Users\Admin\AppData\Local\Temp\setup_lossless_scaling_2.9.0.exe
"C:\Users\Admin\AppData\Local\Temp\setup_lossless_scaling_2.9.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Users\Admin\AppData\Local\Temp\is-CBIHV.tmp\setup_lossless_scaling_2.9.0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-CBIHV.tmp\setup_lossless_scaling_2.9.0.tmp" /SL5="$B0052,5281693,844288,C:\Users\Admin\AppData\Local\Temp\setup_lossless_scaling_2.9.0.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:2196

C:\Program Files\Lossless Scaling\LosslessScaling.exe
"C:\Program Files\Lossless Scaling\LosslessScaling.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4652

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:552

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.DeviceManager
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Windows\system32\mmc.exe
  "C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1972

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Lossless Scaling\Lossless.dll

Filesize
259KB

MD5
021db5d732b50c2a59050a4b273bef23

SHA1
6748e468f6ffbfb812699242f7a108b512a9bce5

SHA256
a2415b8f51f767408ec19d4c50ee46eb6f490aaa7e147c5f555f1202ecf8f518

SHA512
44cf4bbda762ed47586816752396b42faaf2f07d173e6b69e6e49f75f0dcacafde48fa0ea5735b70b89be6a7eb56883614d7c78c104968e24d5c40561a884ffd

Download Submit
C:\Program Files\Lossless Scaling\LosslessScaling.exe

Filesize
962KB

MD5
4c8d9566dc1e5f1eae914a546ee819a0

SHA1
8b16f43b0c84a43eecb24aad51d33795752a3b07

SHA256
b5b9671a6e309afd15a595ca96ce2d294f26519c73e68c4909418a3129c6db68

SHA512
5a7ded63ec2c6d3320d14bdc876c4f51c1a7c6e1c8a89028f646c03a2b393262db3b16d66b58903a83f0aa34218a8649aeeec0cf49a0ac9a404d29336bf85532

Download Submit
C:\Program Files\Lossless Scaling\LosslessScaling.exe.config

Filesize
174B

MD5
2a2df45a07478a1c77d5834c21f3d7fd

SHA1
f949e331f0d75ba38d33a072f74e2327c870d916

SHA256
051099983b896673909e01a1f631b6652abb88da95c9f06f3efef4be033091fa

SHA512
1a6dd48f92ea6b68ee23b86ba297cd1559f795946ecda17ade68aea3dda188869bba380e3ea3472e08993f4ae574c528b34c3e25503ee6119fd4f998835e09d7

Download Submit
C:\Users\Admin\AppData\Local\Lossless Scaling\Settings.xml

Filesize
2KB

MD5
9722d4173cdb869a507c57629b6aecdd

SHA1
e816426039ca9a684a60b8923780550c19c85ccd

SHA256
5d1b53f734db6ae2c37c6dbbeefa03c6745dd033c7b55ffeeb03a11aae6bc8c2

SHA512
488e3a82ffba4f8d4e5eca9c3d81302e075bfc2c2319fe9c1d3c1d6025c2b0ddc752dd53d06a6cebab1fc0720a0e11068b2295d683069db6a33aadb06e3438d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CBIHV.tmp\setup_lossless_scaling_2.9.0.tmp

Filesize
3.0MB

MD5
d7b514bf909e1e4d0f26a0595d3354ec

SHA1
88fd37a48fadb910a3a96d0e8c0b5ef559ab210d

SHA256
4e1ed66e3aa81ae7e561324d504088482c73f97fa2c0bccd59e83512b78b1259

SHA512
997bb2d23c217e1f7b589bd4440b26177a6d061b3406892368c5527f569283b56db0f6d48cb74f9a00c534ede50d05e19268e2b04fc28ec33cf5c5dcc87eb9de

Download Submit
memory/552-354-0x0000019E19D60000-0x0000019E19D61000-memory.dmp

Filesize
4KB

Download
memory/552-363-0x0000019E19D60000-0x0000019E19D61000-memory.dmp

Filesize
4KB

Download
memory/552-353-0x0000019E19D60000-0x0000019E19D61000-memory.dmp

Filesize
4KB

Download
memory/552-355-0x0000019E19D60000-0x0000019E19D61000-memory.dmp

Filesize
4KB

Download
memory/552-360-0x0000019E19D60000-0x0000019E19D61000-memory.dmp

Filesize
4KB

Download
memory/552-361-0x0000019E19D60000-0x0000019E19D61000-memory.dmp

Filesize
4KB

Download
memory/552-362-0x0000019E19D60000-0x0000019E19D61000-memory.dmp

Filesize
4KB

Download
memory/552-359-0x0000019E19D60000-0x0000019E19D61000-memory.dmp

Filesize
4KB

Download
memory/552-364-0x0000019E19D60000-0x0000019E19D61000-memory.dmp

Filesize
4KB

Download
memory/552-365-0x0000019E19D60000-0x0000019E19D61000-memory.dmp

Filesize
4KB

Download
memory/2196-11-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/2196-303-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/2196-9-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/2196-6-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/4652-321-0x0000029AF2930000-0x0000029AF2968000-memory.dmp

Filesize
224KB

Download
memory/4652-345-0x00007FF8ACDB0000-0x00007FF8AD871000-memory.dmp

Filesize
10.8MB

Download
memory/4652-320-0x0000029AF29F0000-0x0000029AF2AAA000-memory.dmp

Filesize
744KB

Download
memory/4652-317-0x00007FF8ACDB0000-0x00007FF8AD871000-memory.dmp

Filesize
10.8MB

Download
memory/4652-322-0x0000029AF34E0000-0x0000029AF34E8000-memory.dmp

Filesize
32KB

Download
memory/4652-324-0x0000029AF3500000-0x0000029AF350E000-memory.dmp

Filesize
56KB

Download
memory/4652-319-0x0000029AF2880000-0x0000029AF2932000-memory.dmp

Filesize
712KB

Download
memory/4652-340-0x00007FF8ACDB3000-0x00007FF8ACDB5000-memory.dmp

Filesize
8KB

Download
memory/4652-342-0x00007FF8ACDB0000-0x00007FF8AD871000-memory.dmp

Filesize
10.8MB

Download
memory/4652-308-0x00007FF8ACDB3000-0x00007FF8ACDB5000-memory.dmp

Filesize
8KB

Download
memory/4652-314-0x0000029AD6A70000-0x0000029AD6A7A000-memory.dmp

Filesize
40KB

Download
memory/4652-431-0x00007FF8ACDB0000-0x00007FF8AD871000-memory.dmp

Filesize
10.8MB

Download
memory/4652-313-0x0000029AD6A60000-0x0000029AD6A68000-memory.dmp

Filesize
32KB

Download
memory/4652-312-0x0000029AEF290000-0x0000029AEF2B6000-memory.dmp

Filesize
152KB

Download
memory/4652-311-0x00007FF8ACDB0000-0x00007FF8AD871000-memory.dmp

Filesize
10.8MB

Download
memory/4652-310-0x0000029AF01B0000-0x0000029AF0296000-memory.dmp

Filesize
920KB

Download
memory/4652-309-0x0000029AD4C70000-0x0000029AD4D66000-memory.dmp

Filesize
984KB

Download
memory/4716-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/4716-8-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/4716-304-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/4716-1-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download