4b45d78e5b7fd57273c5e4f61c1440e13b6c8a85c6c0c1f9dbff74ac425ceae2

Analysis

max time kernel
95s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SCREEN2EXE/Player.exe
Size

120KB
MD5

01f8d5ead46d109190b275d73d7922ff
SHA1

fa9dc934c38253c4d59975ae27c6811391721e93
SHA256

450f519308e460e596532c4b2429decfb07f621929ab99c97dbd698359f7f373
SHA512

ccaab53488877e53c3a04ed332240004dd695fb16cd2e811d02da5bdd6e918540d995a382553175c8eb20692b51d5a877c95c484ca6f9c11dbab9730300ee165
SSDEEP

1536:9Nv/fxOcGHPNVbOzbbX0reIU5nfKOmIOEnToIftuSqfs3:3vx47GTrIIfKOEoTBftuSqfs

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 18 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Player.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Player.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Player.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Player.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Player.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Player.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Player.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Player.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Player.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Player.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Player.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	Player.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Player.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings	Player.exe
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Player.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Player.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Player.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	Player.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3256	Player.exe
3256	Player.exe
3256	Player.exe
3256	Player.exe

C:\Users\Admin\AppData\Local\Temp\SCREEN2EXE\Player.exe
"C:\Users\Admin\AppData\Local\Temp\SCREEN2EXE\Player.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads