Overview

overview

7

Static

static

5

Silent Ins...32.cmd

windows11-21h2-x64

7

Silent Ins...64.cmd

windows11-21h2-x64

7

Silent Uni...ng.cmd

windows11-21h2-x64

5

Silent Updating.cmd

windows11-21h2-x64

7

VSTHEMES.pdf

windows11-21h2-x64

3

Wallpaper_...in.exe

windows11-21h2-x64

7

source.url

windows11-21h2-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    275s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/07/2024, 10:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Silent Updating.cmd

  • Size

    1KB

  • MD5

    9d50661c9bd69ba87c710ade3e8777a8

  • SHA1

    7aca8382068502519fd9bce4dffa102166be1061

  • SHA256

    14e6d91b1253e4154316a4ace7894144bfa50c13cce86cd5f133edf4b228ae93

  • SHA512

    c4bd6254915e0191b3ccaeb5d7e0482a01935a011f5dbf02e4151477f7fe8c64b1bf46b3206e54b982b4e13c0de6d91f3839551cc73ae97495f9173638be9426

Score
7/10
defense_evasiondiscoveryprivilege_escalation

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs
    defense_evasionprivilege_escalation
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Silent Updating.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1876
    • C:\Windows\system32\mode.com
      mode con:cols=145 lines=15
      2⤵
        PID:3056
      • C:\Windows\system32\reg.exe
        reg add hkcu\software\classes\.Admin\shell\runas\command /f /ve /d "cmd /x /d /r set \"f0=%2\" &call \"%2\" %3"
        2⤵
        • Access Token Manipulation: Create Process with Token
        • Modifies registry class
        • Modifies registry key
        PID:1580
      • C:\Windows\system32\fltMC.exe
        fltmc
        2⤵
          PID:4396
        • C:\Users\Admin\AppData\Local\Temp\Wallpaper_Engine_v2.5.28_RePack_by_xetrin.exe
          "C:\Users\Admin\AppData\Local\Temp\Wallpaper_Engine_v2.5.28_RePack_by_xetrin.exe" /UPDATE /VERYSILENT
          2⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1996
          • C:\Users\Admin\AppData\Local\Temp\is-HL8AU.tmp\Wallpaper_Engine_v2.5.28_RePack_by_xetrin.tmp
            "C:\Users\Admin\AppData\Local\Temp\is-HL8AU.tmp\Wallpaper_Engine_v2.5.28_RePack_by_xetrin.tmp" /SL5="$A027A,168019810,261120,C:\Users\Admin\AppData\Local\Temp\Wallpaper_Engine_v2.5.28_RePack_by_xetrin.exe" /UPDATE /VERYSILENT
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of SetWindowsHookEx
            PID:1080
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 888
              4⤵
              • Program crash
              PID:2064
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 904
              4⤵
              • Program crash
              PID:352
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1080 -ip 1080
        1⤵
          PID:984
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1080 -ip 1080
          1⤵
            PID:1604

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\is-HK63J.tmp\_isetup\_iscrypt.dll
            Filesize

            2KB

            MD5

            a69559718ab506675e907fe49deb71e9

            SHA1

            bc8f404ffdb1960b50c12ff9413c893b56f2e36f

            SHA256

            2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

            SHA512

            e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\is-HL8AU.tmp\Wallpaper_Engine_v2.5.28_RePack_by_xetrin.tmp
            Filesize

            3.9MB

            MD5

            848b24f1b76decdb88171c832513e206

            SHA1

            92cc0f8d2a7576140276a043fa5783746584c6fc

            SHA256

            43f18653a4ce3ed5ba0a5290bbb830d1cb254f8f2737e71780ca6d3f00ecedb8

            SHA512

            3ba654d88dfac74922bfddcf0761cc0073f58cbf29c0fbd559c719dae56c04889783b6bc15276560a1ff0a6780ca0f7c5c40ce98074db12978e09d3a91957bc8

            Download Submit

          • memory/1080-62-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-57-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-12-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-32-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-31-0x0000000003820000-0x0000000003821000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-33-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-30-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-39-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-38-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-56-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-55-0x00000000038A0000-0x00000000038A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-53-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-52-0x0000000003890000-0x0000000003891000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-51-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-48-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-47-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-46-0x0000000003870000-0x0000000003871000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-45-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-44-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-43-0x0000000003860000-0x0000000003861000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-42-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-41-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-40-0x0000000003850000-0x0000000003851000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-54-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-59-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-63-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-66-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-80-0x0000000000400000-0x0000000000809000-memory.dmp

            Filesize

            4.0MB

            Download

          • memory/1080-81-0x0000000000400000-0x0000000000809000-memory.dmp

            Filesize

            4.0MB

            Download

          • memory/1080-65-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-64-0x00000000038D0000-0x00000000038D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-60-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-28-0x0000000003810000-0x0000000003811000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-23-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-34-0x0000000003830000-0x0000000003831000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-58-0x00000000038B0000-0x00000000038B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-50-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-49-0x0000000003880000-0x0000000003881000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-37-0x0000000003840000-0x0000000003841000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-35-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-36-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-61-0x00000000038C0000-0x00000000038C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-29-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-26-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-25-0x0000000003800000-0x0000000003801000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-27-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-24-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-22-0x00000000037F0000-0x00000000037F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-21-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-20-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-19-0x00000000030D0000-0x00000000030D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-18-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-17-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-16-0x00000000030C0000-0x00000000030C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-14-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-15-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-13-0x00000000030B0000-0x00000000030B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-11-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-6-0x0000000003090000-0x0000000003091000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-10-0x00000000030A0000-0x00000000030A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1080-9-0x0000000000400000-0x0000000000809000-memory.dmp

            Filesize

            4.0MB

            Download

          • memory/1080-8-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1080-7-0x00000000027A0000-0x00000000028E0000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1996-2-0x0000000000401000-0x000000000041B000-memory.dmp

            Filesize

            104KB

            Download

          • memory/1996-1-0x0000000000400000-0x000000000044B000-memory.dmp

            Filesize

            300KB

            Download

          • memory/1996-84-0x0000000000400000-0x000000000044B000-memory.dmp

            Filesize

            300KB

            Download