Overview

overview

4

Static

static

1

cyanogenmo...X1.exe

windows10-1703-x64

4

Analysis

  • max time kernel
    76s
  • max time network
    79s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02/08/2024, 17:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cyanogenmod-installer-1.0.0.0-installer_Mtd-CX1.exe

  • Size

    1.7MB

  • MD5

    e919f0567a75876f9ee34885cdea925a

  • SHA1

    23cb9a9fc90a0de78173a6861e10867097a5005e

  • SHA256

    b128232a0fac18dc4d5feaac53445a47b53b89cd87d49139f40d4f4e87721e7b

  • SHA512

    b7f4b1e4f2c3ff1e3e6bec66f089a7e725a14b2cae88d68912dde191eddd282b5c0c9181fea98f74f2b7a269be198ba6600daa73a3afe2b5a39d9aac8230f978

  • SSDEEP

    24576:a7FUDowAyrTVE3U5F/a0bQWwN9RU36Sh/SMhXzF58vMGIYTAy+S7kSJ:aBuZrEUc9j6pjIMGFTKakC

Score
4/10
discovery

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 29 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 56 IoCs
  • Suspicious use of SendNotifyMessage 55 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cyanogenmod-installer-1.0.0.0-installer_Mtd-CX1.exe
    "C:\Users\Admin\AppData\Local\Temp\cyanogenmod-installer-1.0.0.0-installer_Mtd-CX1.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4700
    • C:\Users\Admin\AppData\Local\Temp\is-HEOLQ.tmp\cyanogenmod-installer-1.0.0.0-installer_Mtd-CX1.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-HEOLQ.tmp\cyanogenmod-installer-1.0.0.0-installer_Mtd-CX1.tmp" /SL5="$600CA,837551,832512,C:\Users\Admin\AppData\Local\Temp\cyanogenmod-installer-1.0.0.0-installer_Mtd-CX1.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious use of FindShellTrayWindow
      PID:5044
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3920
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:740

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\is-AB9VI.tmp\RAV_Cross.png
      Filesize

      56KB

      MD5

      4167c79312b27c8002cbeea023fe8cb5

      SHA1

      fda8a34c9eba906993a336d01557801a68ac6681

      SHA256

      c3bf350627b842bed55e6a72ab53da15719b4f33c267a6a132cb99ff6afe3cd8

      SHA512

      4815746e5e30cbef626228601f957d993752a3d45130feeda335690b7d21ed3d6d6a6dc0ad68a1d5ba584b05791053a4fc7e9ac7b64abd47feaa8d3b919353bb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-AB9VI.tmp\WebAdvisor.png
      Filesize

      46KB

      MD5

      5fd73821f3f097d177009d88dfd33605

      SHA1

      1bacbbfe59727fa26ffa261fb8002f4b70a7e653

      SHA256

      a6ecce54116936ca27d4be9797e32bf2f3cfc7e41519a23032992970fbd9d3ba

      SHA512

      1769a6dfaa30aac5997f8d37f1df3ed4aab5bbee2abbcb30bde4230afed02e1ea9e81720b60f093a4c7fb15e22ee15a3a71ff7b84f052f6759640734af976e02

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-AB9VI.tmp\mainlogo.png
      Filesize

      3KB

      MD5

      30e44afb16319a2d48f33caefacbcd17

      SHA1

      72afa813f54c784d2337bdde37b3b19a10384b61

      SHA256

      7c9050777e287cb29082381178f8aac0d59f7b2f55eb7acf21d6ed0fb9591eac

      SHA512

      84d09bfbef9f29f10431f2a7fbd8a94fb0603e70eef3cc9f53ec68ba8f5ecd83113c7f2ea901123871c1872c180233980bdd8e6d110310bc40347ac1090560f5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-HEOLQ.tmp\cyanogenmod-installer-1.0.0.0-installer_Mtd-CX1.tmp
      Filesize

      3.1MB

      MD5

      d4a9383fda9f356a0d2edf77118b20be

      SHA1

      ff1b4583b52f388f0fd0831b503abd9a85465529

      SHA256

      c9f122cb7efba9528f5b9ec06f47dbc20919b694fc9ed5d8084f34fbeea7e297

      SHA512

      30d9388db8d33be3f2e04375677d6c238d827c6a6aba362946a047631b74b45431e3ca3d82fad860ffdc06e4cb38bb4e98d1224c86da898416bf37c551e7454d

      Download Submit

    • C:\Users\Admin\Downloads\cyanogenmod-installer-1.0.0.0-installer.exe
      Filesize

      2.0MB

      MD5

      034bbdbe51110bd38885e0ad614a67d2

      SHA1

      f68917c1d9a4c887c64d199643165ca4399899ed

      SHA256

      88db4a55d8f8fb4e85baa066f71c3d9e70a49388ccc42ed46c6fbcb5d1e9d1fd

      SHA512

      55711641feee41bcb1a57904cd20c10cd8beecb5ac3dc5bd5111b707fca2682c8c2bca64106dc6ef77a8e374fe72edc0bdec3353799c5d0afe45373d6173f23e

      Download Submit

    • memory/4700-2-0x0000000000401000-0x00000000004B7000-memory.dmp

      Filesize

      728KB

      Download

    • memory/4700-59-0x0000000000400000-0x00000000004D8000-memory.dmp

      Filesize

      864KB

      Download

    • memory/4700-0-0x0000000000400000-0x00000000004D8000-memory.dmp

      Filesize

      864KB

      Download

    • memory/4700-26-0x0000000000400000-0x00000000004D8000-memory.dmp

      Filesize

      864KB

      Download

    • memory/5044-32-0x0000000000400000-0x000000000071C000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/5044-19-0x0000000004B40000-0x0000000004C80000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/5044-25-0x0000000000400000-0x000000000071C000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/5044-24-0x0000000004B40000-0x0000000004C80000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/5044-31-0x0000000004B40000-0x0000000004C80000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/5044-27-0x0000000000400000-0x000000000071C000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/5044-6-0x0000000000400000-0x000000000071C000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/5044-46-0x0000000004B40000-0x0000000004C80000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/5044-57-0x0000000000400000-0x000000000071C000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/5044-20-0x0000000000400000-0x000000000071C000-memory.dmp

      Filesize

      3.1MB

      Download