Overview

overview

5

Static

static

1

Screenshot...PM.zip

windows7-x64

5

Screenshot...PM.zip

windows10-2004-x64

1

Analysis

  • max time kernel
    214s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    04-08-2024 16:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Screenshots8-4-2024-12-22PM.zip

  • Size

    41KB

  • MD5

    1df9a18b18332f153918030b7b516615

  • SHA1

    6c42c62696616b72bbfc88a4be4ead57aa7bc503

  • SHA256

    bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

  • SHA512

    6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80

  • SSDEEP

    768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of SetWindowsHookEx 23 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Screenshots8-4-2024-12-22PM.zip
    1⤵
      PID:2088
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1408
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x144
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2868
      • C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\SearchIndexer.exe /Embedding
        1⤵
        • Modifies data under HKEY_USERS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2964
        • C:\Windows\system32\SearchProtocolHost.exe
          "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
          2⤵
          • Drops file in System32 directory
          • Modifies data under HKEY_USERS
          • Suspicious use of SetWindowsHookEx
          PID:1064
        • C:\Windows\system32\SearchFilterHost.exe
          "C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
          2⤵
          • Modifies data under HKEY_USERS
          PID:1236

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
        Filesize

        1024KB

        MD5

        914ccd5abf3969f3b7a886c57cec5202

        SHA1

        db8e5f8c1f038a8f3401b49d2ea394f3995ec18d

        SHA256

        1125a4e1266c297122c7341938776ad9a5bbf782e2dfd2db7589787fcda31d30

        SHA512

        0207b8db600c0eb47b46f663f9eeb09db5c71fab34e5221b4611413a7a19629821986da37c2ff5cb06997c09df220be59cec4d0e1cdaf567f082c89782056a77

        Download Submit

      • memory/2964-51-0x0000000001280000-0x0000000001281000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2964-66-0x0000000003330000-0x0000000003338000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2964-43-0x0000000001440000-0x0000000001441000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2964-42-0x0000000001480000-0x0000000001488000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2964-49-0x0000000001440000-0x0000000001448000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2964-0-0x0000000001B30000-0x0000000001B40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2964-60-0x0000000001490000-0x0000000001498000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2964-16-0x0000000001C30000-0x0000000001C40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2964-73-0x0000000005230000-0x0000000005238000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2964-75-0x0000000005280000-0x0000000005281000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2964-74-0x0000000005290000-0x0000000005298000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2964-78-0x00000000052C0000-0x00000000052C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2964-85-0x0000000005500000-0x0000000005508000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2964-89-0x00000000055B0000-0x00000000055B1000-memory.dmp

        Filesize

        4KB

        Download