6e64e3556c669708a3ad7a26c29a7044074a559507fa7f988c0612c42519ceb9

Resubmissions

12-09-2024 23:24

240912-3dr9gs1dlj 6

12-09-2024 23:18

240912-3ajg6s1blp 6

12-09-2024 23:09

240912-25l14s1dkh 10

12-09-2024 23:02

240912-21hsws1bne 6

Analysis

max time kernel
141s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mouse-jiggler_uTUBd-1.exe
Size

2.4MB
MD5

d8ad93ef2790aa264ab569f5ba8a67cb
SHA1

67b01f6a855b6c5def8863b0d2ef157a44762a28
SHA256

94375dbac8e6dfd152a3c3b9e33d1c6fc18d5f86e2b486124cc4f67dbef68ce6
SHA512

5fdc98ed246ada2f1db0335fed19eb72b776bf7075ebd3e0c4d16cdc448e285a9e63141c487e3c96297b876313ccc7ed135689ece9223e3d0d9526169e6d0d95
SSDEEP

49152:nBuZrEUJje0NQq5rISAGFncaWt+ugsv6fhcUiVoX:BkLxNNC7e9Wt+ugsv6fhcsX

Score

4^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2440	mouse-jiggler_uTUBd-1.tmp

Loads dropped DLL 1 IoCs

pid	Process
2440	mouse-jiggler_uTUBd-1.tmp

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mouse-jiggler_uTUBd-1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mouse-jiggler_uTUBd-1.tmp

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	mouse-jiggler_uTUBd-1.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	mouse-jiggler_uTUBd-1.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	16	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2440	mouse-jiggler_uTUBd-1.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 2440	1980	mouse-jiggler_uTUBd-1.exe	91
PID 1980 wrote to memory of 2440	1980	mouse-jiggler_uTUBd-1.exe	91
PID 1980 wrote to memory of 2440	1980	mouse-jiggler_uTUBd-1.exe	91

C:\Users\Admin\AppData\Local\Temp\mouse-jiggler_uTUBd-1.exe
"C:\Users\Admin\AppData\Local\Temp\mouse-jiggler_uTUBd-1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Users\Admin\AppData\Local\Temp\is-4N48I.tmp\mouse-jiggler_uTUBd-1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-4N48I.tmp\mouse-jiggler_uTUBd-1.tmp" /SL5="$110064,1583351,832512,C:\Users\Admin\AppData\Local\Temp\mouse-jiggler_uTUBd-1.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:2440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4216,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=4012 /prefetch:8
1⤵
PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-4N48I.tmp\mouse-jiggler_uTUBd-1.tmp

Filesize
3.1MB

MD5
52263ba53784a017b4c47b092643dd24

SHA1
f12942694efc30db81b938702af1ebc5b8d68415

SHA256
30848b34a4fba4a601332f90a6f4327ef3c1c9f943dc35c764ee3aeaba412600

SHA512
754f8f18090297ee5815b48aa745feed2b54cd6fb555645a607ea42400b6149e4556be6403b927e848e595c07377585355e173ad7f52795112029ee4f6923e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GMUBC.tmp\Helper.dll

Filesize
2.0MB

MD5
4eb0347e66fa465f602e52c03e5c0b4b

SHA1
fdfedb72614d10766565b7f12ab87f1fdca3ea81

SHA256
c73e53cbb7b98feafe27cc7de8fdad51df438e2235e91891461c5123888f73cc

SHA512
4c909a451059628119f92b2f0c8bcd67b31f63b57d5339b6ce8fd930be5c9baf261339fdd9da820321be497df8889ce7594b7bfaadbaa43c694156651bf6c1fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GMUBC.tmp\loader.gif

Filesize
10KB

MD5
12d7fd91a06cee2d0e76abe0485036ee

SHA1
2bf1f86cc5f66401876d4e0e68af8181da9366ac

SHA256
a6192b9a3fa5db9917aef72d651b7ad8fd8ccb9b53f3ad99d7c46701d00c78cb

SHA512
17ab033d3518bd6d567f7185a3f1185410669062d5ec0a0b046a3a9e8a82ee8f8adb90b806542c5892fc1c01dd3397ea485ebc86e4d398f754c40daf3c333edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GMUBC.tmp\mainlogo.png

Filesize
4KB

MD5
86219ad8e1b91f227e5755ada431e90e

SHA1
88208cae6ffcb1a9842172d99502570ba2bd681f

SHA256
f3bd15f5a6ca432a10421c531991a46c2466fb5688b40e474316ff3526ecb37a

SHA512
70021a45057e0d038de8cf6fb663be906857f766cb570c750fd246bf7e6f4c76771ef71a438e16041df173963e2bacc3d11295db392439fe30b361dd422ba33e

Download Submit
memory/1980-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1980-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/1980-19-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2440-6-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2440-20-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2440-30-0x0000000003600000-0x0000000003740000-memory.dmp

Filesize
1.2MB

Download
memory/2440-31-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2440-34-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download