b1dd524d8cc9084acbf2057efc5f98032517d0b856aed973442bdabb109e28e1

Analysis

max time kernel
93s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 20:47

Target

Wa0Desktop/Wa0Desktop.exe
Size

525KB
MD5

eac92247ece5e57d976c6951700c5c29
SHA1

ec34cdc7f1b60711e788b27f9195dbcac9944cd0
SHA256

1107b0d261e6ab09de3f2a8d4c4d9962c24f283fbe49bf8729678d6d23f6c5b7
SHA512

3531746634da6cacbed719cf8e6b0fd44741a74da0e3f7bbde5c06a56139db493195de42f6c585c52f4dffaadea0dee98afd716e0b748b784415975fc79f2715
SSDEEP

6144:+zFqcN1ybYbW4woDLFugjyp6FsGig4Rtwv/IP:dcLyydHDEgjyp5c4sv/0

Score

6^/10

Adds Run key to start application 2 TTPs 1 IoCs

Registry Run Keys / Startup Folder

Modify Registry

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FrogSpriteDeskTop = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Wa0Desktop\\Wa0Desktop.exe"	Wa0Desktop.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wa0Desktop.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\Desktop\WindowMetrics\Shell Icon Size = "32"	Wa0Desktop.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4484	Wa0Desktop.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4484	Wa0Desktop.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4484	Wa0Desktop.exe