2fc040143ffdf72ebff222147e437b59309325b89479f50f0d8fad6afbc5c25c

Analysis

max time kernel
95s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/scenic-surfsup-screensaver.exe
Size

1.5MB
MD5

4aa39620ed7d3069a6642d3cea044c7c
SHA1

ce278c857e39c8df0374f4d75aee707c2a272294
SHA256

90f339fe11994eaea3c3e8d83c83240ea0357b257852b17007c008322ec4c2d1
SHA512

8781282699293330d79b017c29e7bdaa5614974376bd6d5b1dd0c126e55ff16a6268e32d3549b12813b0c61b77e6a14246eef6f5cf4d98c68ba418f0e8f4cf51
SSDEEP

49152:xyYQZuTWblogtmDRaCh2liWoWu8DBGOYcQ6N1:xyYQnGWgRKUCJYGN1

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	scenic-surfsup-screensaver.exe

Executes dropped EXE 1 IoCs

pid	Process
3516	Scenic- Surf's up.scr

Loads dropped DLL 2 IoCs

pid	Process
2480	scenic-surfsup-screensaver.exe
3516	Scenic- Surf's up.scr

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Macromed\Flash\flash8.ocx	scenic-surfsup-screensaver.exe
File opened for modification	C:\Windows\SysWOW64\Macromed\Flash\flash8.ocx	scenic-surfsup-screensaver.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Scenic- Surf's up\Uninstall.exe	scenic-surfsup-screensaver.exe
File opened for modification	C:\Program Files (x86)\Scenic- Surf's up\Uninstall.ini	scenic-surfsup-screensaver.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Scenic- Surf's up.scr	scenic-surfsup-screensaver.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	scenic-surfsup-screensaver.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Scenic- Surf's up.scr

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Scenic- Surf's up.scr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Scenic- Surf's up.scr

Modifies Control Panel 5 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\SCRNSAVE.EXE = "C:\\Windows\\SCENIC~1.SCR"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\SCRNSAVE.EXE = "C:\\Windows\\SCENIC~1.SCR"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\ScreenSaveActive = "1"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\ScreenSaveTimeOut = "900"	rundll32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib\Version = "1.0"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0\0\win32	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}\TypeLib\ = "{57A0E746-3863-4D20-A811-950C84F1DB9B}"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.4	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\ = "FlashProp Class"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.3\ = "Shockwave Flash Object"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5\CLSID	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/futuresplash\CLSID = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{57A0E747-3863-4D20-A811-950C84F1DB9B}\ = "IFlashAccessibility"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{57A0E747-3863-4D20-A811-950C84F1DB9B}	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\ = "Shockwave Flash Object"	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\TypeLib\ = "{D27CDB6B-AE6D-11CF-96B8-444553540000}"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashProp.FlashProp\ = "FlashProp Class"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0\FLAGS	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.swf	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/futuresplash	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CurVer\ = "ShockwaveFlash.ShockwaveFlash.8"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32\ = "C:\\Windows\\SysWow64\\Macromed\\Flash\\flash8.ocx"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashProp.FlashProp\CurVer	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID\ = "ShockwaveFlash.ShockwaveFlash"	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.swf\Content Type = "application/x-shockwave-flash"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\CLSID	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory\CLSID\ = "{D27CDB70-AE6D-11cf-96B8-444553540000}"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\0\win32\ = "C:\\Windows\\SysWow64\\Macromed\\Flash\\flash8.ocx"	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version\ = "1.0"	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32\ = "C:\\Windows\\SysWow64\\Macromed\\Flash\\flash8.ocx, 1"	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.spl\ = "ShockwaveFlash.ShockwaveFlash"	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.4\CLSID	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.6\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}\ProxyStubClsid32	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashProp.FlashProp	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}\TypeLib\Version = "1.0"	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.3\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32\ThreadingModel = "Apartment"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\0\win32	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0\FLAGS\ = "0"	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.4\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\ = "0"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.spl	scenic-surfsup-screensaver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib\ = "{D27CDB6B-AE6D-11CF-96B8-444553540000}"	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}	scenic-surfsup-screensaver.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{60409BC0-4978-11d6-9E1E-204C4F4F5020}\Scenic- Surf's up\Data = e8070900040013001300200003000000	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32	scenic-surfsup-screensaver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashProp.FlashProp.1	scenic-surfsup-screensaver.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2480	scenic-surfsup-screensaver.exe
2480	scenic-surfsup-screensaver.exe
3516	Scenic- Surf's up.scr
3516	Scenic- Surf's up.scr

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 1772	2480	scenic-surfsup-screensaver.exe	82
PID 2480 wrote to memory of 1772	2480	scenic-surfsup-screensaver.exe	82
PID 2480 wrote to memory of 1772	2480	scenic-surfsup-screensaver.exe	82
PID 1772 wrote to memory of 3516	1772	rundll32.exe	83
PID 1772 wrote to memory of 3516	1772	rundll32.exe	83
PID 1772 wrote to memory of 3516	1772	rundll32.exe	83

C:\Users\Admin\AppData\Local\Temp\$TEMP\scenic-surfsup-screensaver.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\scenic-surfsup-screensaver.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\SysWOW64\rundll32.exe
  "C:\Windows\System32\rundll32.exe" desk.cpl,InstallScreenSaver C:\Windows\Scenic- Surf's up.scr
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Control Panel
  - Suspicious use of WriteProcessMemory
  PID:1772
- - C:\Windows\Scenic- Surf's up.scr
    "C:\Windows\Scenic- Surf's up.scr" /p 328330
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious use of SetWindowsHookEx
    PID:3516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

Filesize
1KB

MD5
ad3fccf15709cf647bf96fac34496b31

SHA1
6a6de954c54bd23c89dd74af31e6b61d8b1d0646

SHA256
ecfd2cd5c912cc216758c94a380dfd15a07f7fc36c1014f77a1d08944d50b532

SHA512
94308f637e71fb9a5b6d66eeaaffe87bc011a1810f8a8877145fa2818db2f7c02d8c2715064e8f94bfe78984930b611537638ac3b283b9111431f40cfa49fa53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

Filesize
1KB

MD5
3299a47b8d9001cd17a47c955a6fe394

SHA1
8367ebdd29608b4f02d2a1ee26aee8e6d43a74a2

SHA256
2cfad57e26924c0825cb98cc8c94178eb10d2777996cd8179a20913af236a6e3

SHA512
cdaca22c9f9bc4cf61bf75155286b53cae1fadb20b6143bc3b7c4c34501a6a99bed08a577d6e58cce7ef34c09f445f52e4b4f8abc6f4e0925399c430844c270c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

Filesize
1KB

MD5
ec41df3e96b477134842c7e12ce088a7

SHA1
4d2da577b4c4c903ceeea5c103b61b92a70ce047

SHA256
eec99534d365f50b2b1a8645b6f672d554e2df99b78c0be933870d76a5fb981e

SHA512
a27c0d777b2170dd84cebf96c6e1d2bbe0223f9147f54488dec2933e0a3c19226e19ffd340e649dd16d2445e3d9114e8dde9e29d41aa81718317afcd20615dee

Download Submit
C:\Users\Admin\AppData\Local\Temp\flash8.ocx

Filesize
1.4MB

MD5
900373c059c2b51ca91bf110dbdecb33

SHA1
102b086d6054c2cea813ef316ce24440c458762b

SHA256
31453fd8f743c19e27f8fa04ee88dfebe95a7884cdfbc15ab0eb8994829aad61

SHA512
b17d68cd1e4f1c2fcc7f07de657af144302d4a0cb7b6a0d6bbed4fcd39227481abae73df2d59bf13a31a47b2b6aba820182881b43e638aa00da75ba6b94adbfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\instcfg.ini

Filesize
299B

MD5
562636dfd2d2370b7118bcd319a52a89

SHA1
43dd6f0fd2e954825822bf3c9d9720d077f74305

SHA256
24314bb42b61cd13a361bee6124b91e0b50de068a4a52b257021f4ccc7315167

SHA512
f511f0d992dd13560afd3696e7a28acd1209d2a98b73014c955d6fad120d9808ef3b668767087dea3b3078b5dc348a3714c72358da25a43662005a2eef5aa9c4

Download Submit
C:\Users\Admin\AppData\Local\scrcfg.ini

Filesize
758B

MD5
daf6b156b11ebb26f93863b6d028ca60

SHA1
018d497a359faa2530c8bfd2722fa81fb2542479

SHA256
e0d408cf5e323f6cb4444e720ef771558f32e39eda89c4c0bce1909452a14583

SHA512
7adeb4d2a503af225b290e47db0bc41161014878543c02f7937fb26fc403076b0a6e1c9c5cbb21479ce21f5e6a74c4171f4fd776a50184db4ed988f962b4795f

Download Submit
C:\Windows\Scenic- Surf's up.scr

Filesize
685KB

MD5
5802762f6362858663b9e03d2063977c

SHA1
1763d4dfca330ea797af4a23468cc1dc39a438fb

SHA256
1e2ab892be751758e257517ad75fb25db658cac0898a02b1878deccaaa62a026

SHA512
bb799802d341c92a8d910497265d7e7c77e867e2478ccc0a18543ec5834affaf5773d56fd3056eb601af9099496e5adfa2c4569815f48c14c18af345923a1c79

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads