e7048785f353dd193c13352cb7b65e8c6b9c4e9c87f71a108b85854fcd9f15a6

Analysis

max time kernel
6s
max time network
4s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/10/2024, 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Injector/Extreme Injector v3.exe
Size

1.9MB
MD5

ec801a7d4b72a288ec6c207bb9ff0131
SHA1

32eec2ae1f9e201516fa7fcdc16c4928f7997561
SHA256

b65f40618f584303ca0bcf9b5f88c233cc4237699c0c4bf40ba8facbe8195a46
SHA512

a07dd5e8241de73ce65ff8d74acef4942b85fc45cf6a7baafd3c0f9d330b08e7412f2023ba667e99b40e732a65e8fb4389f7fe73c7b6256ca71e63afe46cdcac
SSDEEP

49152:NNEVtO1U1y1DDDDDD7Llngq7NNMqU0p2Vhk9a:NNEVJyZlng4p2V

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
2	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 45 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Extreme Injector v3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	Extreme Injector v3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Extreme Injector v3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Extreme Injector v3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Extreme Injector v3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Extreme Injector v3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Extreme Injector v3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Extreme Injector v3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Extreme Injector v3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Extreme Injector v3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Extreme Injector v3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Extreme Injector v3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Extreme Injector v3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Extreme Injector v3.exe
Key created	\Registry\User\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\NotificationData	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	Extreme Injector v3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Extreme Injector v3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	Extreme Injector v3.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe
2348	Extreme Injector v3.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2348	Extreme Injector v3.exe
Token: 33	2348	Extreme Injector v3.exe
Token: SeIncBasePriorityPrivilege	2348	Extreme Injector v3.exe
Token: SeDebugPrivilege	2348	Extreme Injector v3.exe
Token: 33	2348	Extreme Injector v3.exe
Token: SeIncBasePriorityPrivilege	2348	Extreme Injector v3.exe
Token: 33	2348	Extreme Injector v3.exe
Token: SeIncBasePriorityPrivilege	2348	Extreme Injector v3.exe
Token: 33	2348	Extreme Injector v3.exe
Token: SeIncBasePriorityPrivilege	2348	Extreme Injector v3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2348	Extreme Injector v3.exe

C:\Users\Admin\AppData\Local\Temp\Injector\Extreme Injector v3.exe
"C:\Users\Admin\AppData\Local\Temp\Injector\Extreme Injector v3.exe"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2348-0-0x00007FF9CFC13000-0x00007FF9CFC15000-memory.dmp

Filesize
8KB

Download
memory/2348-1-0x0000000000690000-0x0000000000876000-memory.dmp

Filesize
1.9MB

Download
memory/2348-2-0x00007FF9CFC10000-0x00007FF9D06D2000-memory.dmp

Filesize
10.8MB

Download
memory/2348-4-0x000000001DA70000-0x000000001DAAC000-memory.dmp

Filesize
240KB

Download
memory/2348-3-0x000000001B8F0000-0x000000001B902000-memory.dmp

Filesize
72KB

Download
memory/2348-6-0x00007FF9CFC10000-0x00007FF9D06D2000-memory.dmp

Filesize
10.8MB

Download
memory/2348-7-0x00007FF9CFC10000-0x00007FF9D06D2000-memory.dmp

Filesize
10.8MB

Download
memory/2348-8-0x00007FF9CFC10000-0x00007FF9D06D2000-memory.dmp

Filesize
10.8MB

Download
memory/2348-9-0x00007FF9CFC13000-0x00007FF9CFC15000-memory.dmp

Filesize
8KB

Download
memory/2348-10-0x00007FF9CFC10000-0x00007FF9D06D2000-memory.dmp

Filesize
10.8MB

Download
memory/2348-11-0x00007FF9CFC10000-0x00007FF9D06D2000-memory.dmp

Filesize
10.8MB

Download