f5238cfcaefd8a2ee74867be306062e22e79eff1430ab929871ccabdab9909ff

Resubmissions

10/10/2024, 02:43

241010-c7myravhmf 6

10/10/2024, 02:39

241010-c5akms1cnm 4

10/10/2024, 02:36

241010-c3vsssvgnf 4

Analysis

max time kernel
123s
max time network
122s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
10/10/2024, 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

More Shaders For Bloxshade.exe
Size

191KB
MD5

87c44b004cef5eb4762d3b1b08cf2850
SHA1

d79638145b474383c503e261f5ac377eaa860b73
SHA256

f5238cfcaefd8a2ee74867be306062e22e79eff1430ab929871ccabdab9909ff
SHA512

53cb324888b6cb16ad93478c7fb504fa4d62ebd23ced04fe0cfad2186944606ecb9e601366034ed137f9390a0c7b3ffc654470a8a3268524500f5dd526ca3bfe
SSDEEP

3072:WjK4UGDHXrQ8hy7qgpHulWD9ZvZ5Pf3Ca10xuZ04ntfOKhBuKsqYEa6OSyh3jqYj:WjK4TDUqgpqWDLZ5H+xuZ04FhAfqRUhZ

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
7	raw.githubusercontent.com
8	raw.githubusercontent.com
11	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\Glamayre\LICENSE	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\HLSL-Reshade-colour-remappers\White Point_No_Debug.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\NiceGuy\LICENSE	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\YASSGI\YASSGI_old_tracer.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\AgX\AgX-default_contrast.lut.png	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\AlucardDH\LICENSE	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\AlucardDH\dh_rtgi.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\CobraFX\Droste.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\deband\Deband.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\MShaders\MShaders-1-d38b1af92d047b96819c898400919798e265c1cd\Shaders\MShaders\VHSM.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\HLSL-Reshade-colour-remappers\Low_sats_check.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\README.md	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\deband\e.txt	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\guestrr\Deblur.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\MShaders\MShaders-1-d38b1af92d047b96819c898400919798e265c1cd\Shaders\MShaders\Include\MShadersCommon.fxh	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\GILT\GILT2.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\HBAO\HBAO.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\HLSL-Reshade-colour-remappers\White Point RGB 2D.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\MC\MC_TonemapHDR.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\AlucardDH\LICENSE	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\DiffuseGlow\DiffuseGlow.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\Fubax\PerfectPerspective.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\GILT\GILT1.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\lordbean\STAA.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\xbr\5XBR_NoBlend.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\NiceGuy\NGLightingUI_specular.fxh	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\NiceGuy\NGLighting_specular.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\Reinhard\Reinhard.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\YASSGI\ShaderFastMathLib.h	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\Fubax\PerfectPerspective.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\MC\MC_SSAO.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\lordbean\TSMAA2.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\MShaders\MShaders-1-d38b1af92d047b96819c898400919798e265c1cd\Shaders\MShaders\VHSM.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\CobraFX\Droste.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\GILT\GILT4.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\YASSGI\UNLICENSE	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\MShaders\MShaders-1-d38b1af92d047b96819c898400919798e265c1cd\Shaders\MShaders\Include\Functions\BlendingModes.fxh	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\guestrr\DeblurUpscaler.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\FGFX\FGFXLargeScalePerceptualObscuranceIrradiance.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\HLSL-Reshade-colour-remappers\Low_saturation_check.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\HLSL-Reshade-colour-remappers\xy Primaries 2D.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\NiceGuy\LICENSE	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\CobraFX\LongExposure.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\MShaders\MShaders-1-d38b1af92d047b96819c898400919798e265c1cd\README.md	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\MShaders\MShaders-1-d38b1af92d047b96819c898400919798e265c1cd\Textures\MShaders\LUTs\VideoCassette.png	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\GILT\GILT4_NoNoise.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\HBAO\HBAO.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\deband\Deband.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\xbr\5XBR_NoBlend.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\guestrr\DeblurUpscaler.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\MShaders\MShaders-1-d38b1af92d047b96819c898400919798e265c1cd\Shaders\MShaders\Include\Functions\AVGen.fxh	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\MShaders\MShaders-1-d38b1af92d047b96819c898400919798e265c1cd\Shaders\MShaders\Include\Functions\LUTAtlas.fxh	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\AgX\AgX-default_contrast.lut.png	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\GILT\GILT.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\GILT\GILT1.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\NiceGuy\NGLighting-Configs_specular.fxh	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\lordbean\HQAALite.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\lordbean\STAA.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\lordbean\TSMAA.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\FGFX\LICENSE	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\HLSL-Reshade-colour-remappers\Low_saturation_check.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\HLSL-Reshade-colour-remappers\xy Primaries 2D.fx	More Shaders For Bloxshade.exe
File opened for modification	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\YASSGI\YASSGI_old_tracer.fx	More Shaders For Bloxshade.exe
File created	C:\Program Files\NVIDIA Corporation\Ansel\shaders\msfb_shaders-8309018d0609f836a1ad720f758685c9b95e52f1\Glamayre\LICENSE	More Shaders For Bloxshade.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1204	MiniSearchHost.exe

C:\Users\Admin\AppData\Local\Temp\More Shaders For Bloxshade.exe
"C:\Users\Admin\AppData\Local\Temp\More Shaders For Bloxshade.exe"
1⤵
- Drops file in Program Files directory
PID:4448

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3912

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\NVIDIA Corporation\Ansel\AtmosphericDensity.fx

Filesize
22KB

MD5
06ae77d72186d92b7a8cd2b44d64cdf5

SHA1
85100e70f38697d262ad6614c1c3684ff535be0d

SHA256
145e1e87f332ba85997fd746ae66a5baccc9bc0a35f0c40cb9784629a42cd590

SHA512
1bb324424bde724ac51904ea28b22955978d436d049625cb1d76bd12837a842e2d622595df8f017292022bdf903e03da3598d68db5dc2fb8560dc3b3fd8dbe16

Download Submit
C:\Program Files\NVIDIA Corporation\Ansel\GILT1.fx

Filesize
10KB

MD5
34d305cf2d7388c70eddc2d356cb8061

SHA1
78f6a843f4eeb59cc42b59a4d03b6afae4662b85

SHA256
782e04dfab2acc9a8e8e242bd0356176a0c739ab5a308dd729e31c696452d14c

SHA512
f4fcba89c6f652a85880a090c2192889336e54d0238771597f08a9b0ee1978e6fb81d08767487b1c2d3f1f5c22d2cf171acfbdacc2330d94b8bde05d9e4a976e

Download Submit
C:\Program Files\NVIDIA Corporation\Ansel\GILT4.fx

Filesize
9KB

MD5
bc3086658a9768dfc8f56796133dec65

SHA1
ff0e024927a97d2b2330a90b23a7b129b37d2806

SHA256
1bfcb91166e62d8a22e6ad3d486c1e91173b490fd008cb45e228e0cda568b6a8

SHA512
f9800ef07f1542abee78745a9b28d49503543b58f8a051ab388194ed9ed9049b9d1faee7003f9599a97ef9c30ef0d37f9a9bbfa35f10d769f63093465fe6a561

Download Submit
C:\Program Files\NVIDIA Corporation\Ansel\GloomAO.fx

Filesize
62KB

MD5
0d9fba5fa5c3e723e60cf28f44912b30

SHA1
24214e1228ea7c61a13bbcc7ffc94239d8aca2f5

SHA256
f781159a81140878b1764fb60c216d27150f26702ccf6c12f763525c20022555

SHA512
70d44363ce73cb2aea935956450263ec9207b13ce8703c1d6d7798a663318015c12d020aa5726d5f338f55bc82ca72cf33d04d0ca5af2f89e32094093a8e986f

Download Submit
C:\Program Files\NVIDIA Corporation\Ansel\Particles.fx

Filesize
21KB

MD5
c6ebe76d611bab3db436fbb9e9859049

SHA1
109a24882738a6adf23920dbc20b4c9e25e70e0c

SHA256
eec60790e0e8a727dbcbcad85b7e0a05689d76c76e5d6996a37613476681a24b

SHA512
4bce7546ec5975bd46df28e54f28cea5db503deed64f4541df80e780eff4b2425452146a491226fe89fa87a16552bf1887102c61e3a3c66de1589610e37d3d15

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
96329c73cc49cd960e2485210d01c4d2

SHA1
a496b98ad2f2bbf26687b5b7794a26aa4470148e

SHA256
4c159cab6c9ef5ff39e6141b0ccb5b8c6251a3d637520609dfbdd852fa94d466

SHA512
e98736a879cad24c693d6c5939654b2fd25bf9d348f738668624214f22d541a9b781c967201ab2d43cbac9207946824a0299d482485f4b63c48d5d2a839e5baf

Download Submit