Overview
overview
10Static
static
10Cina/Deskt...ize.sh
windows7-x64
3Cina/Deskt...ize.sh
windows10-2004-x64
3Cina/Deskt...GL.dll
windows7-x64
3Cina/Deskt...GL.dll
windows10-2004-x64
3Cina/Deskt...v2.dll
windows7-x64
3Cina/Deskt...v2.dll
windows10-2004-x64
3Cina/Deskt...er.exe
windows7-x64
8Cina/Deskt...er.exe
windows10-2004-x64
8Cina/Deskt...er.dll
windows7-x64
3Cina/Deskt...er.dll
windows10-2004-x64
3Cina/Deskt...-1.dll
windows7-x64
3Cina/Deskt...-1.dll
windows10-2004-x64
3Cina/Deskt...er.exe
windows7-x64
1Cina/Deskt...er.exe
windows10-2004-x64
1Cina/Deskt...ze.exe
windows7-x64
3Cina/Deskt...ze.exe
windows10-2004-x64
3Cina/Deskt...64.exe
windows7-x64
3Cina/Deskt...64.exe
windows10-2004-x64
3Cina/Deskt....0.exe
windows7-x64
1Cina/Deskt....0.exe
windows10-2004-x64
1Cina/Deskt...st.exe
windows7-x64
1Cina/Deskt...st.exe
windows10-2004-x64
1Cina/Deskt.../d.vbs
windows7-x64
8Cina/Deskt.../d.vbs
windows10-2004-x64
8Cina/Deskt...ty.vbs
windows7-x64
1Cina/Deskt...ty.vbs
windows10-2004-x64
1Cina/Deskt.../e.vbs
windows7-x64
1Cina/Deskt.../e.vbs
windows10-2004-x64
1Cina/Deskt...ty.vbs
windows7-x64
8Cina/Deskt...ty.vbs
windows10-2004-x64
8Cina/Deskt...3r.bat
windows7-x64
1Cina/Deskt...3r.bat
windows10-2004-x64
6Analysis
-
max time kernel
98s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
10-10-2024 17:49
Behavioral task
behavioral1
Sample
Cina/Desktop (2)/IPRoyalPawns/resources/app/resources/tray-icon/resize.sh
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Cina/Desktop (2)/IPRoyalPawns/resources/app/resources/tray-icon/resize.sh
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Cina/Desktop (2)/IPRoyalPawns/swiftshader/libEGL.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Cina/Desktop (2)/IPRoyalPawns/swiftshader/libEGL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Cina/Desktop (2)/IPRoyalPawns/swiftshader/libGLESv2.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Cina/Desktop (2)/IPRoyalPawns/swiftshader/libGLESv2.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Cina/Desktop (2)/IPRoyalPawns/uninstaller.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Cina/Desktop (2)/IPRoyalPawns/uninstaller.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Cina/Desktop (2)/IPRoyalPawns/vk_swiftshader.dll
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
Cina/Desktop (2)/IPRoyalPawns/vk_swiftshader.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Cina/Desktop (2)/IPRoyalPawns/vulkan-1.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
Cina/Desktop (2)/IPRoyalPawns/vulkan-1.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Cina/Desktop (2)/Installer.exe
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
Cina/Desktop (2)/Installer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Cina/Desktop (2)/KeyFreeze/KeyFreeze.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Cina/Desktop (2)/KeyFreeze/KeyFreeze.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Cina/Desktop (2)/KeyFreeze/KeyFreeze_x64.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Cina/Desktop (2)/KeyFreeze/KeyFreeze_x64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Cina/Desktop (2)/KeyFreeze/Lock2/Windows Lock 2.0.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
Cina/Desktop (2)/KeyFreeze/Lock2/Windows Lock 2.0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Cina/Desktop (2)/KeyFreeze/Lock2/Windows Lock 2.0.vshost.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Cina/Desktop (2)/KeyFreeze/Lock2/Windows Lock 2.0.vshost.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Cina/Desktop (2)/KeyFreeze/Lock2/d.vbs
Resource
win7-20241010-en
Behavioral task
behavioral24
Sample
Cina/Desktop (2)/KeyFreeze/Lock2/d.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
Cina/Desktop (2)/KeyFreeze/Lock2/disablesecurity.vbs
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
Cina/Desktop (2)/KeyFreeze/Lock2/disablesecurity.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Cina/Desktop (2)/KeyFreeze/Lock2/e.vbs
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
Cina/Desktop (2)/KeyFreeze/Lock2/e.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
Cina/Desktop (2)/KeyFreeze/Lock2/extra security.vbs
Resource
win7-20240729-en
Behavioral task
behavioral30
Sample
Cina/Desktop (2)/KeyFreeze/Lock2/extra security.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Cina/Desktop (2)/Log L0ck3r.bat
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
Cina/Desktop (2)/Log L0ck3r.bat
Resource
win10v2004-20241007-en
General
-
Target
Cina/Desktop (2)/KeyFreeze/Lock2/Windows Lock 2.0.vshost.exe
-
Size
13KB
-
MD5
f2f77b99cad96e1b6ca06169f3553f40
-
SHA1
d8dc079a82b4942f36e8d11a0ff88b97c098a64a
-
SHA256
9149c19a31ff9ca73bf60893e2dfaa8fbefec42de2a288b1b32c15ff730955ca
-
SHA512
b12b8461d9ebc96e9e2cca5da66cf342e7eacfcbe00ab50180433ded7ca2426837ec2d280171eb8e95f092097ab5dc64b895973be2e31103b8f27e9062bdd915
-
SSDEEP
192:JgmxBqWeVmWeo6oEQKPnEt2yt8mJz+jaIhj74r:OM0WqmWjnELKt8Cy/jcr
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Windows Lock 2.0.vshost.exedescription pid process target process PID 2184 wrote to memory of 2076 2184 Windows Lock 2.0.vshost.exe dw20.exe PID 2184 wrote to memory of 2076 2184 Windows Lock 2.0.vshost.exe dw20.exe PID 2184 wrote to memory of 2076 2184 Windows Lock 2.0.vshost.exe dw20.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Cina\Desktop (2)\KeyFreeze\Lock2\Windows Lock 2.0.vshost.exe"C:\Users\Admin\AppData\Local\Temp\Cina\Desktop (2)\KeyFreeze\Lock2\Windows Lock 2.0.vshost.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 9122⤵PID:2076