Overview

overview

10

Static

static

6

SamFlash.exe

windows11-21h2-x64

3

data/AdbWinApi.dll

windows11-21h2-x64

3

data/AdbWinUsbApi.dll

windows11-21h2-x64

3

data/adb.exe

windows11-21h2-x64

3

data/cam.apk

windows11-21h2-x64

3

data/com.apk

windows11-21h2-x64

3

data/fastboot.exe

windows11-21h2-x64

3

data/frp.bin

windows11-21h2-x64

3

data/libus...er.exe

windows11-21h2-x64

1

data/libus...b0.dll

windows11-21h2-x64

1

data/libus...b0.sys

windows11-21h2-x64

1

data/libus...er.exe

windows11-21h2-x64

3

data/libus...b0.sys

windows11-21h2-x64

1

data/libus...86.dll

windows11-21h2-x64

10

data/loade...9c.bin

windows11-21h2-x64

3

data/loade...9e.bin

windows11-21h2-x64

3

data/loade...50.bin

windows11-21h2-x64

3

data/loade...15.bin

windows11-21h2-x64

3

data/loade...ca.bin

windows11-21h2-x64

3

data/loade...57.bin

windows11-21h2-x64

3

data/loade...43.bin

windows11-21h2-x64

3

data/loade...cf.bin

windows11-21h2-x64

3

data/loade...36.bin

windows11-21h2-x64

3

data/loade...2c.bin

windows11-21h2-x64

3

ycLcp.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    107s
  • max time network
    108s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-12-2024 14:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SamFlash.exe

  • Size

    40.1MB

  • MD5

    f12dbf95da6430daca5896cbf5f4d26d

  • SHA1

    42ff929901a144495657f6103796292318173555

  • SHA256

    66af486c43f75e1bb7951457dbb173b56bb48a03179cf2ea05820981737494f3

  • SHA512

    020e310a2148ad206b44ddc6cf89d2b6a38d8da31a63bac403d9aa00ea388e4e2354d4e0b586dadace7031a11ab5f0b54a09e54c5cb26512b5765bed3bdd5ef6

  • SSDEEP

    786432:WJgcU5/BFm0ErjlqaxBKiZhOmXtSM8OLaZr6B+M5rvPWdv4BNT:1c8BFmxjlq4KeV216BZxPk

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SamFlash.exe
    "C:\Users\Admin\AppData\Local\Temp\SamFlash.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:1040
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1336
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2636
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
      1⤵
      • Modifies Internet Explorer settings
      PID:4004

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
      Filesize

      10KB

      MD5

      d6d3499e5dfe058db4af5745e6885661

      SHA1

      ef47b148302484d5ab98320962d62565f88fcc18

      SHA256

      7ec1b67f891fb646b49853d91170fafc67ff2918befd877dcc8515212be560f6

      SHA512

      ad1646c13f98e6915e51bfba9207b81f6d1d174a1437f9c1e1c935b7676451ff73a694323ff61fa72ec87b7824ce9380423533599e30d889b689e2e13887045f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\SamFlash.ini
      Filesize

      199B

      MD5

      72f84c992a3045205db7e219fdf9e659

      SHA1

      61c2cfe006c9a077ee338c722e4c1cad1f336c6b

      SHA256

      596fd8bab743b07443cc338793fa3342208039fb5a115ecd013685019afb3f2a

      SHA512

      d8b01015abbcdedebb9a5c467e0a02cb5987574344b9d52f46a66b1d4f5346f5ab378a7dbc3a682b128059cf44c4bdbe8941f82e8f6fe0d14774c0072d966613

      Download Submit

    • memory/1040-8-0x0000000007F90000-0x0000000007F9A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1040-4-0x0000000027D30000-0x000000002A396000-memory.dmp

      Filesize

      38.4MB

      Download

    • memory/1040-17-0x000000000A980000-0x000000000A9A0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1040-5-0x0000000007EF0000-0x0000000007F8C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/1040-6-0x0000000008840000-0x0000000008DE6000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1040-7-0x0000000008390000-0x0000000008422000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1040-0-0x000000007448E000-0x000000007448F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1040-9-0x0000000008620000-0x0000000008676000-memory.dmp

      Filesize

      344KB

      Download

    • memory/1040-10-0x000000001BF40000-0x000000001D2BC000-memory.dmp

      Filesize

      19.5MB

      Download

    • memory/1040-11-0x000000000ADF0000-0x000000000B314000-memory.dmp

      Filesize

      5.1MB

      Download

    • memory/1040-12-0x0000000008710000-0x00000000087F8000-memory.dmp

      Filesize

      928KB

      Download

    • memory/1040-13-0x000000000B310000-0x000000000B3A8000-memory.dmp

      Filesize

      608KB

      Download

    • memory/1040-14-0x000000001E170000-0x000000001E944000-memory.dmp

      Filesize

      7.8MB

      Download

    • memory/1040-15-0x0000000008DF0000-0x0000000009196000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/1040-59-0x0000000074480000-0x0000000074C31000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1040-3-0x0000000074480000-0x0000000074C31000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1040-18-0x000000000AAD0000-0x000000000ACE2000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/1040-19-0x000000000B840000-0x000000000BB97000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/1040-20-0x0000000074480000-0x0000000074C31000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1040-21-0x0000000009950000-0x00000000099FA000-memory.dmp

      Filesize

      680KB

      Download

    • memory/1040-22-0x000000000E050000-0x000000000E102000-memory.dmp

      Filesize

      712KB

      Download

    • memory/1040-23-0x0000000074480000-0x0000000074C31000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1040-2-0x00000000079C0000-0x0000000007A0C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1040-31-0x000000007448E000-0x000000007448F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1040-32-0x0000000074480000-0x0000000074C31000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1040-33-0x0000000074480000-0x0000000074C31000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1040-34-0x0000000074480000-0x0000000074C31000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1040-1-0x0000000000720000-0x0000000002F44000-memory.dmp

      Filesize

      40.1MB

      Download

    • memory/1040-57-0x0000000009C40000-0x0000000009CA6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/1040-16-0x000000000A250000-0x000000000A6D6000-memory.dmp

      Filesize

      4.5MB

      Download