Overview
overview
10Static
static
10The-MALWAR...ug.exe
windows7-x64
The-MALWAR...le.exe
windows7-x64
3The-MALWAR...an.bat
windows7-x64
1The-MALWAR...Lz.bat
windows7-x64
8The-MALWAR...ou.exe
windows7-x64
1The-MALWAR...MZ.exe
windows7-x64
7The-MALWAR...st.exe
windows7-x64
8The-MALWAR...er.exe
windows7-x64
8The-MALWAR...RC.exe
windows7-x64
8The-MALWAR...er.exe
windows7-x64
3The-MALWAR....a.exe
windows7-x64
The-MALWAR...rk.exe
windows7-x64
9The-MALWAR...an.exe
windows7-x64
The-MALWAR...98.exe
windows7-x64
1The-MALWAR...aj.exe
windows7-x64
7The-MALWAR...jB.exe
windows7-x64
7The-MALWAR...om.exe
windows7-x64
6The-MALWAR...1C.exe
windows7-x64
5The-MALWAR...90.exe
windows7-x64
9The-MALWAR...6a.exe
windows7-x64
9The-MALWAR...it.exe
windows7-x64
1The-MALWAR...m_.eml
windows7-x64
The-MALWAR...ng.exe
windows7-x64
7The-MALWAR....a.exe
windows7-x64
10The-MALWAR...1A.exe
windows7-x64
8The-MALWAR...as.exe
windows7-x64
6The-MALWAR...te.exe
windows7-x64
7The-MALWAR....a.exe
windows7-x64
3The-MALWAR...le.exe
windows7-x64
3The-MALWAR...us.exe
windows7-x64
10The-MALWAR...er.exe
windows7-x64
7The-MALWAR...ff.exe
windows7-x64
3Analysis
-
max time kernel
1802s -
max time network
1820s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
13-12-2024 22:18
Static task
static1
Behavioral task
behavioral1
Sample
The-MALWARE-Repo-master/Trojan/ColorBug.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
The-MALWARE-Repo-master/Trojan/DesktopPuzzle.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral3
Sample
The-MALWARE-Repo-master/Trojan/DudleyTrojan.bat
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
The-MALWARE-Repo-master/Trojan/L0Lz.bat
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral5
Sample
The-MALWARE-Repo-master/Trojan/LoveYou.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
The-MALWARE-Repo-master/Trojan/MEMZ.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral7
Sample
The-MALWARE-Repo-master/Trojan/Mist/MistInfected_newest.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
The-MALWARE-Repo-master/Trojan/Mist/MistInstaller.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral9
Sample
The-MALWARE-Repo-master/Trojan/Mist/MistInstallerRC.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
The-MALWARE-Repo-master/Trojan/PCToaster.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral11
Sample
The-MALWARE-Repo-master/Trojan/Sevgi.a.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral12
Sample
The-MALWARE-Repo-master/Trojan/Spark/Spark.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral13
Sample
The-MALWARE-Repo-master/Virus/MadMan.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral14
Sample
The-MALWARE-Repo-master/Virus/WinNuke.98.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral15
Sample
The-MALWARE-Repo-master/Virus/Xpaj/xpaj.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
The-MALWARE-Repo-master/Virus/Xpaj/xpajB.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral17
Sample
The-MALWARE-Repo-master/Worm/Bezilom.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
The-MALWARE-Repo-master/Worm/Blaster/607B60AD512C50B7D71DCCC057E85F1C.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral19
Sample
The-MALWARE-Repo-master/Worm/Blaster/8676210e6246948201aa014db471de90.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
The-MALWARE-Repo-master/Worm/Blaster/8a17f336f86e81f04d8e66fa23f9b36a.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral21
Sample
The-MALWARE-Repo-master/Worm/Blaster/DComExploit.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral22
Sample
The-MALWARE-Repo-master/Worm/Blaster/SANS_ Malware FAQ_ What is W32_Blaster worm_.eml
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral23
Sample
The-MALWARE-Repo-master/Worm/Bumerang.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
The-MALWARE-Repo-master/Worm/Fagot.a.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral25
Sample
The-MALWARE-Repo-master/Worm/Heap41A.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral26
Sample
The-MALWARE-Repo-master/Worm/Mantas.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral27
Sample
The-MALWARE-Repo-master/Worm/NadIote/Nadlote.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral28
Sample
The-MALWARE-Repo-master/Worm/Netres.a.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral29
Sample
The-MALWARE-Repo-master/Worm/Nople.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral30
Sample
The-MALWARE-Repo-master/Worm/Vobfus/Vobus.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral31
Sample
The-MALWARE-Repo-master/rogues/AdwereCleaner.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral32
Sample
The-MALWARE-Repo-master/rogues/SpySheriff.exe
Resource
win7-20240903-en
windows7-x64
General
-
Target
The-MALWARE-Repo-master/Worm/Vobfus/Vobus.exe
-
Size
384KB
-
MD5
966bb4bdfe0edb89ec2d43519c6de3af
-
SHA1
7aa402e5241ff1ca2aeabeeda8928579902ad81a
-
SHA256
ef12832d67a099282b6aad1bf2858375dd4b53c67638daf12a253bc9f918b77f
-
SHA512
71b8cf14055caee1322976dc0ac777bdd0f9058ee37d30d7967bdc28d80f66d0d478c939501be5f9c70245e5b161c69ad36721a7c6454fea9abe76786934db66
-
SSDEEP
3072:rtyFjchUoBENcPCkTaVYD3CbbTDMo6ZWbBrM/LqibDdjGRc32R7srGADv1FSJl:rqJVYD3KDN6ZWbBrM/GiDoO3IsrTvI
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" Vobus.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" juiet.exe -
Executes dropped EXE 1 IoCs
pid Process 2040 juiet.exe -
Loads dropped DLL 2 IoCs
pid Process 2564 Vobus.exe 2564 Vobus.exe -
Adds Run key to start application 2 TTPs 53 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /l" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /K" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /M" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /B" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /m" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /d" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /O" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /s" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /R" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /r" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /G" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /W" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /j" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /J" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /v" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /g" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /N" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /X" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /C" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /D" Vobus.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /n" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /c" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /o" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /e" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /E" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /F" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /P" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /L" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /h" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /x" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /S" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /u" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /w" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /q" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /V" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /i" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /D" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /f" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /t" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /p" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /z" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /b" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /A" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /Q" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /Y" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /I" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /k" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /y" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /H" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /a" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /Z" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /U" juiet.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\juiet = "C:\\Users\\Admin\\juiet.exe /T" juiet.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Vobus.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language juiet.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2564 Vobus.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe 2040 juiet.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2564 Vobus.exe 2040 juiet.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2564 wrote to memory of 2040 2564 Vobus.exe 31 PID 2564 wrote to memory of 2040 2564 Vobus.exe 31 PID 2564 wrote to memory of 2040 2564 Vobus.exe 31 PID 2564 wrote to memory of 2040 2564 Vobus.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Worm\Vobfus\Vobus.exe"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Worm\Vobfus\Vobus.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2564 -
C:\Users\Admin\juiet.exe"C:\Users\Admin\juiet.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2040
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384KB
MD5b1105e0495b789bcacfd1abb0aea218e
SHA1eef9ef2bab2d21b84787e025fd4375aa9de4297d
SHA2566fac5e1e778620f20faf1a81828646f0efed6a14d7a774358d1bdd4034daf32a
SHA512ce5ded0a0ad04a2eeb7ccff273fcf154d8a4da737c7e81f96b99a589bc2f281a8f4f3f64409fe05a28df8e8f8ee1ff20895cc2425d5f218047edca07462d51de