Analysis
-
max time kernel
1199s -
max time network
1200s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
17-12-2024 01:15
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
PixelSignal.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
5 signatures
1200 seconds
Behavioral task
behavioral2
Sample
PixelSignal.dll
Resource
win11-20241007-en
windows11-21h2-x64
6 signatures
1200 seconds
General
-
Target
PixelSignal.dll
-
Size
512KB
-
MD5
a4e3345491eaca250f1cc139db05a015
-
SHA1
f09804b59a3aac7c1dd47c7e027182fb54f9a277
-
SHA256
22c5858ff8c7815c34b4386c3b4c83f2b8bb23502d153f5d8fb9f55bd784e764
-
SHA512
79ab4fb0e6f4823e3c4eac42748f0c31d5f0082fdfa9adb7f2b4924a6c165da9dc41b019657283daa63dfc18ad3c3d0ab182dc0ede21a9c1ce551e94a9f2e1f3
-
SSDEEP
12288:hGcV/BCTLVkg1LdACH7OE7gF+ojxpq/C5zfidd:hGcyT5F1dA6qE7gFnxk/o0
Score
7/10
Malware Config
Signatures
-
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 Destination IP 45.61.152.154 -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4412 set thread context of 2200 4412 regsvr32.exe 84 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 3388 Explorer.EXE 3388 Explorer.EXE 3388 Explorer.EXE 3388 Explorer.EXE 3388 Explorer.EXE 3388 Explorer.EXE 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe -
Suspicious use of AdjustPrivilegeToken 8 IoCs
description pid Process Token: SeShutdownPrivilege 3388 Explorer.EXE Token: SeCreatePagefilePrivilege 3388 Explorer.EXE Token: SeShutdownPrivilege 3388 Explorer.EXE Token: SeCreatePagefilePrivilege 3388 Explorer.EXE Token: SeShutdownPrivilege 3388 Explorer.EXE Token: SeCreatePagefilePrivilege 3388 Explorer.EXE Token: SeShutdownPrivilege 3388 Explorer.EXE Token: SeCreatePagefilePrivilege 3388 Explorer.EXE -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4412 wrote to memory of 2200 4412 regsvr32.exe 84 PID 2200 wrote to memory of 3388 2200 msedge.exe 55
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3388 -
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\PixelSignal.dll2⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4412 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe\??\C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2200
-
-