2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e

Resubmissions

28/12/2024, 23:58

241228-31gfhawkay 5

28/12/2024, 23:55

241228-3yg91swje1 5

28/12/2024, 23:28

241228-3gb2nsvncz 5

Analysis

max time kernel
63s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28/12/2024, 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoClicker-3.0.exe
Size

844KB
MD5

7ecfc8cd7455dd9998f7dad88f2a8a9d
SHA1

1751d9389adb1e7187afa4938a3559e58739dce6
SHA256

2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e
SHA512

cb05e82b17c0f7444d1259b661f0c1e6603d8a959da7475f35078a851d528c630366916c17a37db1a2490af66e5346309177c9e31921d09e7e795492868e678d
SSDEEP

12288:GaWzgMg7v3qnCiWErQohh0F49CJ8lnybQg9BFg9UmTRHlM:BaHMv6CGrjBnybQg+mmhG

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoClicker-3.0.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3564	AutoClicker-3.0.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe
3564	AutoClicker-3.0.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3564	AutoClicker-3.0.exe

C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.0.exe
"C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.0.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ACLib\ACA_conf.ini

Filesize
56B

MD5
612965cb3119bfaf5545fa984a326daa

SHA1
0c5db6af6d6bd1209ed4e9073335d40d6d900ad4

SHA256
72c09d7a69a23430a60ab4a8d78a08041d9aec17292c077aaa702d625764f0a4

SHA512
69703859b2466c8a90913e60b6dcf41851dc522f609f2ff4f43527ac79e55464373a8e49a38dd9732c792c86381d16de495d7d29b165bf08002322cd4a34c1da

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACLib\playback.ico

Filesize
4KB

MD5
a20254ea7f9ef810c1681fa314edaa28

SHA1
fdd3040411043fa1d93efd4298db8668458b6fb8

SHA256
5375290e66a20bff81fb4d80346756f2d442184789681297cd1b84446a3fe80d

SHA512
4c52a7f77930e6f1bfaa1fee7e39133f74675a8666902c71be752758a29d8d167157e34f89f729ab29855990bc41757a11031adc7560c4d6b9cd77000bbcf87c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACLib\record.ico

Filesize
4KB

MD5
1111e06679f96ff28c1e229b06ce7b41

SHA1
9fe5a6c6014b561060a640d0db02a303a35b8832

SHA256
59d5e9106e907fa61a560294a51c14abcde024fdd690e41a7f4d6c88db7287a6

SHA512
077aff77bbf827b9920cf53dff38427475e590c07ab8901fc34ce7b7fb9e9409207e53aff06fa7d1e3984bcf127507d0fc19284d8e7203c76d67c9b98c1c8f37

Download Submit
memory/3564-16-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download