cc00f4cf49623023e6a13a500fda644a1d39703677b2abe0b73b4ccdf7e87c93

Analysis

max time kernel
105s
max time network
144s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
02-01-2025 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Chloride Tweaks Ultimate 2.0.0/3 Tweaks/3 GPU/Nvidia/1 Driver/!NVCleanstall.exe
Size

3.5MB
MD5

74e418b7676bba62d73711418f9cef71
SHA1

02a133a91deec707ca6f8f9e88e0b88d452a4faa
SHA256

6d014bb417dc60c89eca14099719241895b003f1010f1b2babd2a1ff731e2c34
SHA512

4aada34f52570e7d06e66178c18ad38fbd7f2b7556c656ea71be2a59e51537cc5df11b66d1b7907a59b5bf73e21ba3d1d1ce4d9b490e3bb4c5043f324a9b8d9d
SSDEEP

98304:Oy35qCp0qlIdjjGL6P/iikTP35FgcyID23Z53UCMFU+:f3YCi4IdjyOPK5Dpw3+

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeShutdownPrivilege	640	!NVCleanstall.exe
Token: SeCreatePagefilePrivilege	640	!NVCleanstall.exe
Token: SeDebugPrivilege	640	!NVCleanstall.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Chloride Tweaks Ultimate 2.0.0\3 Tweaks\3 GPU\Nvidia\1 Driver\!NVCleanstall.exe
"C:\Users\Admin\AppData\Local\Temp\Chloride Tweaks Ultimate 2.0.0\3 Tweaks\3 GPU\Nvidia\1 Driver\!NVCleanstall.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/640-0-0x00007FF9ACBB3000-0x00007FF9ACBB5000-memory.dmp

Filesize
8KB

Download
memory/640-1-0x000001DA32E50000-0x000001DA331D6000-memory.dmp

Filesize
3.5MB

Download
memory/640-2-0x000001DA4D7B0000-0x000001DA4DD32000-memory.dmp

Filesize
5.5MB

Download
memory/640-3-0x000001DA335F0000-0x000001DA33612000-memory.dmp

Filesize
136KB

Download
memory/640-4-0x000001DA4F930000-0x000001DA4FDFC000-memory.dmp

Filesize
4.8MB

Download
memory/640-5-0x000001DA33560000-0x000001DA33566000-memory.dmp

Filesize
24KB

Download
memory/640-6-0x00007FF9ACBB0000-0x00007FF9AD672000-memory.dmp

Filesize
10.8MB

Download
memory/640-7-0x00007FF9ACBB0000-0x00007FF9AD672000-memory.dmp

Filesize
10.8MB

Download
memory/640-8-0x000001DA34F10000-0x000001DA34F18000-memory.dmp

Filesize
32KB

Download
memory/640-9-0x00007FF9ACBB0000-0x00007FF9AD672000-memory.dmp

Filesize
10.8MB

Download
memory/640-10-0x00007FF9ACBB0000-0x00007FF9AD672000-memory.dmp

Filesize
10.8MB

Download
memory/640-11-0x000001DA50870000-0x000001DA508A8000-memory.dmp

Filesize
224KB

Download
memory/640-12-0x000001DA4D790000-0x000001DA4D79E000-memory.dmp

Filesize
56KB

Download
memory/640-13-0x00007FF9ACBB3000-0x00007FF9ACBB5000-memory.dmp

Filesize
8KB

Download
memory/640-14-0x00007FF9ACBB0000-0x00007FF9AD672000-memory.dmp

Filesize
10.8MB

Download
memory/640-15-0x00007FF9ACBB0000-0x00007FF9AD672000-memory.dmp

Filesize
10.8MB

Download
memory/640-16-0x00007FF9ACBB0000-0x00007FF9AD672000-memory.dmp

Filesize
10.8MB

Download
memory/640-17-0x00007FF9ACBB0000-0x00007FF9AD672000-memory.dmp

Filesize
10.8MB

Download