eec8598a29a582b073df5c4832428cdd5cb276ea4cfb05a04e4de58a421717f8

Analysis

max time kernel
93s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2025, 10:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lossless scaling/language/uk-UA/LosslessScaling.exe
Size

953KB
MD5

2c98d33096e97094cbbbd19f27f40883
SHA1

7e28af9d119d2658f962e3b28140c6081be1612b
SHA256

010ac1120a88a772e87d9e9018aa5db034a9bac9399803d4a7c4db3c47a71df6
SHA512

f9070ad6b2e3295fdde13aa8d7486147a7f9a675a924ad3bf117479baf5b573cf92650199e58378dd8345a28ab890bbd5021d374030c24836bfa65bb037dddc7
SSDEEP

12288:ApDJEDS4MCLSyf6mOuGyW38yHJc+CKtOaO5Z7WhawnzE4ZbuRCwmhI2J+0sDgwl1:btMCLPf1Oi32OvzGo4ZiRlT/sN0

Score

1^/10

Malware Config

Signatures

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\Colors	LosslessScaling.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1264	LosslessScaling.exe
1264	LosslessScaling.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1264	LosslessScaling.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1264	LosslessScaling.exe

C:\Users\Admin\AppData\Local\Temp\lossless scaling\language\uk-UA\LosslessScaling.exe
"C:\Users\Admin\AppData\Local\Temp\lossless scaling\language\uk-UA\LosslessScaling.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Lossless Scaling\Settings.xml

Filesize
2KB

MD5
45fed0a3bcbc889ca99d0c5943210e7e

SHA1
602584366a413cb9ae459b6c3231190cd787241e

SHA256
9812fe8104a86e693d6baa02a4cdb56ea9a4aedb500b050346eb5ec6bda8dd09

SHA512
d0728fcce9484daedb2c9552ee2a818f7cccbeb1e9bca24a1c4fc1ca6e8c181c46cdc89670bfee3d6ad219ea6f69750bd03f776af4f9e4667872c66c11dbd255

Download Submit
memory/1264-9-0x000002394BEB0000-0x000002394BF62000-memory.dmp

Filesize
712KB

Download
memory/1264-11-0x000002394BFA0000-0x000002394BFD8000-memory.dmp

Filesize
224KB

Download
memory/1264-3-0x00000239498B0000-0x00000239498D6000-memory.dmp

Filesize
152KB

Download
memory/1264-4-0x000002392F8B0000-0x000002392F8B8000-memory.dmp

Filesize
32KB

Download
memory/1264-5-0x000002392F8C0000-0x000002392F8CA000-memory.dmp

Filesize
40KB

Download
memory/1264-6-0x00007FF9430B0000-0x00007FF943B71000-memory.dmp

Filesize
10.8MB

Download
memory/1264-7-0x00007FF9430B0000-0x00007FF943B71000-memory.dmp

Filesize
10.8MB

Download
memory/1264-0-0x00007FF9430B3000-0x00007FF9430B5000-memory.dmp

Filesize
8KB

Download
memory/1264-2-0x0000023948050000-0x0000023948136000-memory.dmp

Filesize
920KB

Download
memory/1264-12-0x00007FF9430B0000-0x00007FF943B71000-memory.dmp

Filesize
10.8MB

Download
memory/1264-10-0x000002394C020000-0x000002394C0DA000-memory.dmp

Filesize
744KB

Download
memory/1264-13-0x000002394C7D0000-0x000002394C7D8000-memory.dmp

Filesize
32KB

Download
memory/1264-14-0x00007FF9430B0000-0x00007FF943B71000-memory.dmp

Filesize
10.8MB

Download
memory/1264-16-0x000002394C6F0000-0x000002394C6FE000-memory.dmp

Filesize
56KB

Download
memory/1264-1-0x000002392D9E0000-0x000002392DAD4000-memory.dmp

Filesize
976KB

Download
memory/1264-32-0x00007FF9430B3000-0x00007FF9430B5000-memory.dmp

Filesize
8KB

Download
memory/1264-33-0x00007FF9430B0000-0x00007FF943B71000-memory.dmp

Filesize
10.8MB

Download