Analysis
-
max time kernel
121s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
03-01-2025 10:15
General
-
Target
lossless scaling/Lossless Scaling.exe
-
Size
155KB
-
MD5
1e808d8b288c31d55e634bc603a430d6
-
SHA1
3093591b8bbc5afd41ba87462463bdd6c212b9c2
-
SHA256
c12832690c5c9e50e87718129836aa54dae18be18985aed6ad8fe8ddb94b0b43
-
SHA512
5ea49656e808859eb04a049f7f0617206e5b75e065dd8a15349a91cfe57fd94ca1906a1eedef802612c3e3b419257870d40e3c835e68ef0ca4150efdbe22660c
-
SSDEEP
3072:z/6p7RATueBb6sKGyLY1hhhhhhhhhhhhhhhhhhhhhhhOCD:z/6pWTuet1V1hhhhhhhhhhhhhhhhhhhX
Malware Config
Signatures
-
UAC bypass 3 TTPs 1 IoCs
-
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 19 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\lossless scaling\Lossless Scaling.exe"C:\Users\Admin\AppData\Local\Temp\lossless scaling\Lossless Scaling.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -NoProfile -ExecutionPolicy Bypass -File "C:\Users\Public\language\en-US\hiberfil.ps1"2⤵
- UAC bypass
- Command and Scripting Interpreter: PowerShell
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /create /tn administartor /SC minute /MO 2 /tr C:\Users\Public\IObitUnlocker\Loader.vbs /RL HIGHEST3⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Users\Admin\AppData\Local\Temp\lossless scaling\language\uk-UA\LosslessScaling.exe"C:\Users\Admin\AppData\Local\Temp\lossless scaling\language\uk-UA\LosslessScaling.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=LosslessScaling.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.03⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\system32\taskeng.exetaskeng.exe {0AC7A78D-07FC-466E-936A-9BA660A9362C} S-1-5-21-312935884-697965778-3955649944-1000:MXQFNXLT\Admin:Interactive:[1]1⤵
Network
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5e7ec1a52c7ef65bde267dde9e30459ec
SHA1a086fc34c9e81461cae1c37d388ad94db53300f0
SHA256c56bf1ee293ab040a6925313f9a1f469e3ff2184315b666bcadd771d59c4a945
SHA512e57b26fdf8d7b2e9ede2837f398396df08033acbc7802e3a221dd31cc9c06c97a0485ba26936cea6692b23b2c2f806076504126c1a3820f5819a6bed08de54d4
-
Filesize
342B
MD50d6149e5afb4340b06add0818c25db9e
SHA15da8d30cddb125bf913686abad1e88bbe24737cc
SHA25670cdab4d36d988e20dc4c6a46b03c90541a5f4a2e83ff644f90375d1fb72e617
SHA512c66fd84f2f70ba1c53421746aceb43d14df43cf84cb3993b761f1e32a6a31809022da78db150279d02a036d4fe7e277c2c037ee9c07a33a50164ec4a6c387933
-
Filesize
342B
MD545449dc0fcb5a4e16c0de19cb2d3a6b3
SHA1ef938654760b880968dd04c063fbe67e235d58d3
SHA256762d80316fee365225d8dbd7066fad00290d2b95e465ad114339168a4a7c7916
SHA512c9fd9edd6e5e4ec514a751f6b4b162d726cb46ba74c2928b11af0740a8261a73fcc72735643bea1e09d00222f615382bda9691e5ddb8e5a5eadea870e97cc4a1
-
Filesize
342B
MD5bae1f3079d04aac4ad6edfd6c3b63176
SHA155a51624804dbb97eca7bbf2c8891661a5cbb2ac
SHA256c736b1f747886209d047792a126b99cf15754538c83f521027c4beddee34c0b3
SHA5124b12c3ce0972cbd6004488e33a5f3bb1e0adcaa703e30f2c7a696ebaed1014f369ed0b1281e312f99460aa775642b861218c31db3c7a4bcc6f2eb3c3bb753b4d
-
Filesize
342B
MD5e51c1ed019dcfe1a12ab26d54f33c5cd
SHA1cceb39a50dca61b5b58ebd9c2f97ba09cd60596f
SHA2561a272dc15ef8a23f69e4db4f5e66501a47ce83f935d6efa2a0904dc8ab523c2b
SHA512fec06151858c7b8296380365260902c96b0a8b1ebc529cb2f9f8d175849e4479c937cc5de557f70a09ba73ee2f25ad0455177efb2bd6f91501bead73e42de035
-
Filesize
342B
MD5520866cd2c9e816c248d16d8ca5b3f76
SHA1d1e8b7bf7fae18ff164407be569406c79d713001
SHA2565a18f4bca1207f3ec1361c4d550a1e231684e89ff08f2eed2c1778df3bb3519e
SHA512288a9058ecd646c3d884e2f5ecf615889578ebce83e0bcebc94d3088a26e48cf0abef4348f5869d1165e47c95c267e18db73803e29c28a942618dbcc20b809f9
-
Filesize
342B
MD50cb2cf43ca89155c3c4303196dcea2d1
SHA11452c95282856cb5de2f1e46daed073917a280bc
SHA25650b82d28b3a28ce36fad78bc3587e609d4af44316d58fb5cf5eb0fa93025e11a
SHA5128a8f9631c5d9c1567377933d6a59ea6608b960279d6bc813766b5e2ddb350d933d8a6af6c8f0b320446fa6185b2501973fdd2e44009e05ae60f1f0e57f13a48a
-
Filesize
342B
MD579cf628afc0ffd184b612571efa2fa49
SHA144cde34561e86a30ecde9fea16d9bd7e643d055a
SHA2567b09112d6df3df7c89749ceb9c59195c0870a31395849ec0645761ef7dc5f274
SHA512aa300070db35cc241dc456caea3001ff80e90a66c6c59f66d29a84ed8db05d0a72b9be2245e48a6b1661ac7004801eaa740bb560f576cc881afd5322542d6725
-
Filesize
342B
MD57f42cccfbd148094f78a0fd94eba7016
SHA189c97501155a6bde1fb3ad685cd5d841dc892bc3
SHA2564e865a79a9cac22e9dde821dacfa1f983b46f15b98a10778ab216d98aa00ca89
SHA512ded536b5315d43db487beaf021d67d17f76e8c0e10b1ed621e5f6db86e010755f5e175d0d19276efa7e27c969559d031170a8f7210d5971c500d31cbdb5b5cf5
-
Filesize
342B
MD53b0e03c271996878b88467329a5e9e6a
SHA1f0fd4488eaf3fd3a1dbb9ee0924a1c99cb3fb465
SHA256caa3a1c05a9a0ca8bc468bff79624fb81038a9e1823f226aa24eeee6c980d3c6
SHA512fab423ade77f9ec0906aa3c605b556631db44ed54e6a8b20bbfd961a3504cf15f8e9fcf085ecd10aa5e9157f2f4f9d5dccccf3b1160ff2e22e0dbd49c7bd7a51
-
Filesize
342B
MD52142d9bdccd10e547484c9604a26e5bd
SHA1c82b90eb2d28a50019f0680537b47fadb6d1c4b4
SHA256eaabaa6598adbc7ba29694fc9e51a084c38b6367ede2afbece8b9d51d5f986e0
SHA512c83b93fdbdca146c0a1fe4d1fe915ff25c909ebbc5802756ec888077683ea13449215c2b6ec7a23994901ebb32495322fa114e50f73fa0175831d8774dd32350
-
Filesize
342B
MD553f08e0f114a32f23d6eb1c71e48bfb7
SHA139dfae90f778415f260834c72e5a00f685a25404
SHA2561b6b6ba4b82ae80d8032f19a6727f8f3963765d3c98a2b5465c65f816e0e56ec
SHA51241186e67f2aa1b3528b77f16e51da4d0fda177a784c6cf3e220f1b76b08ef741c525a91a0aefd2b91a17407b4fed171285a791059cdbdce2913d67380949ed28
-
Filesize
342B
MD5950bcc29191a823278461b015e7f2fb4
SHA19d39d028a8f7a3a269a400b3659286b482e79963
SHA256668a1ae8febbbb20d1dba9bff12d12c9f5916b8e832124528984bc4a81c1e024
SHA512a6af5a3197420a50135a2497f434a0ecec4be71a837c698fa796960b71ed4cc3c143a53eedd3764fffb22c151287651ca4dd21acbb47c274019a03bad566ea35
-
Filesize
342B
MD51e1c3ee96fd30154a493cb8c850d503c
SHA123983b545259e97c35976d885ae455387dfdaca4
SHA256d4267b00b682c2706093991a9e83ed1f4fd0f5e6750cb1a6d845e79c0cb8a214
SHA51299b71f057d6abf9fe547fb438602aa05e21fee458ff3665169476ab023edd948c55791d9cfaa1a152690f8b01aed3fbb84881b3b6a61cb1069c23643a5ab5d13
-
Filesize
342B
MD532ee7fc750bdfedcdbc6281b0320c569
SHA1f6cb9e12ae44af92f448ac2d860cabb00866ddf5
SHA256f9af73f7c1e47d5cc434422fcf5ed676d33ea26adcf8e9626ffd194465cc7678
SHA51281f6e6fb45ce399fbc52dfa7aa513f80817ac22b3f06775707eca9661e826a6a0f5952567800773485766f3ad325612bac9327a46648df3912f1c9b0082e779a
-
Filesize
342B
MD53d64c65b58beae5e456809ad54913199
SHA162b41e22700c90eff8c3aed8cdcdd201ae291db2
SHA256642dfe9dd91ff5992f696985f867d2cfa2ce2df48791e8c95e8df6f3fd456071
SHA5122503a019621d01894753606c8c8c0ae6015c3721cf7ea35eb81d130a4573ee8a506818a251ba89d96cba6fd2160126eb3d31e6cce91704ac86ee40bdd7ff1efc
-
Filesize
342B
MD599535fe1f0e17ebc9543636ae9ff0973
SHA12f7f59a8f5492f40225d02edba42bca0e4638ec6
SHA256d2dc6d95f03d049e7f64e8037ebe9fe9d31d3197a892c7318545b83c0958158a
SHA512e38fa45046edf5493b326829d2f58bffd9072f1356df94f7cfb4176215ce2af36f9453ac277ed96850c2d12b720202caf60bf7a7274ae2b972eea8735da1574b
-
Filesize
342B
MD50ada2131e6fbe7c60681a193d2ab7ee5
SHA1ac2e934866b4bdb8c6a9be5c977576234d1b17b9
SHA2563124e1dc1e5e01054be96384b1c82e92afdbb63bc310825285dac97cc97851c5
SHA512dfcf800fc88ef84d0285a6258e0f00554235e9a4f47df73dfd1e9f1e2c65d5398613e2af58f63c013a00596850b5cb4e6018a9c5a2ec2ef1c06edfbb048a30e8
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
1KB
MD598a99e831c54087770d3fd89f2bb9913
SHA126754b638106f4e2c3bdff6780c574384a129972
SHA25692360a7d4d9bc840a967a86f6bd3651d0d7fb5218d57e3edcd36ad897f908a44
SHA512cae5a9b95ac842902166cf2d67114f311f6bd9227999654f733b2ef16e4daf8fa2ea5fb5908425243226217fe99e87ded7f9d600a2eb668fb3b4f7d4b0974df2
-
Filesize
1.7MB
MD5df3362c56b3925e0eb83e0a10fb448c7
SHA17b82a4de6af8f15994cfa1f179ebf5e0f302e503
SHA2561de06a9918cdd9e8dd95953f1a6b937d490a6eb228b2a67e5a89b09feab810c3
SHA512431dbbf045c8a62cacd7e8236ad343287c574b97684d941fe6f94e702fbb2a19675e1849220fa443616bfe2adec0e2218c42d75889333ca489f064e931891785
-
Filesize
4KB
-
Filesize
176KB