2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

Resubmissions

13-02-2025 01:26

250213-btppra1pcz 10

17-01-2025 20:14

17-01-2025 20:12

17-01-2025 17:25

17-01-2025 17:21

17-01-2025 14:16

17-01-2025 14:12

16-01-2025 12:52

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-01-2025 15:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/wintonic.exe
Size

1.6MB
MD5

c7cc7175fa6a305036ecd68cfb4c970c
SHA1

c440e7653a4811935222651dfe61e56a70e5b92a
SHA256

a0375c241cebcf6c4a0293f45a5dc0ce1150fe8169ea410c818af67e6f487b4c
SHA512

0fe4873d7cf6be5fcae7cefd545205ea58a977679b2183ec5caabd47920e3b66813e31e6e545d585f15d3a17d21846b042cd40a507d662c19a2bc58fbfbe4fff
SSDEEP

49152:+h+ZkldoPK8YakOvfcrEb8XCOEU5fwr9K:X2cPK83vkrEb8XCfU5AM

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wintonic.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language	wintonic.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language\InstallLanguage	wintonic.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	wintonic.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2116	wintonic.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2116	wintonic.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe
2116	wintonic.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2116	wintonic.exe
2116	wintonic.exe

C:\Users\Admin\AppData\Local\Temp\Malware-1-master\wintonic.exe
"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\wintonic.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~bdfhkov.tmp\DisableSelection.js

Filesize
1KB

MD5
84789d911ffa412658a4a8de09a5ddad

SHA1
fd7210a1aa2c418e791c85207711a42ad5aece08

SHA256
8dec17fa1c458dcfa180aba15fe3cc14d2186261dc1c08bb3058c0d46cbf8fe9

SHA512
21df811c5a67e8735cf2f99ec4321ae119fae46f0dc90706ce8e5ad1c395326566a97649a014c6fccc8495584a1c313c9e220ef5ed0f1eb7a54dd3c20bb3e263

Download Submit
C:\Users\Admin\AppData\Local\Temp\~bdfhkov.tmp\default.htm

Filesize
53KB

MD5
1afd79f93d4ff74014cfd9fd2c3eabe7

SHA1
ae60b150bb6a234050394ca7e719c41beaa771eb

SHA256
89140a88f9d94b465bec7404b6ac26a81f4662be9dcf0970ab633e6f8c822b4c

SHA512
563e585ebd56900f4e529fda02a773096586b8d709e5b535e63dfbfccf7bf83d6442c4f2574584965de100aeddc5ff4f0c4de379aa35481e819acae9f9b12bad

Download Submit
C:\Users\Admin\AppData\Local\Temp\~bdfhkov.tmp\en.ini

Filesize
10KB

MD5
71b3e091938e47148a6ec83bee3bf3e4

SHA1
e1321455cb27e5b5c50eb7f757d1293c63a7c672

SHA256
af4c95ec9a0340801fe86f65c7a2e0be8f63b649d5ed7203961d163117c3b450

SHA512
7dffc75972bcf2207c73a428ab3c8e6475f0888dda3d75996512fc1843478437936ee5caa1015e454a69b761e82a696183d5dfb0fb72ef34108bd0056e800454

Download Submit
C:\Users\Admin\AppData\Local\Temp\~bdfhkov.tmp\icon_1.png

Filesize
3KB

MD5
0cf65e6cf94a33c4880d0f6fa4096b6d

SHA1
d41057859f2b393cea11ee8ef1705c399971f9f6

SHA256
a7264eae3c348892888cf9b679b9cc68c0bf1d165d46f25a3c40b7d69d124d96

SHA512
98e6c7e1678d821d2250c3d9df7d8935072ee4005b806b93638e23d9ba258510644ae4d5bc29bbe46bddd1bf7e88339d41c2806dedd96c8b139c2f4f0382bce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\~bdfhkov.tmp\launcher.png

Filesize
356KB

MD5
16a9ccc54e1a9a6ad08ad296260b2c0c

SHA1
cf89ec85a93fc0924cc8eff4baa6f6034d173630

SHA256
8f2279fe481fde7a153c7304c6b86b468624b743fa9918ccb94743c0d2d9fb89

SHA512
3969714da17349bc233981eafb59772a44e495d8b394e0d90b60677d7058f03755c8339d4aa9c74acc0e486f5ae80d63bf72a761bfc7dd11597cf4c5d9ef7d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\~bdfhkov.tmp\logo.png

Filesize
8KB

MD5
07c812500f8afd380c0551441200525c

SHA1
163774a879cfb46954614f744d4dcf70a4bc995a

SHA256
98ca7630186a22365da54c430a91381e145df309342cfa7bcc17b71d0946375f

SHA512
c915fa4ad18402507a216780d2c139d9d82cec3fef234927f7750e9186de0098db48df0dccdc239b01fcddaddc316e830f6ad534e5fb45c22000eda8a956573e

Download Submit