Resubmissions
14/01/2025, 23:37
250114-3maqsstkcs 1014/01/2025, 23:34
250114-3kd1fatjgv 1014/01/2025, 23:27
250114-3feq6svngl 10Analysis
-
max time kernel
141s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
14/01/2025, 23:34
General
-
Target
lossless scaling/Lossless Scaling.exe
-
Size
155KB
-
MD5
1bb432c7d79983c0438f9c05d7ab2a42
-
SHA1
fd9d24d6417273c04a046e4da2bd51f6ac287939
-
SHA256
69c131d4901fb0f0192a2a97fb48012df696c5bd08a38c34e1553a3bdb9942ac
-
SHA512
1ab2802727c66834e349f79b51847c79c9f340e3b716add2b4ec8c25d3bd1096c3f82596d2efbe57e922945f965aafe72b1bae30d6fcedfd7799595a5ca190ce
-
SSDEEP
3072:AcjJ6p7RATueBb6sKGyLY1hhhhhhhhhhhhhhhhhhhhhhhOCD:AcjJ6pWTuet1V1hhhhhhhhhhhhhhhhh/
Malware Config
Signatures
-
UAC bypass 3 TTPs 1 IoCs
-
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 19 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\lossless scaling\Lossless Scaling.exe"C:\Users\Admin\AppData\Local\Temp\lossless scaling\Lossless Scaling.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -NoProfile -ExecutionPolicy Bypass -File "C:\Users\Public\language\en-US\hiberfil.ps1"2⤵
- UAC bypass
- Command and Scripting Interpreter: PowerShell
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /create /tn administartor /SC minute /MO 2 /tr C:\Users\Public\IObitUnlocker\Loader.vbs /RL HIGHEST3⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Users\Admin\AppData\Local\Temp\lossless scaling\language\uk-UA\LosslessScaling.exe"C:\Users\Admin\AppData\Local\Temp\lossless scaling\language\uk-UA\LosslessScaling.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=LosslessScaling.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.03⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\system32\taskeng.exetaskeng.exe {E675C3FA-7291-4C0A-AC04-359B0B6559D1} S-1-5-21-4177215427-74451935-3209572229-1000:JSMURNPT\Admin:Interactive:[1]1⤵
Network
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD505c18736906a8fe77557113e1c779e9e
SHA141d887445c497eaebb9c661a336bbb19ef663efb
SHA256ca03f463bc3f7ce63b7e4d2cafdd913cef1f38a0abcfe63234fca5644270d05a
SHA512b13e79996aa13f09dcff82ca0ab36f0bb8c6c99830a2926447e4f47ca1bf9a662db989c9a492f6e657f17f25c7e39660893ce31c977479e62164b45cc9447639
-
Filesize
342B
MD534398f2256e1ec7c1aa0492793f02351
SHA1b1357bbaab3cf3e245d84748feccf3eed6db7be5
SHA256c22d656e13ef377a991c75bf558734b2c8b9ad406c7ffe7f3c9d269a806ba8eb
SHA512c2e829e329b48460eeaaee473eff63cf93cd4088e24f51abd57d48445fc93d6a10b97765b082547c19952f49700c57ff33a273a196fec79dcc694acfc3d0f53e
-
Filesize
342B
MD579b711ac841a836446bb23624b7ccaf8
SHA1f8f1c0ecff176c462afc2b1ce18d227c4fb6d6ab
SHA256b9e59566c0bc5aab77124d52c9d2c7fccb6d8a160ca3f34f1e1b238c8ae0fb60
SHA5123146b704529182c9a2f15ee3c156964cb8c6bb464dba0d9d0a8651636cf8a7ce8adcaac175d1db3382555ab0112d9ddb530b6adccde89a7cb89c34a41e9f6b2a
-
Filesize
342B
MD5d748495af89a85e4d79efc10c1a9fad9
SHA1f6fbd9ec32d446ad2c76a5e60259e8522d03eb7d
SHA25683511fef6422d810164f4e9f7bfe5cf95d97b7088d6461bdff8210994bb4f0d4
SHA51271f20babab2498fd6ffc0970d9e157f9e87df0928904baba49b95fd88bb9f68dbf51aa67a4a2b2f737c1b525fde951cce48e6b50625b9e670eaee96378c316b0
-
Filesize
342B
MD51ea07673ad20d41da427bc9ca5f5e247
SHA1ea2e5001f5745a598860ff1715209e7c88210ad8
SHA2565045efe17ad42b135b11f8e8a9ef16f69932f11e9494ba99278fcbce449b3932
SHA512844ab8aafc2f886cec4bb6bee01ff2116efa49c54bf8d3968362935a753277cfffe1386aebc2fed8eea57ddeb311d00881b806f36182fbd5def0b4d2947f4230
-
Filesize
342B
MD54cf857aae9a232982094bd3cddf6b492
SHA1646d5416ca4516978b18bad4e932a58dbb95543b
SHA256e7497bae722741135d8e4559a0c2fbf6a6baa8de777c41e0e9f9069f598455c8
SHA512ce922387d252363a077b2c63ca304f2839bfb4da66cb7ebb0c4500635f5d660a8fd16cf5ce83455575815b3529428fdacd7d835c6c47fd99de53015c53e50946
-
Filesize
342B
MD5c1b7c24c9a37db483c83d85511da8158
SHA10ce78e02814234e5adf8789bc76fa8a6b0c1ef42
SHA25646070b42884ee3bbdf53090fdbf5f40421b8de267cf9f539e909148cd06dfddc
SHA512f7f47538a1194dc5b2544a8b03df000a3b25b0d3d376171d1b68a0976ff5b5056c22a0ec789042e5c833e35f9dcfe380f1201e386aca3a31aacd5885d711a22a
-
Filesize
342B
MD5cdeda3d286fa0cf2ba81e20bf9d31194
SHA1a520d54065b10101077db0eefcef295fbc7c7b12
SHA256550be5a2634f173d0c54f27dc7703bbf3603ae3f99142642f7c3dc62d1f018dd
SHA5126a92ea9efb566b3f8015876558c7701b8950a3264237b3638df31d9095e5470e75fc34ef94404c783c6f74dc0b2bab0eeea48ee31e05d1269a055dfe28c01d18
-
Filesize
342B
MD51836333698f96700ccfe9136e5900748
SHA17f64cf3a0606b90633be2e01c186466d79d16eb5
SHA25657bf80768f347df6d01e2473ff949db63c56f038438ffb0a6759baa640e42f80
SHA5120fec01f8957612c3273849584fc0f70cf3908d360f11d1a38bba2a163a67f3aaa2907594d93536a6c0dbe236eb16f5a8a9b36fa4887b6254364eb7e531b8582b
-
Filesize
342B
MD5b58e1a91b45d22b385450f505d16069e
SHA1313aa556339487bfa9ebf2303fc9f4e68027a041
SHA25611f67d407630fc732eaada0cfa60816a1274acde30ee54b1079d2aa39c2f6a1b
SHA51284e493b56e00b93028113bfc0bcdf316fb760ef3765770e66fbc6538f6d0f922a72c45a4ae116b0af4981246001d0c56ae72d4a2ed049f8b46efd30bd2cb8333
-
Filesize
342B
MD5a7a667525b7dc04e47b7b59fbe4e34be
SHA1e0f079bc4e4bf6b88a5018b6e883b6ab0688fc76
SHA2567bbe46231ce5b946099d0d44b9b7fe67e531db190738b71ceb642d40e7a0b50f
SHA5129ac87e69b57ef9a625d691aa77bf103e88f78698d20bb567ad23bf00328b9c7280b7f2e4810fecb94598f4ec9db6c38f0ab144a6eb3d545de7ab44bfc108236c
-
Filesize
342B
MD553397081023ff83c9fb2ac2e2d5bdbda
SHA1d753d7e48884d5b733ec5a5e5f9d2e4223445f52
SHA25682103bc31924f8c4d82199a5a953830048bc60269179fb9338a200afa12e99c6
SHA512601c570fadc9dbe08107d16fc5fd5f78aef90293bb42b98b9ace56246f8333d49bf004523df746000fc6f6db2d0b82dff3eb06f175d66edc3a1b4e6b6f2cedc4
-
Filesize
342B
MD53c6be9a62651df2575881c62374e4b3e
SHA1daa003d9088ff19eaa882a174754e602c24f958a
SHA2563f1eb11944211eeb65418581c2b98e8182a60917cf18d79cd3840f5aceae2c3d
SHA512f2763dc5ea17054b8a6ad9e2ad00fb4bb7e1471cfd0fd41df877f3df25db4c64363d66e2f442a0257be8ff4cc29d576c0201e2c182b7ba27d2b1952f10655a56
-
Filesize
342B
MD5a82ca5ac300b2a6698fde7991a8ad76f
SHA1baafde0f2cb5a5cff0d099eb3ea224d0aea05717
SHA25633f3464fa94d169250b3bda631a787387b807cbec2e2327e84661a4c008930b4
SHA512e8ad66b258b2c8e693453c6e088d7ba56072657ed6e9157a6033e01d163014ff23b5c4d8066b7c1f7633b6cb78f2ec597fd29b72fd31414e9c3a6093825a0278
-
Filesize
342B
MD53f072d3d0fcc82a1be046c59d85b2594
SHA1fa0b32e42db3aeeecf1aac919447117adaf6eb5f
SHA2564788aa23203bac307633b7eb10a5d7d7df59d82072caea9596446e7f5c674f89
SHA512e5f9bd5c6e15c354a84f951c94b53f3b21ddd18c33fc4088c9573a1a4bf79f5657270502cfef3c26fa36e24deb8d5215ee95828c9ce057b8502a681977825b55
-
Filesize
342B
MD570900ee2ba1373c147bbc67f0d7d30c8
SHA10d3f81a57720cf4164c3948e0df6cab08cf4716d
SHA256750fc00c506208e9164194fa0731f434c1549f93079ac41f42fab403331dd891
SHA512c4c3639ee65709ffcf73af6966c246413d271a44a9e798ee14913289b4625b01bf639b257ef155c79bbc9a3422a008836c0201deca47326349d42a2928407ada
-
Filesize
342B
MD57be0c6cfa1505dcc9663144d6966f32c
SHA141cdb476657fe2bb5e9f3c92eb406ed6c42ceaf1
SHA256a1a3f20096058af56c81baa40ac0af0dc93a54245095b473e5e44c9a241df272
SHA51273ae720f1f71c6b884d8fd6161b8f8a1c1739d81370f7a2f3ce9d06f150f9e066e58a1d8fc10ec33dc921021d9294653d4b0937ba26734a09ec1a7a09836a2d4
-
Filesize
342B
MD5475992bf3564c14d2705de0341035b3a
SHA1c47c51c1a2eda23b94617ee4031460a78446ad53
SHA25695c407a896209b4f21d379f5c297092bd9a63f970d46181103b8703cff838807
SHA512bbbd28798311dee1bde4116910c7288d846b681c0be79aecf6c78b9ad189532af50dda009728c8b5123620c3257973c06f72df05aa9169be7b39ddb8ca9664e3
-
Filesize
342B
MD5b22b833e943992a07023a4b3b3b0f40c
SHA1b183d2c92e66a39a44b5763e84a82b57734f9b3a
SHA256f20bf97c9cf621dc59ee4f017714936371b4e39cf273fcb0308e982ca094b328
SHA512bfb9b44a3187686fc2035a55befab7670b756fb3c39427c88eca86b0ec77bfc73365657fe954945fd7cd31496d7c3d95091ad4a32504b542046b67f47100d548
-
Filesize
342B
MD56fb01108a33e9409591b2953aab0ffbc
SHA1f976d0acde7b171bdcd67c35f1030acc2733ed9a
SHA256d0d7e8b8a7797df4799b979afa34f3bdefb8d2dd1e73b357ddb02efbdd3f338e
SHA51207dfbcae7205e2a1c6b8dbcc55bf355d4c3c97b00257dab0262f17b09027ca43f70241edb2022142dacf7ed7873eb806f7c8e006d54bee5a32bc2255dd8eec0c
-
Filesize
342B
MD5dc457b8189d110d0cf3cb172c43930f9
SHA157e7e2f9e51d8d6a3ac0d3bed66fa4b3a234b795
SHA2567e30a9c5872357a262ca75d0948d190a10f8cc4633ecaa9d04244448919df791
SHA5128ca7b70af50b76e03b3163eaeb43ba73a924ab875d8bcccc863682f2f53aec8ec2d976bc2d16ea523ab9008f30c73d51b350e406b9cb33104123dce563ac9d0e
-
Filesize
342B
MD561e15cc9c47eb47f18687504574cb760
SHA15ddbb03642af6ddd9c6b700b5c4857c221e91734
SHA256ffc9bb3dda6b7d4dc5b286b9b6e31f78c59d227bcc2042714a3704287a053ec9
SHA512576b0b1461c7f9c21e9b5f150f46ca4a97076c7e11140abe4c85ecfb61496a843f7698cca5f5f3e146fe060ce77d9153673209e303b4c7fcf2b0c50b8d58a3a4
-
Filesize
342B
MD5f00f981dd7606db4d202a592139b1b12
SHA1f495398138f516e2c8c474eb80f7b0c97d810281
SHA25633da220204c43fec31120737a2b0121181c182ef8a471784c10dc8a9ca8a8018
SHA512d35dd56624653b3469d659e5808c03785f842644e3c13b40e184d4112d521088ea1f244734e55705cce58b8b79edf7ed3cac7ffecd6eab11130c6f3a77e99fd7
-
Filesize
342B
MD5f1f07f9d0547c272449e00c3900a97c1
SHA19ce77d389e74152bfd57ce49f54858c3b99ff5fb
SHA2567fdc8375c1561a3d1346d72004f250c296e82b6612e627903f0c45a83ebea5cf
SHA512a35ed911358110a061b66af4462251b5155643923819ea7489613c346fdb396c7ecedd64392bb7cf7b0601e7264d51f4ff06c3a7c9ef277877a9972bf6e0ac27
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
1KB
MD598a99e831c54087770d3fd89f2bb9913
SHA126754b638106f4e2c3bdff6780c574384a129972
SHA25692360a7d4d9bc840a967a86f6bd3651d0d7fb5218d57e3edcd36ad897f908a44
SHA512cae5a9b95ac842902166cf2d67114f311f6bd9227999654f733b2ef16e4daf8fa2ea5fb5908425243226217fe99e87ded7f9d600a2eb668fb3b4f7d4b0974df2
-
Filesize
1.7MB
MD5df3362c56b3925e0eb83e0a10fb448c7
SHA17b82a4de6af8f15994cfa1f179ebf5e0f302e503
SHA2561de06a9918cdd9e8dd95953f1a6b937d490a6eb228b2a67e5a89b09feab810c3
SHA512431dbbf045c8a62cacd7e8236ad343287c574b97684d941fe6f94e702fbb2a19675e1849220fa443616bfe2adec0e2218c42d75889333ca489f064e931891785
-
Filesize
4KB
-
Filesize
176KB