Overview

overview

10

Static

static

3

lossless s...ng.exe

windows7-x64

10

lossless s...ng.exe

windows10-2004-x64

10

Resubmissions

14/01/2025, 23:37

250114-3maqsstkcs 10

14/01/2025, 23:34

250114-3kd1fatjgv 10

14/01/2025, 23:27

250114-3feq6svngl 10

Analysis

  • max time kernel
    18s
  • max time network
    22s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14/01/2025, 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lossless scaling/Lossless Scaling.exe

  • Size

    155KB

  • MD5

    1bb432c7d79983c0438f9c05d7ab2a42

  • SHA1

    fd9d24d6417273c04a046e4da2bd51f6ac287939

  • SHA256

    69c131d4901fb0f0192a2a97fb48012df696c5bd08a38c34e1553a3bdb9942ac

  • SHA512

    1ab2802727c66834e349f79b51847c79c9f340e3b716add2b4ec8c25d3bd1096c3f82596d2efbe57e922945f965aafe72b1bae30d6fcedfd7799595a5ca190ce

  • SSDEEP

    3072:AcjJ6p7RATueBb6sKGyLY1hhhhhhhhhhhhhhhhhhhhhhhOCD:AcjJ6pWTuet1V1hhhhhhhhhhhhhhhhh/

Score
10/10
discoveryevasionexecutiontrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lossless scaling\Lossless Scaling.exe
    "C:\Users\Admin\AppData\Local\Temp\lossless scaling\Lossless Scaling.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" -NoProfile -ExecutionPolicy Bypass -File "C:\Users\Public\language\en-US\hiberfil.ps1"
      2⤵
      • UAC bypass
      • Command and Scripting Interpreter: PowerShell
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2748
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /create /tn administartor /SC minute /MO 2 /tr C:\Users\Public\IObitUnlocker\Loader.vbs /RL HIGHEST
        3⤵
        • System Location Discovery: System Language Discovery
        • Scheduled Task/Job: Scheduled Task
        PID:1628
    • C:\Users\Admin\AppData\Local\Temp\lossless scaling\language\uk-UA\LosslessScaling.exe
      "C:\Users\Admin\AppData\Local\Temp\lossless scaling\language\uk-UA\LosslessScaling.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2704
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=LosslessScaling.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2224
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    353675cd21a962cd0d694644c2f033e0

    SHA1

    4b6f3b6ad834b90615abb0f157b53099dc830f74

    SHA256

    10e420cffba4166edabb72ac7ff07c3700fee7faf4d13934292fe34e233707f0

    SHA512

    5ab5dbb207876e51b634f4b0f3f767552c03697c9a5367ba5504fc2741bac4143459729e69db3685d1006c6a8d85102b6ee57c30493e3a8c8f41b0954a61c545

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56710203d09476e7467e95c983748d5e

    SHA1

    76b35e18f110f32a936179c95d5257b431b4a785

    SHA256

    9e8c9a7983b123fb1d9d834b9f82f2dbe871a008d28a9105498fe8f9e9b989f0

    SHA512

    8dc80c03d1b60dbf09fd910aabd619551e4e26b45f1e6d8ed685d900ea80b3ef427d8a555c9511adb0eafcfcb43a04abc9f75deb54a078ea039416834d9df710

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d18635533639ed3a433592ce3c1c149

    SHA1

    a17a25937012c91615db20661bd6bbb711bdf0d7

    SHA256

    9027ba293589bcbc90284ec85a64dfea55ed9e08202e86d4295908e9b7c7e01e

    SHA512

    bb157c11469f7485fdb7119c123fbf0c4d61438ce523e62791e65ccaf107584959761b67db42047606e84b1c69366d8c0a93052be6d08dfbe7222503708d7e68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae8246b9e0de27a1b2d03ee61473d22d

    SHA1

    3fc0333134465d85db6b1435b7486694fe73029b

    SHA256

    6417e32907661e55e02fe3bc4d13ea6afd18b43afdd60cbc2433b8d802bde789

    SHA512

    bcafc95d200b06eb625575d21a480f11ff6d0ffe72039fa9b6572cf1a64d005372f7af192a4d044a6717caf758569b863a297d304e98bd58bfc3bd3d11800b53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e838a25deae1a83e624863614fd8c84

    SHA1

    f0d967dd39f56859f9a59de322d724a2d533c9a2

    SHA256

    36efc981473e960d13a64fa692261ab03914c597e9996caf67b31ad48727dec6

    SHA512

    758433172b7f20b4813b27e794f99c30f97e2d5299d1a9f747e3757d7bb670aede3ec426d63b4c0dfe79959202e70467ae5f6c81e008bda9cec7677b3066a4b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    697c88d3b7c360c596898e857cd1c4c6

    SHA1

    a6589f55761254cfe96f02c0a2c9ba13b0ceebf7

    SHA256

    0cab6010fce792e70fb1d145b3fc1e60c05427b44d5eff9350549119b4d49fa2

    SHA512

    41a6ba5c696d57c0a5bd3440b23209d4620ea72331fb19751af062bc417df8fcdad59ad7c3901fe39d4411587d3437e9ed8ba1220f3d9e6ddf4cf2f0cdeb519c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12cb008c6cb1aad28c1e989b46b6473f

    SHA1

    c07d366993510992b5a43eb33e07a2c780e67638

    SHA256

    02407476fda94b602bc533a24b0448a839bdd7c594d054e200f5a17741bcd58a

    SHA512

    10c7681f4fe36685452cf04f75c7a053a7830736135a8916f4c41d12b0008529d6b02195940a24c196ebc5715724cccbe0b247a7e4842262e8ce5818e43a4a7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3270232ccd1e89099d0783619910a35b

    SHA1

    d0b3eacc9fbcac49929b097d2738340fa8717daf

    SHA256

    df78252cd23631164807bb160c6c45a79988fc9c800ce545b01787ed22bde02c

    SHA512

    067942579c99f68405697b9d7f5eb02008f6cb2e41ccea6ea4e6cbf9290e1b029c9be8fe29e253b6ccc8c60ca8a98318484fd52cddd8a7f79d2e4e51f01cdd0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3787dfaf79fe18ca256682ee44b62a6

    SHA1

    d63b99b9e55739bd1f56841e42cd0243cc98af48

    SHA256

    775c7905bcaf753decf72425d1451533c5ae79cc4733503e400ef44ed6eb1623

    SHA512

    37db5b347ec55a0cc3b7ac8dfd7eb6b9b20880801a5209d319693c8ebb246d7102e8c630860cc868a78089f7a383f207b85eb16c0035410bfc6c03d6f8066933

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    efdf6f371fd5fc92d086c44683fe08f5

    SHA1

    2b55cdfb3c130b17c334db37335fa8542303d95f

    SHA256

    216f8e16dbcd4f2e50eb366769f8999b7ceefb1ed4c6c91c046689212a274816

    SHA512

    04c3965e6a65c683f26e307ab83d5986a5630134be98df10e59dbcc24b8e3aa486d7de97592eb6aba4ae4cf3c97e4f9c902019c76a889f1dd92c7d1f0eb86698

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61343fd85355f8cd2f804a8db8fce852

    SHA1

    e757ebc1f5ec5fb0ea3e88dc64f87590f6ae7730

    SHA256

    7dc0d3131f607ba4334041ff5d74f939c661fb1c8795b300fbd7a92fc1319c43

    SHA512

    6fbc27c030a065df6cb2d2e6ce9906ab27138b8121a2cc664cba2b73fe6618a1dc90855cabb20b8171dca3138f497107fb0883131cb925fdf265c3727a7e2b17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4308a366090f01784f5cf0311411926c

    SHA1

    f00993e79d6724072dc495c02998b9b1f15dd582

    SHA256

    9c8972dfa8d300f1e84343cbc123b6e6735c127ec32a9cf01b634388e2c9fc72

    SHA512

    daa3ed22339dfc4cb0133995418d8e4dbec5ac37fac86c41a1af0e25ec668610eda60b72f37c3e3d461f800c703b5c9be3b4a6a8efca722805b833f9428d3029

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab800B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar802D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Public\language\en-US\hiberfil.ps1
    Filesize

    1KB

    MD5

    98a99e831c54087770d3fd89f2bb9913

    SHA1

    26754b638106f4e2c3bdff6780c574384a129972

    SHA256

    92360a7d4d9bc840a967a86f6bd3651d0d7fb5218d57e3edcd36ad897f908a44

    SHA512

    cae5a9b95ac842902166cf2d67114f311f6bd9227999654f733b2ef16e4daf8fa2ea5fb5908425243226217fe99e87ded7f9d600a2eb668fb3b4f7d4b0974df2

    Download Submit

  • C:\Users\Public\language\en-US\pagefile.sys
    Filesize

    1.7MB

    MD5

    df3362c56b3925e0eb83e0a10fb448c7

    SHA1

    7b82a4de6af8f15994cfa1f179ebf5e0f302e503

    SHA256

    1de06a9918cdd9e8dd95953f1a6b937d490a6eb228b2a67e5a89b09feab810c3

    SHA512

    431dbbf045c8a62cacd7e8236ad343287c574b97684d941fe6f94e702fbb2a19675e1849220fa443616bfe2adec0e2218c42d75889333ca489f064e931891785

    Download Submit

  • memory/2644-1-0x0000000001180000-0x00000000011AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2644-0-0x000000007475E000-0x000000007475F000-memory.dmp

    Filesize

    4KB

    Download