Overview

overview

10

Static

static

10

Malware-1-...30.exe

windows10-ltsc 2021-x64

10

Malware-1-...40.exe

windows10-ltsc 2021-x64

10

Malware-1-...32.exe

windows10-ltsc 2021-x64

10

Malware-1-.../5.exe

windows10-ltsc 2021-x64

3

Malware-1-...91.exe

windows10-ltsc 2021-x64

10

Malware-1-...ey.exe

windows10-ltsc 2021-x64

7

Malware-1-...ad.exe

windows10-ltsc 2021-x64

3

Malware-1-...ti.exe

windows10-ltsc 2021-x64

5

Malware-1-...an.bat

windows10-ltsc 2021-x64

7

Malware-1-...an.exe

windows10-ltsc 2021-x64

7

Malware-1-...ve.bat

windows10-ltsc 2021-x64

7

Malware-1-...ve.exe

windows10-ltsc 2021-x64

7

Malware-1-...ya.exe

windows10-ltsc 2021-x64

Malware-1-...re.exe

windows10-ltsc 2021-x64

10

Malware-1-...ry.exe

windows10-ltsc 2021-x64

Malware-1-...ck.exe

windows10-ltsc 2021-x64

3

Malware-1-...he.exe

windows10-ltsc 2021-x64

10

Malware-1-...op.exe

windows10-ltsc 2021-x64

7

Malware-1-...rb.exe

windows10-ltsc 2021-x64

10

Malware-1-...ue.exe

windows10-ltsc 2021-x64

1

Malware-1-...ng.exe

windows10-ltsc 2021-x64

6

Malware-1-...kt.bat

windows10-ltsc 2021-x64

7

Malware-1-...o3.exe

windows10-ltsc 2021-x64

10

Malware-1-...ey.exe

windows10-ltsc 2021-x64

10

Malware-1-.../m.exe

windows10-ltsc 2021-x64

Malware-1-...o3.exe

windows10-ltsc 2021-x64

9

Malware-1-...32.exe

windows10-ltsc 2021-x64

10

Malware-1-...nf.exe

windows10-ltsc 2021-x64

10

Malware-1-.../o.exe

windows10-ltsc 2021-x64

3

Malware-1-...B8.exe

windows10-ltsc 2021-x64

10

Malware-1-...ic.exe

windows10-ltsc 2021-x64

3

Malware-1-...in.exe

windows10-ltsc 2021-x64

10

Resubmissions

17-01-2025 20:14

250117-yz7h3s1qfw 10

17-01-2025 20:12

250117-yy9l2sslcr 10

17-01-2025 17:25

250117-vy9p9sxpez 10

17-01-2025 17:21

250117-vw8eesyjfp 10

17-01-2025 14:16

250117-rk9ass1rhk 10

17-01-2025 14:12

250117-rhv1ds1lds 10

16-01-2025 12:52

250116-p4et7a1mez 10

16-01-2025 12:50

250116-p29xjssjep 10

16-01-2025 12:49

250116-p2cbaasjam 10

13-01-2025 04:35

250113-e7x5tswlfz 10

Analysis

  • max time kernel
    417s
  • max time network
    421s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250113-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    16-01-2025 12:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Malware-1-master/wintonic.exe

  • Size

    1.6MB

  • MD5

    c7cc7175fa6a305036ecd68cfb4c970c

  • SHA1

    c440e7653a4811935222651dfe61e56a70e5b92a

  • SHA256

    a0375c241cebcf6c4a0293f45a5dc0ce1150fe8169ea410c818af67e6f487b4c

  • SHA512

    0fe4873d7cf6be5fcae7cefd545205ea58a977679b2183ec5caabd47920e3b66813e31e6e545d585f15d3a17d21846b042cd40a507d662c19a2bc58fbfbe4fff

  • SSDEEP

    49152:+h+ZkldoPK8YakOvfcrEb8XCOEU5fwr9K:X2cPK83vkrEb8XCfU5AM

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Malware-1-master\wintonic.exe
    "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\wintonic.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1620
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 1660
      2⤵
      • Program crash
      PID:2264
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1620 -ip 1620
    1⤵
      PID:3092

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\~elunrwo.tmp\DisableSelection.js
      Filesize

      1KB

      MD5

      84789d911ffa412658a4a8de09a5ddad

      SHA1

      fd7210a1aa2c418e791c85207711a42ad5aece08

      SHA256

      8dec17fa1c458dcfa180aba15fe3cc14d2186261dc1c08bb3058c0d46cbf8fe9

      SHA512

      21df811c5a67e8735cf2f99ec4321ae119fae46f0dc90706ce8e5ad1c395326566a97649a014c6fccc8495584a1c313c9e220ef5ed0f1eb7a54dd3c20bb3e263

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~elunrwo.tmp\default.htm
      Filesize

      53KB

      MD5

      1afd79f93d4ff74014cfd9fd2c3eabe7

      SHA1

      ae60b150bb6a234050394ca7e719c41beaa771eb

      SHA256

      89140a88f9d94b465bec7404b6ac26a81f4662be9dcf0970ab633e6f8c822b4c

      SHA512

      563e585ebd56900f4e529fda02a773096586b8d709e5b535e63dfbfccf7bf83d6442c4f2574584965de100aeddc5ff4f0c4de379aa35481e819acae9f9b12bad

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~elunrwo.tmp\en.ini
      Filesize

      10KB

      MD5

      71b3e091938e47148a6ec83bee3bf3e4

      SHA1

      e1321455cb27e5b5c50eb7f757d1293c63a7c672

      SHA256

      af4c95ec9a0340801fe86f65c7a2e0be8f63b649d5ed7203961d163117c3b450

      SHA512

      7dffc75972bcf2207c73a428ab3c8e6475f0888dda3d75996512fc1843478437936ee5caa1015e454a69b761e82a696183d5dfb0fb72ef34108bd0056e800454

      Download Submit