Overview

overview

10

Static

static

3

05C665B2A3...7F.exe

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    29s
  • max time network
    25s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250113-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    17/01/2025, 20:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05C665B2A34C8011E275AB40B3E26E7F.exe

  • Size

    903KB

  • MD5

    05c665b2a34c8011e275ab40b3e26e7f

  • SHA1

    080a29cf40766c2a9ad84ee238aebe8096ea2ef1

  • SHA256

    ed1b7db008a31d99560f934344dbea4aa1ac94979a0578a4c39856d24598b472

  • SHA512

    ff505825f62555dbac72f486f3c12c36c300843b6feb82a58fa42aeedc868af1f70e518e3bd75faba44b0846f6d2e72c0cf0ae874d3652b6b3f6bd37a43861d8

  • SSDEEP

    24576:5cW9nP4TMlVH80VNmkSwWp1C68FaQtpg:5cGwTMlVH8GmkZQC2E

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of SendNotifyMessage 37 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3672
      • C:\Users\Admin\AppData\Local\Temp\05C665B2A34C8011E275AB40B3E26E7F.exe
        "C:\Users\Admin\AppData\Local\Temp\05C665B2A34C8011E275AB40B3E26E7F.exe"
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Adds Run key to start application
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1764
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /0
        2⤵
        • Checks SCSI registry key(s)
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:32
      • C:\Users\Admin\AppData\Local\Temp\05C665B2A34C8011E275AB40B3E26E7F.exe
        "C:\Users\Admin\AppData\Local\Temp\05C665B2A34C8011E275AB40B3E26E7F.exe"
        2⤵
          PID:2356
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:3112

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1764-0-0x000000007440E000-0x000000007440F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1764-1-0x0000000000A10000-0x0000000000AF8000-memory.dmp

          Filesize

          928KB

          Download

        • memory/1764-2-0x0000000005700000-0x00000000057E6000-memory.dmp

          Filesize

          920KB

          Download

        • memory/1764-4-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-10-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-66-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-62-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-60-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-58-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-56-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-52-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-50-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-48-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-46-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-44-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-42-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-38-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-36-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-34-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-32-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-28-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-26-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-24-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-22-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-21-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-16-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-14-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-12-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-8-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-6-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-64-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-54-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-40-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-30-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-18-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-3-0x0000000005700000-0x00000000057E1000-memory.dmp

          Filesize

          900KB

          Download

        • memory/1764-1181-0x00000000054F0000-0x0000000005548000-memory.dmp

          Filesize

          352KB

          Download

        • memory/1764-1180-0x0000000074400000-0x0000000074BB1000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1764-1179-0x0000000074400000-0x0000000074BB1000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1764-1182-0x00000000057F0000-0x000000000583C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/1764-1196-0x000000007440E000-0x000000007440F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1764-1197-0x0000000074400000-0x0000000074BB1000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1764-1198-0x0000000006190000-0x0000000006736000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/1764-1199-0x00000000059C0000-0x0000000005A14000-memory.dmp

          Filesize

          336KB

          Download

        • memory/1764-1205-0x0000000074400000-0x0000000074BB1000-memory.dmp

          Filesize

          7.7MB

          Download