79d09a008ac61e606845d0e17b4fd423bb584807a5c6ae8eb6584215c6856e7b

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17-06-2024 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LiveScreensaver.exe
Size

2.9MB
MD5

8c78a65d57a66d312e63ac2785fe1c91
SHA1

c7325ee8ab0ff76e6270ad9e6d41addc448e736d
SHA256

b5c06208e3101120d70b7e1f84d8bcc169432a94482126a5a9c0ff3565d86aa0
SHA512

a58542ed77b863992e8d3ed65675b31bb1e7fae9b94d8e7282d3e1e5017d4637ba302ddf6a39b286aa1508e4733fb5a37829f072e39313798afa06881794481e
SSDEEP

49152:3r9kvdQ2RdiMQdEC2El7AP/Dy5q+66UOE7qmOdGhWTjlPkZlxWeqOMMkA8xeLHAO:3r21Q4cMQdEIl70/DMq+66UOEemOdGhr

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

LiveScreensaver.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\LIVESC~1.EXE = "1"	LiveScreensaver.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALIGNED_TIMERS\LIVESC~1.EXE = "1"	LiveScreensaver.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\LIVESC~1.EXE = "11000"	LiveScreensaver.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\LiveScreensaver.exe = "11000"	LiveScreensaver.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	LiveScreensaver.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\LiveScreensaver.exe = "1"	LiveScreensaver.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALIGNED_TIMERS	LiveScreensaver.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALIGNED_TIMERS\LiveScreensaver.exe = "1"	LiveScreensaver.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	LiveScreensaver.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LiveScreensaver.exe

pid process

2844 LiveScreensaver.exe

pid	process
2844	LiveScreensaver.exe

C:\Users\Admin\AppData\Local\Temp\LiveScreensaver.exe
"C:\Users\Admin\AppData\Local\Temp\LiveScreensaver.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2844

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads