General
-
Target
--d8kxdir.zip
-
Size
9.8MB
-
Sample
220504-qgz3aageak
-
MD5
7c2d211e903c679f653ca6138b4cf110
-
SHA1
98cf44677ba20c3b927c5866a14289692d84c386
-
SHA256
fea70f1113b11df7ee03d4889418d06d1fa1f99d705aafdbdbfbace317812452
-
SHA512
a46ad87863441de74743bbb826dd0d1e960e2c3f1e86ff9b3873d8bab43cb41d06f5445ae463ce51b5f24a0808fbe887f5b79fe8e736f57d5b005af4583c08e8
Static task
static1
Behavioral task
behavioral1
Sample
--d8kxdir.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
--d8kxdir.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
.............exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
.............exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
--d8kxdir.exe
-
Size
7.5MB
-
MD5
275c014963f2ef27dd3e39e9c60d9da7
-
SHA1
53bf33dad945c79396eefdadd9f94f0c98750ba1
-
SHA256
7dcbc5676b17a35dfff8197bddd6c3b4575b2ec8e3f46afe3521983400d996ce
-
SHA512
ba0e2577d8761c649ab2bd7d0888d3c079b41c9fe4e7103d5698862df12b2e1c38c6233baac6cd9c0ccb422b36e44d5a3d7e46f7311aa099149ad41137b67b4d
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
.............exe
-
Size
3.9MB
-
MD5
1c9d03acc5ce4d1565e01418e2892087
-
SHA1
345be215d0017d06a3934150105389730038fa69
-
SHA256
bdb03d50cba10bbbaea2409521c515d15f3e674e6ccabbadfec319bdc08cd1ea
-
SHA512
1442ad0b3af4fddc1c6980426a25f6d2c4b033902b8cc42596ad0077385ca3d56e4fed4517a61fe4d5b5b185b34030196ac9c5dcc61d93fd48292aed2b7998e8
Score10/10-
Registers COM server for autorun
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Loads dropped DLL
-
Modifies file permissions
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-