Overview

overview

10

Static

static

8

10 to XP R...rd.dll

windows10-2004-x64

3

10 to XP R...rd.dll

windows10-2004-x64

3

10 to XP R...rd.dll

windows10-2004-x64

1

10 to XP R...rd.dll

windows10-2004-x64

1

10 to XP R...rd.dll

windows10-2004-x64

1

10 to XP R...lc.exe

windows10-2004-x64

1

10 to XP R...md.exe

windows10-2004-x64

1

10 to XP R...nt.exe

windows10-2004-x64

4

10 to XP R...ad.exe

windows10-2004-x64

1

10 to XP R...32.exe

windows10-2004-x64

1

10 to XP R...gr.exe

windows10-2004-x64

1

10 to XP R...ad.exe

windows10-2004-x64

1

10 to XP R...64.exe

windows10-2004-x64

8

10 to XP R....6.exe

windows10-2004-x64

7

10 to XP R...x).exe

windows10-2004-x64

1

10 to XP R...te.exe

windows10-2004-x64

8

10 to XP R...up.exe

windows10-2004-x64

3

10 to XP R....1.exe

windows10-2004-x64

8

10 to XP R...vB.dll

windows10-2004-x64

1

10 to XP R...ll.exe

windows10-2004-x64

8

10 to XP R...ne.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    115s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2022, 19:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10 to XP Remake/Windows XP Icons/WinXP Iconpack By 2013Windows8.1.exe

  • Size

    11.5MB

  • MD5

    442318353ec1d640f6b5e4b9bac87d3b

  • SHA1

    8aac35fda5b8f37432c6742df6a77dd87bc62d90

  • SHA256

    5b515c7b2de619f7f82311d8617ebef70f1fc2f42a84cc7e0f0519c90a6e1619

  • SHA512

    69e91bf435d114fe5cf1f5cf765caf4a61de03232b2c30dfc902476c831aa47c954c9da4551a7ab4c7d1ae0ef63d56f54cfdde2aac2086309deb1c6fd03a3177

  • SSDEEP

    196608:L6jQBY69YztQAdaCuoi2XxlN59cti0mktWjDlqF6WEwT4RpAAAD3OU9a5hvkpzf:LzBY2ekC/ialjlLYW/gsWdBq512zf

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Program Files directory 25 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10 to XP Remake\Windows XP Icons\WinXP Iconpack By 2013Windows8.1.exe
    "C:\Users\Admin\AppData\Local\Temp\10 to XP Remake\Windows XP Icons\WinXP Iconpack By 2013Windows8.1.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Program Files (x86)\WinXP Iconpack By 2013Windows8.1\iPack_Installer.exe
      "C:\Program Files (x86)\WinXP Iconpack By 2013Windows8.1\iPack_Installer.exe"
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Drops file in Program Files directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4612
      • C:\Program Files (x86)\WinXP Iconpack By 2013Windows8.1\7z.exe
        "C:\Program Files (x86)\WinXP Iconpack By 2013Windows8.1\7z.exe" x -y -bd "C:\Program Files (x86)\WinXP Iconpack By 2013Windows8.1\Resource.7z"
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:452

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\WinXP Iconpack By 2013Windows8.1\7z.exe
    Filesize

    148KB

    MD5

    f3d2f74e271da7fa59d9a4c860e6f338

    SHA1

    96e9fa8808fbe176494a624b4a7b5afc9306f93a

    SHA256

    d2c632a87f70039f8812f0bd5602379e288bfac237b0fce41cb5d8c757c70be3

    SHA512

    1553ba5d27ef59015ee4ff05e37d79a3da5d2257de193e61800f587917dbc5ba97e1d499448b41e370962b977570a4ea1c936e791d886e71384edaba39d5fe30

    Download Submit

  • C:\Program Files (x86)\WinXP Iconpack By 2013Windows8.1\7z.exe
    Filesize

    148KB

    MD5

    f3d2f74e271da7fa59d9a4c860e6f338

    SHA1

    96e9fa8808fbe176494a624b4a7b5afc9306f93a

    SHA256

    d2c632a87f70039f8812f0bd5602379e288bfac237b0fce41cb5d8c757c70be3

    SHA512

    1553ba5d27ef59015ee4ff05e37d79a3da5d2257de193e61800f587917dbc5ba97e1d499448b41e370962b977570a4ea1c936e791d886e71384edaba39d5fe30

    Download Submit

  • C:\Program Files (x86)\WinXP Iconpack By 2013Windows8.1\Resource.7z
    Filesize

    6.1MB

    MD5

    6b86b243bacb0ad81bba846da4c62f97

    SHA1

    8951b600fb47b915df0b9ab1b4cd7296401b392d

    SHA256

    bf7841f05fcfefb01ba8487965c1b42d18e36e6d959a0177e9653c15a758de44

    SHA512

    fbbb5f434983c780d6892dddd06e81d8fb17b0f37381b7af0b694dc56971352ce89f10b6a7a76b19812294bfbb127486cc226e1a1ec599663b476435338ba252

    Download Submit

  • C:\Program Files (x86)\WinXP Iconpack By 2013Windows8.1\Resource.iPack
    Filesize

    6.1MB

    MD5

    e8e27a66d5ba4d8f2239bfc735ea7d33

    SHA1

    7a6eb2f5ed6643b11c4dbdbf066dec2466c31d9b

    SHA256

    914ece74111afe1c3d5c55233e103a50a913b2ff7d73566e9cce5a9d5c98679b

    SHA512

    1bf5fdfbd2cd61998b0408ed1d9ac456a95436a7b174250d9cb77a1a55f70706a4ef57a31bb8989ba32f7e74bf44e6b5d69cf2321f476143ab1ed2d09756c6b5

    Download Submit

  • C:\Program Files (x86)\WinXP Iconpack By 2013Windows8.1\Setup files-iPack\Configuration.config
    Filesize

    283B

    MD5

    562fd0f215a1a5019055fc4194ed09b0

    SHA1

    0acf0be099c7f53d75ce255978df4e5c49d7dec6

    SHA256

    c9af2a865264132c9a6fe9d3ade5cfdc13d736b96e82f183154283ac609efac1

    SHA512

    0a34a6bfbef17aa98e4a3b2318f29fd8e4548d3ea4e804f8ffd619f66ab3bb74c5c23475d0579d0ae832b6557f73b4616b8610b9b229c865fe2806b704edeaa8

    Download Submit

  • C:\Program Files (x86)\WinXP Iconpack By 2013Windows8.1\Setup files-iPack\License.txt
    Filesize

    338B

    MD5

    244ab997b94e13a21c3f6985f5ba2c98

    SHA1

    bca930cb81187edf95b6f9012e9bf00a5ae0a6d2

    SHA256

    3c36da00502c264bb4d4c538a14f275282ca7d525d49391a948d4fff96559860

    SHA512

    7b717b5681bdb452154b7114e421f0b1382229018231072b5fd2bccd4609904a2f1b554ce5cde5d6a4c99acc318a304598d48a6a0b18f68e203cacdec964e3cd

    Download Submit

  • C:\Program Files (x86)\WinXP Iconpack By 2013Windows8.1\Setup files-iPack\logo.png
    Filesize

    23.9MB

    MD5

    417da0345c8842aa733dadb90e385c46

    SHA1

    0ef8152a4e976f2588ce1e43f73e2fa23b72afa1

    SHA256

    2a146d4c1c2bfd115f76a094efaaaa871b47e2175b02f55ecbfb2e7c84684851

    SHA512

    9fb72b5cfa65e29c0b3ad8f51b2313782358fd326def7519d25991135495f94dad13dfc48e0db7a8a64d287caaa6ab7377d6ed682e8b0353683b59ac7eca6142

    Download Submit

  • C:\Program Files (x86)\WinXP Iconpack By 2013Windows8.1\iPack_Installer.exe
    Filesize

    966KB

    MD5

    80305ac22ab2e80500e7bdd44e8730e0

    SHA1

    2f8e5acbc204815fd650091aa9a44d233d00798a

    SHA256

    a1bb130377b70dbeb100de5f85546ebb4300e5ee184276c8e3609f5e96078313

    SHA512

    aac0e30ad5ae695bff90b901efb2da62ed6ef2bffb384870082fbefa02ee8ee1a691ccc521ed00314de67b69d62026a77940675fc06dca8d303bc7e20ea822a1

    Download Submit

  • C:\Program Files (x86)\WinXP Iconpack By 2013Windows8.1\iPack_Installer.exe
    Filesize

    966KB

    MD5

    80305ac22ab2e80500e7bdd44e8730e0

    SHA1

    2f8e5acbc204815fd650091aa9a44d233d00798a

    SHA256

    a1bb130377b70dbeb100de5f85546ebb4300e5ee184276c8e3609f5e96078313

    SHA512

    aac0e30ad5ae695bff90b901efb2da62ed6ef2bffb384870082fbefa02ee8ee1a691ccc521ed00314de67b69d62026a77940675fc06dca8d303bc7e20ea822a1

    Download Submit

  • C:\Program Files (x86)\WinXP Iconpack By 2013Windows8.1\iPack_Installer.exe.config
    Filesize

    171B

    MD5

    cb143eef30f7ad481e715926b63928f4

    SHA1

    4bb8ae8914d07d475c4c5bbf97abfa8c60544e00

    SHA256

    6105a59eaa1401813a363239fb193a79179d3abc93abc4f65f180e60770b6e17

    SHA512

    e3067b72b255772a73d8ea4564e4874008fb52de9e18cfcdfda547408288826629f1f2ce7c0efb07b9528d34e0efd0635b91560df50f12edd4b5c19cef5af19d

    Download Submit

  • memory/452-147-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/452-148-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2548-132-0x0000000000400000-0x0000000000447000-memory.dmp

    Filesize

    284KB

    Download

  • memory/2548-149-0x0000000000400000-0x0000000000447000-memory.dmp

    Filesize

    284KB

    Download

  • memory/4612-140-0x000000000131A000-0x000000000131F000-memory.dmp

    Filesize

    20KB

    Download

  • memory/4612-137-0x00007FF951FC0000-0x00007FF9529F6000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/4612-150-0x000000000131A000-0x000000000131F000-memory.dmp

    Filesize

    20KB

    Download