4454e4ab5ba2a9276ee993fbcc1d1c667d60ead18e9ca4c7161d142ed1d7ab1d

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-03-2023 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Luxury Shield.exe
Size

17.1MB
MD5

be0d52d163806c824bdbcf4fdae1c1cb
SHA1

f7421212d0757563a8f5faa95ba148439884523d
SHA256

37bd9f4d88ff52c03a663d4a4bfbe2fcfc3232b854b3b56ef41116f522373a87
SHA512

8d4c66fb37ac46ac64f82b198e499f344960ca40386970b50538cc5d1c07a92b299cb04d05c37c4018ee5108ed8d2509694bd3b93f43cd70afa03b1350c21065
SSDEEP

196608:4dY4ohMRfIGA5v68+v+D+r+pqpvJiADKMxE9EPTVIchOXC:+YhhHJ6SqpvfDlxE9yVeC

Score

7^/10

agilenet

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

Luxury Shield.exe

pid process

2984 Luxury Shield.exe

pid	process
2984	Luxury Shield.exe

Obfuscated with Agile.Net obfuscator 32 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral3/memory/2984-149-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-151-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-153-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-155-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-157-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-159-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-161-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-163-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-165-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-167-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-169-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-171-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-173-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-175-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-177-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-179-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-181-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-183-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-185-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-187-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-189-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-191-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-193-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-195-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-197-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-199-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-201-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-203-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-205-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-207-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-209-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net
behavioral3/memory/2984-211-0x00000000085F0000-0x0000000008838000-memory.dmp	agile_net

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Luxury Shield.exe

description pid process

Token: SeDebugPrivilege 2984 Luxury Shield.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

Luxury Shield.exe

pid process

2984 Luxury Shield.exe
2984 Luxury Shield.exe

description	pid	process
Token: SeDebugPrivilege	2984	Luxury Shield.exe

pid	process
2984	Luxury Shield.exe
2984	Luxury Shield.exe

C:\Users\Admin\AppData\Local\Temp\Luxury Shield.exe
"C:\Users\Admin\AppData\Local\Temp\Luxury Shield.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\53b4dde3-ceef-4149-b63d-4b67cc36c3e9\GunaDotNetRT.dll

Filesize
136KB

MD5
9af5eb006bb0bab7f226272d82c896c7

SHA1
c2a5bb42a5f08f4dc821be374b700652262308f0

SHA256
77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db

SHA512
7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

Download Submit
C:\Users\Admin\AppData\Local\Temp\53b4dde3-ceef-4149-b63d-4b67cc36c3e9\GunaDotNetRT.dll

Filesize
136KB

MD5
9af5eb006bb0bab7f226272d82c896c7

SHA1
c2a5bb42a5f08f4dc821be374b700652262308f0

SHA256
77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db

SHA512
7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

Download Submit
C:\Users\Admin\AppData\Roaming\WK.Libraries.FontsInstaller\Karla.ttf

Filesize
37KB

MD5
871b31793a538de46b8ffaf916a5080b

SHA1
0f239aa4f2a6cd8a69d5cc71e0c05601c80b62d0

SHA256
08a5aa42ebf8c0cd1aef8d76a0227e919c5f70f54c3c246dd53bc2e91ef14d53

SHA512
1b9972a665fd4783b17ed63a9cf2d84fdd5294c72592e0412e53454b744eb07e8a73184ba153e85feacc38178b062d014067f1cfa52e265a193d0df61a1fb057

Download Submit
C:\Users\Admin\AppData\Roaming\WK.Libraries.FontsInstaller\Unavailable\Installer.vbs

Filesize
15KB

MD5
f3040d44a71f07e4117dbf0755391d90

SHA1
099fb8bbb44b1d83b9c0e942d3530870c32ffc47

SHA256
590538e3897a340f3e9549155f93152afaf378d2cbee8027d3fb23bf5265a475

SHA512
20385d05d2701a101069f760a1ca09cd8fc332daf4000c0d4e9e35d0d5d647c0cc7197e6a52ec796644f5fd5d9f3e07d2d54ea311633ce0c7ea44cb9f0df877a

Download Submit
memory/2984-133-0x0000000000E60000-0x0000000001F84000-memory.dmp

Filesize
17.1MB

Download
memory/2984-134-0x0000000006940000-0x00000000069DC000-memory.dmp

Filesize
624KB

Download
memory/2984-135-0x0000000007080000-0x0000000007624000-memory.dmp

Filesize
5.6MB

Download
memory/2984-136-0x0000000006AD0000-0x0000000006B62000-memory.dmp

Filesize
584KB

Download
memory/2984-137-0x0000000006920000-0x000000000692A000-memory.dmp

Filesize
40KB

Download
memory/2984-138-0x0000000006A60000-0x0000000006AB6000-memory.dmp

Filesize
344KB

Download
memory/2984-139-0x0000000007000000-0x0000000007012000-memory.dmp

Filesize
72KB

Download
memory/2984-148-0x0000000006AC0000-0x0000000006AD0000-memory.dmp

Filesize
64KB

Download
memory/2984-147-0x0000000073AF0000-0x0000000073B79000-memory.dmp

Filesize
548KB

Download
memory/2984-149-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-151-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-150-0x0000000071500000-0x0000000071537000-memory.dmp

Filesize
220KB

Download
memory/2984-153-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-155-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-157-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-159-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-161-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-163-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-165-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-167-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-169-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-171-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-173-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-175-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-177-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-179-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-181-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-183-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-185-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-187-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-189-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-191-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-193-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-195-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-197-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-199-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-201-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-203-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-205-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-207-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-209-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-211-0x00000000085F0000-0x0000000008838000-memory.dmp

Filesize
2.3MB

Download
memory/2984-685-0x0000000006AC0000-0x0000000006AD0000-memory.dmp

Filesize
64KB

Download
memory/2984-688-0x0000000071500000-0x0000000071537000-memory.dmp

Filesize
220KB

Download
memory/2984-10748-0x0000000006AC0000-0x0000000006AD0000-memory.dmp

Filesize
64KB

Download
memory/2984-10749-0x0000000006AC0000-0x0000000006AD0000-memory.dmp

Filesize
64KB

Download
memory/2984-10750-0x0000000006AC0000-0x0000000006AD0000-memory.dmp

Filesize
64KB

Download
memory/2984-10751-0x000000000C210000-0x000000000C24C000-memory.dmp

Filesize
240KB

Download
memory/2984-10975-0x0000000006AC0000-0x0000000006AD0000-memory.dmp

Filesize
64KB

Download
memory/2984-10976-0x0000000006AC0000-0x0000000006AD0000-memory.dmp

Filesize
64KB

Download
memory/2984-10977-0x0000000006AC0000-0x0000000006AD0000-memory.dmp

Filesize
64KB

Download