851eaeff0283fe2cfbbc235262f994576ad17703375fab4cab54046f124b16d5

Analysis

max time kernel
141s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22/03/2023, 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Tracker-6.1.2-windows-x64-installer.exe
Size

140.1MB
MD5

f2ef96c32616189372aa4912667a21b8
SHA1

9f786a03f94b0feb155d409a63d6613db9a0f93b
SHA256

851eaeff0283fe2cfbbc235262f994576ad17703375fab4cab54046f124b16d5
SHA512

d8ce172096145b63d228d6434d507d437f4d06c54b97bf4342ad0a00a71f871efa835275ed018250162752e46702ec3356c479fcad409cd31fb02c00658b033a
SSDEEP

3145728:p3oVvZIiUGEG/ZNGDiI61nNgMoqsL3awmOpTsiUExUS:p4jljTFtNPoJT9mOZsiUEv

Score

7^/10

evasion trojan

Malware Config

Signatures

Loads dropped DLL 14 IoCs

pid	Process
1056	Tracker-6.1.2-windows-x64-installer.exe
1056	Tracker-6.1.2-windows-x64-installer.exe
1056	Tracker-6.1.2-windows-x64-installer.exe
1056	Tracker-6.1.2-windows-x64-installer.exe
1056	Tracker-6.1.2-windows-x64-installer.exe
1056	Tracker-6.1.2-windows-x64-installer.exe
1056	Tracker-6.1.2-windows-x64-installer.exe
1056	Tracker-6.1.2-windows-x64-installer.exe
1056	Tracker-6.1.2-windows-x64-installer.exe
1056	Tracker-6.1.2-windows-x64-installer.exe
1056	Tracker-6.1.2-windows-x64-installer.exe
1056	Tracker-6.1.2-windows-x64-installer.exe
1056	Tracker-6.1.2-windows-x64-installer.exe
1056	Tracker-6.1.2-windows-x64-installer.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Tracker-6.1.2-windows-x64-installer.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Tracker-6.1.2-windows-x64-installer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Tracker-6.1.2-windows-x64-installer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Tracker-6.1.2-windows-x64-installer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1056	Tracker-6.1.2-windows-x64-installer.exe
1056	Tracker-6.1.2-windows-x64-installer.exe

C:\Users\Admin\AppData\Local\Temp\Tracker-6.1.2-windows-x64-installer.exe
"C:\Users\Admin\AppData\Local\Temp\Tracker-6.1.2-windows-x64-installer.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:1056

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\BRL00000420\BR24B1.tmp

Filesize
64KB

MD5
d2e59ee980c15085bbe292082abec7e6

SHA1
30154e439177235e768c6fc9c7e6d83e9320a80b

SHA256
eb10d4d4b459f4bbaf611538ed8098c7fad5a839495085f3363b3bf1050c4958

SHA512
6f61f337ee24a8fab29afcbcd2a5e674c5745cf5caaba99e58fc9d762fae3620864262d23118728ed6d124ab51feeaa7d9057042b6a42bc9e49feda18005a7ca

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000420\BR253E.tmp

Filesize
356KB

MD5
c3c4f3fe90e3b3b02bea0e8da3447ed2

SHA1
7ac0f54119d2273a2cd261f1fe6c5667e9c486df

SHA256
3524ec77985e390acf9d07d81b1b44305165d711bbca770f7458ea0a78751f82

SHA512
0e24c9394c635a3f1671a297f97b613e6936cd8f862a214125d3456324a18668ae138d5c4fde036f55e2b13b158e4cebc53f78153862a008b1ae747eab228a60

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000420\BR25DB.tmp

Filesize
59KB

MD5
f62dd6ce51e19349ec1d1f2e88c4ef4d

SHA1
60bd29538b4fecaf527ba8b7d92b7f32d2e72ddb

SHA256
be88244da9faaa6636a9d2f4c4249c08066a0b48359690b9b27a2b9ed47e093d

SHA512
ba68a59427ec252b895e1c3d6879e0c7a010893d23b5a8687ce86d738faaec1367f73abbcf63fb8ce8b95d32afa3049cd59f22f0bc5a2ff2a3b123a54fe02012

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000420\BR260B.tmp

Filesize
136KB

MD5
119e67e0b0add3f09aabbde47a599e17

SHA1
991c049d2466c5242f67e664159cb025f49e5c70

SHA256
439416fcebcf073600af44a2fb83428896dc8f69120ee4a76ee490a6428d6c94

SHA512
88d85765867555f8bf22db707ae49042db1a1bb1ed8a093afe4d10446b25e6400a2811f88bc5af9edb16b2b4f0366b09177cb9116c89e6950cb96b9fb2d93572

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000420\BR262B.tmp

Filesize
513KB

MD5
5fbc6bd806a8a6c460faceeea73bd7f7

SHA1
4d1586a9631a72c3e1d75fb3c385dbd278804665

SHA256
8033d1b3af84d47d275e022608da35baac16cf40d9607ca026a47b6cd65e6a97

SHA512
4c51f9f331ac15206942e13504334b4c3549888519388607c44b617a68a9095114b0e6127e82b84170445df06260cc62308bc197b90cfb95af18d7cb6d413195

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000420\BR26A9.tmp

Filesize
235KB

MD5
51c675fc1ef0a62322052d3e86567c06

SHA1
e295d0b668105d81f9180ef1056d0528e4b2116a

SHA256
aaa3d7e589e9be1911eee5974afa68c64af1bbd5e039ff6a82a15c2b54c0f9f0

SHA512
a352e82db5c930c73165a48337ae51acda7ebd393b8b0b57d03d2e1b5057c41c26b1f321759b7bc521166890853ecdad7b37531212243ad86e181e2252a3b78d

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000420\BR2708.tmp

Filesize
18KB

MD5
6d2c718c3059ceaa7b90919e6725a09a

SHA1
489967f8fe2b9021a891112754b840fe7dc71d13

SHA256
2ca70bc6394ee1b299a8cf1fe28e95c7d68b765e1828db1b651a7a62acae5356

SHA512
37547e9c6080d0dcb3ea23d9c856ce689997275b40d72bf9fd7c7c165e8cee4afe2ebe52e052c5f8bfc3e618391425219e9681191ee6f650444ebd643cb5a50d

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000420\BR27C4.tmp

Filesize
19KB

MD5
a56543b9cd3aa403311b49189d25851e

SHA1
bd2609d35d4a967fe23ef4092b1daa6f74a858ad

SHA256
034756f772399552cd33605a189ee0e45d7947860e0d83ec12aa6da1a5a42054

SHA512
2237f493d70799675ae0e395f551b6cd46ff4789e46e2453c48fede07b7623b4b8111904d6fa139c204eea4405b5fd5812b0a91f27374219b721339149c25edf

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000420\BR293B.tmp

Filesize
96KB

MD5
9b299884420745d80c70bba6b8a7f05a

SHA1
195423185a7776e072a65fbabae868c15f7b2f56

SHA256
9426e96a97f41645fab524385a852687792f99b505554b6b9809ed99451b2399

SHA512
ed839dc1b6ef53f3663b6055fb2869a522600b2af8d8a800958ddb531154f4e9a3f1733f32dff5511a22fe01525191c8683519cbdcedec138b1bcf3425f2155b

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000420\BR295C.tmp

Filesize
115KB

MD5
54431791b0b31ccd0112486f542858a1

SHA1
e628f2dc29d039d474f97fe67e562bd8798c6ba6

SHA256
b382c74f532ab766c272ed11b107a3ef7c015cca2e716243379058c084981332

SHA512
fab7561a312afdc92dcf70fe8a80356914153bdb9ff46d64b8f4e8d872a5a619a72a9ae5a8af656f371a59672737fe5990d33990154ad3b5d006a68cbefd01f3

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000420\BR29BA.tmp

Filesize
53KB

MD5
2c8f6a964ca7761122f7da22042462f4

SHA1
290e48bf0f83b3f3832f69bb1ea0637ed4d8ccca

SHA256
9d6f2629aa5978dd6b87fe9bce77a5cf0135b8da2980a050579eb4e23a92f8fa

SHA512
88c49dbc5a5cce28fc61689b953e091dc5114196a9ce5977de1bc1ea916333d73a13d06abb56b7afd88f6c4f80953a2b9b720cd79e773a1246d44b37eae4cbf8

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000420\BR29FA.tmp

Filesize
53KB

MD5
4640fd47f64bb72cb34dbafee65dbdde

SHA1
508c8713e06ba55588d41918c5a99308cb4b37a0

SHA256
f02c4352ea80e1b476eb4754455ae684efb4289d95edf925e38bd3789f6ead49

SHA512
de2d05ea66ab37b7120cde8f4aeb79c6365430bd94f56b07019451e1329f8f3a2674af9ed6677b8ade59fa2185c6a48eaead47091edc8284e686260c69544a4c

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000420\BR2A1A.tmp

Filesize
218KB

MD5
7190ecf05ec3b297d6ded3e204399e95

SHA1
5c085cbbbcc8686266acfb318e75a38794625e88

SHA256
49e2c502923de5f89958de86f1cc6f91e7ddafe46d0f81bfb51a669627650e6e

SHA512
4e12adcaaebdc08e06270437dd4ebf33c4aecd5b6cce7245bf12b0303c809465d75d5b319fb262a807cf9a5cb99d808e466fc30b19d88ddcf2b3f0b9c9f74881

Download Submit
\Users\Admin\AppData\Local\Temp\BRL00000420\BR2A69.tmp

Filesize
125KB

MD5
053a60f34c75ca0a4a821b46eae86d31

SHA1
ebcf9f84a393969655969c248c2d572d7a05541c

SHA256
683f19a461948f4cca2fbece26949b34d6347dff279efece983b9f64a868422c

SHA512
346c989ef320079b5978678264059ad9e545081dded233d10dca73a72906fa01df30a3c96f6d319efcea64c198ef409748e511dab8a4d43e1fa7af50ed3f0256

Download Submit
memory/1056-118-0x0000000000E20000-0x000000000111F000-memory.dmp

Filesize
3.0MB

Download
memory/1056-120-0x0000000066680000-0x0000000066695000-memory.dmp

Filesize
84KB

Download
memory/1056-119-0x0000000074A20000-0x0000000074A35000-memory.dmp

Filesize
84KB

Download
memory/1056-122-0x0000000067C80000-0x0000000067D09000-memory.dmp

Filesize
548KB

Download
memory/1056-121-0x00000000710C0000-0x00000000710E3000-memory.dmp

Filesize
140KB

Download
memory/1056-123-0x000000006C580000-0x000000006C599000-memory.dmp

Filesize
100KB

Download
memory/1056-124-0x0000000074A10000-0x0000000074A1E000-memory.dmp

Filesize
56KB

Download
memory/1056-128-0x0000000063980000-0x0000000063994000-memory.dmp

Filesize
80KB

Download
memory/1056-130-0x000000006A180000-0x000000006A1B9000-memory.dmp

Filesize
228KB

Download
memory/1056-129-0x0000000063100000-0x0000000063114000-memory.dmp

Filesize
80KB

Download
memory/1056-127-0x0000000067E00000-0x0000000067E20000-memory.dmp

Filesize
128KB

Download
memory/1056-126-0x0000000066C00000-0x0000000066C1B000-memory.dmp

Filesize
108KB

Download
memory/1056-125-0x000000006CA00000-0x000000006CA0E000-memory.dmp

Filesize
56KB

Download
memory/1056-131-0x0000000066080000-0x00000000660A3000-memory.dmp

Filesize
140KB

Download
memory/1056-132-0x0000000000E20000-0x000000000111F000-memory.dmp

Filesize
3.0MB

Download
memory/1056-146-0x0000000000E20000-0x000000000111F000-memory.dmp

Filesize
3.0MB

Download
memory/1056-160-0x0000000000E20000-0x000000000111F000-memory.dmp

Filesize
3.0MB

Download
memory/1056-174-0x0000000000E20000-0x000000000111F000-memory.dmp

Filesize
3.0MB

Download