Overview

overview

7

Static

static

3

Windows.Re...ox.exe

windows7-x64

3

Windows.Re...ox.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Windows Repair Toolbox v3.0.3.6 Portable [x64].zip

  • Size

    3.2MB

  • Sample

    230524-1g81asfa42

  • MD5

    e9d65b27d811c724ee0f32e1ecd9fa32

  • SHA1

    821f9228485c2bfaaab09e18583613f9d0c19260

  • SHA256

    f8228905633d71727e771847b169adf962bb562e0c8d1045b8e86bfa9fd80a3a

  • SHA512

    3dddcdcc2b3f219b3d9e0ecbe7776754c02e11ac6d46dcd221080961dca609e8f5fdae8cca1ac3ff8a741076783ea00290bab8b70e255721f95a1411649161c7

  • SSDEEP

    98304:u4jvbM+cXoFxb69MjxBbW2KUcNq9nvMBlZGBbs6t8q:RvbfbWKBtwq9QlcPtD

Score
7/10
upx

Malware Config

Targets

    • Target

      Windows.Repair.Toolbox.3.0.3.6 Portable/Windows_Repair_Toolbox.exe

    • Size

      1.8MB

    • MD5

      3a2c538701ca3d227a48da5803faba4a

    • SHA1

      731c6bf788a1586f743ba06531b9483c6d057814

    • SHA256

      587b38c2060741aa113db096f441dec56443bb78a3e04a335730a0eb655f7130

    • SHA512

      f6439bd52746423357d0d41e16ddff510a874422cf8c8d16be9019dd12fe3a66cbd18ce114735a4d16aca1ca2792965bdd2c936db248dc7a7e66b735583528fd

    • SSDEEP

      24576:j3w9/iavm7oUAGsRG6M7VWgCdaho6ukF181zF1cqyNGPNKNAYfixUG7ktXaLwopy:jg9/iavmJpu3/C2lJ8UJY

    Score
    7/10
    upx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks