Malware Analysis Report

2025-05-28 16:27

Sample ID 230716-rvcpksgb6v
Target Luxury Crypter.exe
SHA256 fb1121c26cbe32dc1af83a2b11ca4781a1d76e0d8ac7f76795f43cec3d4063bb
Tags
agilenet
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

fb1121c26cbe32dc1af83a2b11ca4781a1d76e0d8ac7f76795f43cec3d4063bb

Threat Level: Shows suspicious behavior

The file Luxury Crypter.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet

Obfuscated with Agile.Net obfuscator

Loads dropped DLL

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-07-16 14:30

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-16 14:30

Reported

2023-07-16 14:33

Platform

win7-20230712-en

Max time kernel

136s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe

"C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe"

Network

N/A

Files

memory/1648-54-0x0000000074340000-0x0000000074A2E000-memory.dmp

memory/1648-55-0x0000000001120000-0x000000000222A000-memory.dmp

memory/1648-56-0x0000000000CA0000-0x0000000000CE0000-memory.dmp

memory/1648-57-0x0000000007F00000-0x0000000008F3A000-memory.dmp

memory/1648-58-0x0000000005F00000-0x000000000614C000-memory.dmp

memory/1648-59-0x0000000005D70000-0x0000000005E8A000-memory.dmp

memory/1648-60-0x0000000000240000-0x00000000002A2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\53b4dde3-ceef-4149-b63d-4b67cc36c3e9\GunaDotNetRT.dll

MD5 9af5eb006bb0bab7f226272d82c896c7
SHA1 c2a5bb42a5f08f4dc821be374b700652262308f0
SHA256 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA512 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

memory/1648-67-0x0000000073A30000-0x0000000073A67000-memory.dmp

\Users\Admin\AppData\Local\Temp\53b4dde3-ceef-4149-b63d-4b67cc36c3e9\GunaDotNetRT.dll

MD5 9af5eb006bb0bab7f226272d82c896c7
SHA1 c2a5bb42a5f08f4dc821be374b700652262308f0
SHA256 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA512 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

memory/1648-69-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-70-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-68-0x0000000074130000-0x00000000741B0000-memory.dmp

memory/1648-72-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-74-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-76-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-78-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-80-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-84-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-82-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-86-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-90-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-88-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-130-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-128-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-126-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-124-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-122-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-120-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-118-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-116-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-114-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-112-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-110-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-108-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-106-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-104-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-102-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-100-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-98-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-96-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-94-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-92-0x0000000005F00000-0x0000000006148000-memory.dmp

memory/1648-528-0x0000000074340000-0x0000000074A2E000-memory.dmp

memory/1648-698-0x0000000000CA0000-0x0000000000CE0000-memory.dmp

memory/1648-882-0x0000000073A30000-0x0000000073A67000-memory.dmp

memory/1648-10668-0x0000000005900000-0x0000000005966000-memory.dmp

memory/1648-10669-0x0000000000CA0000-0x0000000000CE0000-memory.dmp

memory/1648-10670-0x0000000000CA0000-0x0000000000CE0000-memory.dmp

memory/1648-10671-0x0000000001110000-0x000000000111A000-memory.dmp

memory/1648-10672-0x0000000006E10000-0x0000000006E36000-memory.dmp

memory/1648-10674-0x0000000000CA0000-0x0000000000CE0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-07-16 14:30

Reported

2023-07-16 14:33

Platform

win10v2004-20230703-en

Max time kernel

151s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe

"C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

memory/4080-133-0x0000000074AE0000-0x0000000075290000-memory.dmp

memory/4080-134-0x0000000000D30000-0x0000000001E3A000-memory.dmp

memory/4080-135-0x0000000006710000-0x00000000067AC000-memory.dmp

memory/4080-136-0x0000000006D60000-0x0000000007304000-memory.dmp

memory/4080-137-0x0000000006850000-0x00000000068E2000-memory.dmp

memory/4080-138-0x0000000006700000-0x0000000006710000-memory.dmp

memory/4080-139-0x00000000067B0000-0x00000000067BA000-memory.dmp

memory/4080-140-0x00000000069F0000-0x0000000006A46000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\53b4dde3-ceef-4149-b63d-4b67cc36c3e9\GunaDotNetRT.dll

MD5 9af5eb006bb0bab7f226272d82c896c7
SHA1 c2a5bb42a5f08f4dc821be374b700652262308f0
SHA256 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA512 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

memory/4080-146-0x0000000071200000-0x0000000071237000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\53b4dde3-ceef-4149-b63d-4b67cc36c3e9\GunaDotNetRT.dll

MD5 9af5eb006bb0bab7f226272d82c896c7
SHA1 c2a5bb42a5f08f4dc821be374b700652262308f0
SHA256 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA512 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

memory/4080-149-0x00000000734F0000-0x0000000073579000-memory.dmp

memory/4080-150-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-151-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-153-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-155-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-157-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-159-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-161-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-163-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-165-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-167-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-169-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-171-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-173-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-175-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-177-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-179-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-181-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-183-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-185-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-187-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-189-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-191-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-193-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-195-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-197-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-199-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-201-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-203-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-205-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-207-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-209-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-211-0x0000000007310000-0x0000000007558000-memory.dmp

memory/4080-217-0x0000000074AE0000-0x0000000075290000-memory.dmp

memory/4080-409-0x0000000006700000-0x0000000006710000-memory.dmp

memory/4080-478-0x0000000071200000-0x0000000071237000-memory.dmp