Analysis Overview
SHA256
fb1121c26cbe32dc1af83a2b11ca4781a1d76e0d8ac7f76795f43cec3d4063bb
Threat Level: Shows suspicious behavior
The file Luxury Crypter.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obfuscated with Agile.Net obfuscator
Loads dropped DLL
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-07-16 14:30
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-07-16 14:30
Reported
2023-07-16 14:33
Platform
win7-20230712-en
Max time kernel
136s
Max time network
133s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe
"C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe"
Network
Files
memory/1648-54-0x0000000074340000-0x0000000074A2E000-memory.dmp
memory/1648-55-0x0000000001120000-0x000000000222A000-memory.dmp
memory/1648-56-0x0000000000CA0000-0x0000000000CE0000-memory.dmp
memory/1648-57-0x0000000007F00000-0x0000000008F3A000-memory.dmp
memory/1648-58-0x0000000005F00000-0x000000000614C000-memory.dmp
memory/1648-59-0x0000000005D70000-0x0000000005E8A000-memory.dmp
memory/1648-60-0x0000000000240000-0x00000000002A2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\53b4dde3-ceef-4149-b63d-4b67cc36c3e9\GunaDotNetRT.dll
| MD5 | 9af5eb006bb0bab7f226272d82c896c7 |
| SHA1 | c2a5bb42a5f08f4dc821be374b700652262308f0 |
| SHA256 | 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db |
| SHA512 | 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a |
memory/1648-67-0x0000000073A30000-0x0000000073A67000-memory.dmp
\Users\Admin\AppData\Local\Temp\53b4dde3-ceef-4149-b63d-4b67cc36c3e9\GunaDotNetRT.dll
| MD5 | 9af5eb006bb0bab7f226272d82c896c7 |
| SHA1 | c2a5bb42a5f08f4dc821be374b700652262308f0 |
| SHA256 | 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db |
| SHA512 | 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a |
memory/1648-69-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-70-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-68-0x0000000074130000-0x00000000741B0000-memory.dmp
memory/1648-72-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-74-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-76-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-78-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-80-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-84-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-82-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-86-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-90-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-88-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-130-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-128-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-126-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-124-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-122-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-120-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-118-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-116-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-114-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-112-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-110-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-108-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-106-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-104-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-102-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-100-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-98-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-96-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-94-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-92-0x0000000005F00000-0x0000000006148000-memory.dmp
memory/1648-528-0x0000000074340000-0x0000000074A2E000-memory.dmp
memory/1648-698-0x0000000000CA0000-0x0000000000CE0000-memory.dmp
memory/1648-882-0x0000000073A30000-0x0000000073A67000-memory.dmp
memory/1648-10668-0x0000000005900000-0x0000000005966000-memory.dmp
memory/1648-10669-0x0000000000CA0000-0x0000000000CE0000-memory.dmp
memory/1648-10670-0x0000000000CA0000-0x0000000000CE0000-memory.dmp
memory/1648-10671-0x0000000001110000-0x000000000111A000-memory.dmp
memory/1648-10672-0x0000000006E10000-0x0000000006E36000-memory.dmp
memory/1648-10674-0x0000000000CA0000-0x0000000000CE0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-07-16 14:30
Reported
2023-07-16 14:33
Platform
win10v2004-20230703-en
Max time kernel
151s
Max time network
145s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe
"C:\Users\Admin\AppData\Local\Temp\Luxury Crypter.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
Files
memory/4080-133-0x0000000074AE0000-0x0000000075290000-memory.dmp
memory/4080-134-0x0000000000D30000-0x0000000001E3A000-memory.dmp
memory/4080-135-0x0000000006710000-0x00000000067AC000-memory.dmp
memory/4080-136-0x0000000006D60000-0x0000000007304000-memory.dmp
memory/4080-137-0x0000000006850000-0x00000000068E2000-memory.dmp
memory/4080-138-0x0000000006700000-0x0000000006710000-memory.dmp
memory/4080-139-0x00000000067B0000-0x00000000067BA000-memory.dmp
memory/4080-140-0x00000000069F0000-0x0000000006A46000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\53b4dde3-ceef-4149-b63d-4b67cc36c3e9\GunaDotNetRT.dll
| MD5 | 9af5eb006bb0bab7f226272d82c896c7 |
| SHA1 | c2a5bb42a5f08f4dc821be374b700652262308f0 |
| SHA256 | 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db |
| SHA512 | 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a |
memory/4080-146-0x0000000071200000-0x0000000071237000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\53b4dde3-ceef-4149-b63d-4b67cc36c3e9\GunaDotNetRT.dll
| MD5 | 9af5eb006bb0bab7f226272d82c896c7 |
| SHA1 | c2a5bb42a5f08f4dc821be374b700652262308f0 |
| SHA256 | 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db |
| SHA512 | 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a |
memory/4080-149-0x00000000734F0000-0x0000000073579000-memory.dmp
memory/4080-150-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-151-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-153-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-155-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-157-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-159-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-161-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-163-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-165-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-167-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-169-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-171-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-173-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-175-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-177-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-179-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-181-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-183-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-185-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-187-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-189-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-191-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-193-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-195-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-197-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-199-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-201-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-203-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-205-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-207-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-209-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-211-0x0000000007310000-0x0000000007558000-memory.dmp
memory/4080-217-0x0000000074AE0000-0x0000000075290000-memory.dmp
memory/4080-409-0x0000000006700000-0x0000000006710000-memory.dmp
memory/4080-478-0x0000000071200000-0x0000000071237000-memory.dmp