Overview

overview

10

Static

static

10

Luxury Shi...UI.dll

windows10-2004-x64

1

Luxury Shi...I2.dll

windows10-2004-x64

1

Luxury Shi...ge.exe

windows10-2004-x64

1

Luxury Shi...np.exe

windows10-2004-x64

10

Luxury Shi...ld.exe

windows10-2004-x64

7

Luxury Shi...on.dll

windows10-2004-x64

1

Luxury Shi...on.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    296s
  • max time network
    274s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-08-2023 00:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Luxury Shield/Luxury Shield.exe

  • Size

    6.1MB

  • MD5

    40955751ffb3df0dd4cef5728cb0a2c5

  • SHA1

    6219105ac9261fd9eedaf9eb103f2a856e43b4ba

  • SHA256

    07c5f5c6595f9ccb544b2d78677fce86084b1821474216a6d3d3241701d4692c

  • SHA512

    a9bf58a9ef3dbaf01fe42b00dbad3c0455dc9d2da78833a1c05bc98992722ed044d90529272dfaedb62d1c9d09b3336774b82015c74fdc9d1279596756639808

  • SSDEEP

    196608:nUJ5nwUlVzBvx4DkwjdtBC5U45+YXGJPVc9hC:UJhfBv67d/C6YXGJdc9hC

Score
7/10
agilenet

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 58 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Luxury Shield\Luxury Shield.exe
    "C:\Users\Admin\AppData\Local\Temp\Luxury Shield\Luxury Shield.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Users\Admin\AppData\Local\Temp\Luxury Shield\ILMerge.exe
      "C:\Users\Admin\AppData\Local\Temp\Luxury Shield\ILMerge.exe"
      2⤵
        PID:3408

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\53b4dde3-ceef-4149-b63d-4b67cc36c3e9\GunaDotNetRT.dll
      Filesize

      136KB

      MD5

      9af5eb006bb0bab7f226272d82c896c7

      SHA1

      c2a5bb42a5f08f4dc821be374b700652262308f0

      SHA256

      77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db

      SHA512

      7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\53b4dde3-ceef-4149-b63d-4b67cc36c3e9\GunaDotNetRT.dll
      Filesize

      136KB

      MD5

      9af5eb006bb0bab7f226272d82c896c7

      SHA1

      c2a5bb42a5f08f4dc821be374b700652262308f0

      SHA256

      77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db

      SHA512

      7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

      Download Submit

    • memory/1500-154-0x00000000038C0000-0x00000000038D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1500-172-0x0000000010790000-0x0000000010890000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1500-137-0x0000000003A30000-0x0000000003ACC000-memory.dmp

      Filesize

      624KB

      Download

    • memory/1500-138-0x00000000038C0000-0x00000000038D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1500-139-0x00000000072B0000-0x0000000007342000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1500-140-0x00000000064A0000-0x00000000064AA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1500-156-0x00000000746C0000-0x0000000074E70000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1500-142-0x0000000007810000-0x0000000007A5C000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/1500-135-0x00000000038C0000-0x00000000038D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1500-134-0x00000000038C0000-0x00000000038D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1500-151-0x00000000730A0000-0x0000000073129000-memory.dmp

      Filesize

      548KB

      Download

    • memory/1500-150-0x0000000070E50000-0x0000000070E87000-memory.dmp

      Filesize

      220KB

      Download

    • memory/1500-152-0x00000000038C0000-0x00000000038D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1500-153-0x000000000D760000-0x000000000D87A000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1500-174-0x0000000010790000-0x0000000010890000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1500-136-0x0000000005E30000-0x00000000063D4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1500-141-0x0000000007440000-0x0000000007496000-memory.dmp

      Filesize

      344KB

      Download

    • memory/1500-157-0x00000000038C0000-0x00000000038D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1500-133-0x00000000746C0000-0x0000000074E70000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1500-173-0x00000000038C0000-0x00000000038D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1500-155-0x000000000E480000-0x000000000E492000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1500-171-0x00000000038C0000-0x00000000038D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1500-163-0x00000000038C0000-0x00000000038D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1500-164-0x00000000038C0000-0x00000000038D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1500-166-0x000000000F9C0000-0x000000000FB46000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/1500-168-0x00000000038C0000-0x00000000038D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1500-169-0x0000000070E50000-0x0000000070E87000-memory.dmp

      Filesize

      220KB

      Download

    • memory/1500-170-0x00000000038C0000-0x00000000038D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3408-162-0x00007FFBF3E10000-0x00007FFBF47B1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3408-160-0x00007FFBF3E10000-0x00007FFBF47B1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3408-158-0x0000000000390000-0x000000000043C000-memory.dmp

      Filesize

      688KB

      Download

    • memory/3408-159-0x00007FFBF3E10000-0x00007FFBF47B1000-memory.dmp

      Filesize

      9.6MB

      Download