Analysis
-
max time kernel
34s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
20-08-2023 00:35
General
-
Target
Luxury Shield/Luxury Shield.exe
-
Size
6.1MB
-
MD5
40955751ffb3df0dd4cef5728cb0a2c5
-
SHA1
6219105ac9261fd9eedaf9eb103f2a856e43b4ba
-
SHA256
07c5f5c6595f9ccb544b2d78677fce86084b1821474216a6d3d3241701d4692c
-
SHA512
a9bf58a9ef3dbaf01fe42b00dbad3c0455dc9d2da78833a1c05bc98992722ed044d90529272dfaedb62d1c9d09b3336774b82015c74fdc9d1279596756639808
-
SSDEEP
196608:nUJ5nwUlVzBvx4DkwjdtBC5U45+YXGJPVc9hC:UJhfBv67d/C6YXGJdc9hC
Malware Config
Signatures
-
.NET Reactor proctector 2 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Loads dropped DLL 1 IoCs
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 20 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Luxury Shield\Luxury Shield.exe"C:\Users\Admin\AppData\Local\Temp\Luxury Shield\Luxury Shield.exe"1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Luxury Shield\ILMerge.exe"C:\Users\Admin\AppData\Local\Temp\Luxury Shield\ILMerge.exe"2⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
136KB
MD59af5eb006bb0bab7f226272d82c896c7
SHA1c2a5bb42a5f08f4dc821be374b700652262308f0
SHA25677dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA5127badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a
-
Filesize
136KB
MD59af5eb006bb0bab7f226272d82c896c7
SHA1c2a5bb42a5f08f4dc821be374b700652262308f0
SHA25677dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA5127badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
688KB
-
Filesize
256KB
-
Filesize
6.5MB
-
Filesize
220KB
-
Filesize
2.3MB
-
Filesize
256KB
-
Filesize
8.7MB
-
Filesize
256KB
-
Filesize
1.1MB
-
Filesize
408KB
-
Filesize
1024KB
-
Filesize
6.9MB
-
Filesize
392KB
-
Filesize
40KB
-
Filesize
152KB
-
Filesize
6.9MB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
512KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
6.5MB
-
Filesize
220KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
1024KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
4KB
-
Filesize
8KB