Overview
overview
7Static
static
7ASM-Guard/....1.exe
windows7-x64
7ASM-Guard/....1.exe
windows10-2004-x64
7AsStrongAs...ck.exe
windows7-x64
1AsStrongAs...ck.exe
windows10-2004-x64
1AsStrongAs...ib.dll
windows7-x64
1AsStrongAs...ib.dll
windows10-2004-x64
1CryptoObfu...or.exe
windows7-x64
1CryptoObfu...or.exe
windows10-2004-x64
7DotNetPatc...er.exe
windows7-x64
7DotNetPatc...er.exe
windows10-2004-x64
7DotNetPatc...er.dll
windows7-x64
1DotNetPatc...er.dll
windows10-2004-x64
1DotNetPatc...er.dll
windows7-x64
1DotNetPatc...er.dll
windows10-2004-x64
1DotNetPatc...ns.dll
windows7-x64
1DotNetPatc...ns.dll
windows10-2004-x64
1DotNetPatc...me.dll
windows7-x64
1DotNetPatc...me.dll
windows10-2004-x64
1DotNetPatc...ks.dll
windows7-x64
1DotNetPatc...ks.dll
windows10-2004-x64
1DotNetPatc...il.dll
windows7-x64
1DotNetPatc...il.dll
windows10-2004-x64
1DotNetPatc...ib.dll
windows7-x64
1DotNetPatc...ib.dll
windows10-2004-x64
1DotNetPatc...ib.dll
windows7-x64
1DotNetPatc...ib.dll
windows10-2004-x64
1DotNetPatc...ib.dll
windows7-x64
1DotNetPatc...ib.dll
windows10-2004-x64
1NET Reacto...t.html
windows7-x64
1NET Reacto...t.html
windows10-2004-x64
1NET Reacto...LP.exe
windows7-x64
4NET Reacto...LP.exe
windows10-2004-x64
5Analysis
-
max time kernel
140s -
max time network
174s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2023, 09:49
Behavioral task
behavioral1
Sample
ASM-Guard/ASM.Guard.2.9.1.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
ASM-Guard/ASM.Guard.2.9.1.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral3
Sample
AsStrongAsFuck/AsStrongAsFuck.exe
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
AsStrongAsFuck/AsStrongAsFuck.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral5
Sample
AsStrongAsFuck/dnlib.dll
Resource
win7-20230831-en
Behavioral task
behavioral6
Sample
AsStrongAsFuck/dnlib.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral7
Sample
CryptoObfuscator/CryptoObfuscator.exe
Resource
win7-20230831-en
Behavioral task
behavioral8
Sample
CryptoObfuscator/CryptoObfuscator.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral9
Sample
DotNetPatcher4.6.6.7/DotNetPatcher.exe
Resource
win7-20230831-en
Behavioral task
behavioral10
Sample
DotNetPatcher4.6.6.7/DotNetPatcher.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral11
Sample
DotNetPatcher4.6.6.7/Helper.dll
Resource
win7-20230831-en
Behavioral task
behavioral12
Sample
DotNetPatcher4.6.6.7/Helper.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral13
Sample
DotNetPatcher4.6.6.7/Implementer.dll
Resource
win7-20230831-en
Behavioral task
behavioral14
Sample
DotNetPatcher4.6.6.7/Implementer.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral15
Sample
DotNetPatcher4.6.6.7/Injections.dll
Resource
win7-20230831-en
Behavioral task
behavioral16
Sample
DotNetPatcher4.6.6.7/Injections.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral17
Sample
DotNetPatcher4.6.6.7/LoginTheme.dll
Resource
win7-20230831-en
Behavioral task
behavioral18
Sample
DotNetPatcher4.6.6.7/LoginTheme.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral19
Sample
DotNetPatcher4.6.6.7/Mono.Cecil.Rocks.dll
Resource
win7-20230831-en
Behavioral task
behavioral20
Sample
DotNetPatcher4.6.6.7/Mono.Cecil.Rocks.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral21
Sample
DotNetPatcher4.6.6.7/Mono.Cecil.dll
Resource
win7-20230831-en
Behavioral task
behavioral22
Sample
DotNetPatcher4.6.6.7/Mono.Cecil.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral23
Sample
DotNetPatcher4.6.6.7/SevenzipLib.dll
Resource
win7-20230831-en
Behavioral task
behavioral24
Sample
DotNetPatcher4.6.6.7/SevenzipLib.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral25
Sample
DotNetPatcher4.6.6.7/Vestris.ResourceLib.dll
Resource
win7-20230831-en
Behavioral task
behavioral26
Sample
DotNetPatcher4.6.6.7/Vestris.ResourceLib.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral27
Sample
DotNetPatcher4.6.6.7/dnlib.dll
Resource
win7-20230831-en
Behavioral task
behavioral28
Sample
DotNetPatcher4.6.6.7/dnlib.dll
Resource
win10v2004-20230915-en
Behavioral task
behavioral29
Sample
NET Reactor v6.9.0.0_fu11/Help/License Agreement.html
Resource
win7-20230831-en
Behavioral task
behavioral30
Sample
NET Reactor v6.9.0.0_fu11/Help/License Agreement.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral31
Sample
NET Reactor v6.9.0.0_fu11/Help/REACTOR_HELP.exe
Resource
win7-20230831-en
Behavioral task
behavioral32
Sample
NET Reactor v6.9.0.0_fu11/Help/REACTOR_HELP.exe
Resource
win10v2004-20230915-en
General
-
Target
CryptoObfuscator/CryptoObfuscator.exe
-
Size
13.2MB
-
MD5
9b3604701295001c27febda4ede73773
-
SHA1
25ce96ee0ca0002f49b8541036568a20b1cd273d
-
SHA256
aec6c22c784989b03b7dc6c11e0bf6ab4d64e09f25823b60c1d62be551c223b4
-
SHA512
652eb8869fed99b32414e818a1be04786c003359ce6d425e56e0eb254fab0cc91b27278da2579c12300f26602e3b0d5ec3d0f905eb8adb58d6e98c57c817d2f1
-
SSDEEP
393216:RqaA3LtpfnVkUcmwH0hr528lRMCpYRG8:LA3Lnfnmgrs8lmAYG
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2952 CryptoObfuscator.exe -
Suspicious behavior: EnumeratesProcesses 34 IoCs
pid Process 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe 2952 CryptoObfuscator.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2952 CryptoObfuscator.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
67KB
MD58b003c3f98f8d08968ac5d3c1cc90a60
SHA168f8d418638a81839a2ad665909916cda8efe625
SHA256d52a9c53f510237a194211aa3dc7d0f22f80fcc0593d9d77e0827ba6681b47e9
SHA512429e97c74b8e45a43d09618972f04ba46a8075867a631543eb7b7cbbb55a719cbe2e0412f3b63b989741e3807d733b2a6f3ecb735278adc5e734e18e297c4015