6110a33283f24fe23f2365e07960aa2c05f08f21a5bf6a5bc74daa9600f7398c

Analysis

max time kernel
135s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Maxon_App_2023.3.0_Win.exe
Size

35.8MB
MD5

119285143a51184d8839b37dc0dedc75
SHA1

6394ad3a0ff0f3b37198f05bcfeb424120ba4302
SHA256

6110a33283f24fe23f2365e07960aa2c05f08f21a5bf6a5bc74daa9600f7398c
SHA512

8814cf55d465a9448a8dcbb1c0b3296a4a0e6273eb5aa7f34eb6f4da2cc21928a291b6f00f83ad0fd9e566d7ef70b6bcd6b7cee17965752870f7396dd1b4175e
SSDEEP

786432:SZJZZeT26dSfOHB8EIdhaQ44+ThvqGRC38LkBDraTL+1u:IZa+Oh8jhT7+ThvqiC38uDOf+u

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation	Maxon_App_2023.3.0_Win.exe

Executes dropped EXE 1 IoCs

pid	Process
3392	Maxon App Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3392	Maxon App Installer.exe
3392	Maxon App Installer.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3392	Maxon App Installer.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 3392	2496	Maxon_App_2023.3.0_Win.exe	84
PID 2496 wrote to memory of 3392	2496	Maxon_App_2023.3.0_Win.exe	84

C:\Users\Admin\AppData\Local\Temp\Maxon_App_2023.3.0_Win.exe
"C:\Users\Admin\AppData\Local\Temp\Maxon_App_2023.3.0_Win.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Users\Admin\AppData\Local\Temp\7zS0C93F697\Maxon App Installer.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS0C93F697\Maxon App Installer.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS0C93F697\Maxon App Installer.exe

Filesize
2.7MB

MD5
59d0c1e1e568cab7b7f89057917db7ee

SHA1
0583af2ec22bece4a622e65c7429301cba41159e

SHA256
e6917107026ee82983291a3a2bc63063cdd9f3deaeaace444bb82c79017fb5c8

SHA512
0c5b2e9ff846dfed7536d890e40948441949c25fd6787aaae830ee79e77b757a9c1c9900d57cf5f62ba25d6e0d6283953897e820d0a7200538339b3782fa7f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C93F697\Maxon App Installer.exe

Filesize
2.7MB

MD5
59d0c1e1e568cab7b7f89057917db7ee

SHA1
0583af2ec22bece4a622e65c7429301cba41159e

SHA256
e6917107026ee82983291a3a2bc63063cdd9f3deaeaace444bb82c79017fb5c8

SHA512
0c5b2e9ff846dfed7536d890e40948441949c25fd6787aaae830ee79e77b757a9c1c9900d57cf5f62ba25d6e0d6283953897e820d0a7200538339b3782fa7f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C93F697\Maxon App Installer.exe

Filesize
2.7MB

MD5
59d0c1e1e568cab7b7f89057917db7ee

SHA1
0583af2ec22bece4a622e65c7429301cba41159e

SHA256
e6917107026ee82983291a3a2bc63063cdd9f3deaeaace444bb82c79017fb5c8

SHA512
0c5b2e9ff846dfed7536d890e40948441949c25fd6787aaae830ee79e77b757a9c1c9900d57cf5f62ba25d6e0d6283953897e820d0a7200538339b3782fa7f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C93F697\packages\com.redgiant.app.zip

Filesize
7.6MB

MD5
bbfedd6d8f3d1ed6bb695aba609487fd

SHA1
58ca54f1b2f5feb17fc0a093c0957a7448639d0a

SHA256
3f04349bc374c51106b2e771e675b4c060f9392cb5ae84d39d45509719c726de

SHA512
23e0fc1cee655bfb6a05ec96d9202fe303354ddf901ef996f1d3fb816075b92b9d2c527cb1e914b7a274d2ae5f8f13c610460dcd5e6987d6a5c59fc12f2e71d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C93F697\packages\com.redgiant.rguninstaller.zip

Filesize
308KB

MD5
da6fef923542885f1eba8296a2e806fa

SHA1
75140854a53a8e3e9f522fd481bbb38f90f81485

SHA256
720fc07342cb0bf896539af2f27a5e581e96e3b5fc4b3198adff3f1c26fceecd

SHA512
19b43c89f678bdc294787d0f728d76af32b35036d89774908f2ed28b3e9a0aa2e391d8efa50c4e82d038efaee887d45ab51e14586c78a6dc644cf73dbde06821

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C93F697\packages\com.redgiant.service.zip

Filesize
5.3MB

MD5
855a3a10546222a3b3819bff07a4be79

SHA1
59eb81b3bdaf0f59c2fd3bd174643d56288f3026

SHA256
a188b32fa42bca222dda8457d1f47f0a745c687a5e02545d0a6dd7100b2101ae

SHA512
25ee181ebe7f592112fa8c169a0c9beb2cb624dc220c19e7f51c08e6172961c5586e7b9323d4ba90cf9d7432ae1ac3b388cf74e44f6d882555b4d031dd1fc42f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C93F697\packages\com.redgiant.vcredist-x64-2012.zip

Filesize
6.7MB

MD5
636a2dcab19cf077072eb82422c70211

SHA1
176566d5613287b05f89976a12ab3b0e7a93dac4

SHA256
0f3c425fe8368ee87b5966d4c4debdc1b28162b0a4cbc1001def4aa701fe2cff

SHA512
e72732d94a05654de6f5ad866ff50654945eb47314ca4e3c48564c13501cdbd600402e2377b6a9d2fe91d4b72d7a9cfcc92a6a2882bcf63551c2cbb473eb4b5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C93F697\packages\com.redgiant.vcredist-x64-2019.zip

Filesize
14.0MB

MD5
529e9154a9992df78536d62ba637203a

SHA1
bdd60948a6356d5d4acc6951b53d8110b15ddc99

SHA256
a699d6a7770964f1581c5cbab31c7310acf9d0c7ebed64250174c876af20d750

SHA512
1842b9192d943a377ba5d8d3447f08b574777de618f627893b6f56da8e91208762c0852497739c4ca39407aa6b02fb6475616ae6f5d8d45d40dc843235b73553

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C93F697\packages\net.maxon.app.json

Filesize
354B

MD5
baa531042a2970b33a7e57500ca1ae3d

SHA1
2209348d32b20950fbd5e5f5b65822badc4946e7

SHA256
730cafd5e1757a67ded305cc3d1bea83bdce8f839cb9edd76308530f3f2f4495

SHA512
32efd416c3298c0225504db28ad8f78fead24204ac47554072af70e7db78284695d7d3f918de93f35e81090852c8d662dc19fd71580e3c153833df32658ff26b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C93F697\packages\net.maxon.mxnotify.zip

Filesize
410KB

MD5
26ab60db3eab4b47bb444a78e01e169f

SHA1
d9785925f99cefd4546382270333c27766bb9811

SHA256
6f2b2ce039f3c482df340022b7ee17275399580332fa6a1ef92c871925e99556

SHA512
2877d1b0984aeed5123f423281c497814493fa51e6fc8c0b60a34d51df06407b86023a928eade3a25fa16586489a90f5c5d44460e15add58f6e40361d8abbe9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C93F697\packages\net.maxon.mxredirect.zip

Filesize
316KB

MD5
9b0cac1b12750b524e0f234cfaf42f90

SHA1
dd297a10f1c4336719ee48bc97b0be5c5f9c19fe

SHA256
8f85749174fe5feae897ed5b0345b0abc45672fad7f56f96e81d183bb388128e

SHA512
8431d7c367fab1cfb54afd296651d3d96875a4357bf37d7f059da262e87575070faad9367a9075e66cafd3879338618eda6cc01eab4ca71bffde943ed8cabab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0C93F697\packages\net.maxon.neutrino.mswebview.installer.zip

Filesize
1.6MB

MD5
bfac6d8f79113bd8e52b22a15c492592

SHA1
f883da654db36639ab133579c838a2b3c2c4638b

SHA256
59b848202ad032489f9cf01ab0074dfb87aa91e18029289ca82c2166a0955095

SHA512
5dd097060cf27450d8a8bbaae5d6a12a210aed75605ff7c1dcdb41cd5d9bc6d5409c55a33cf04645df5c3b0b4625538416d8da596d6a764b3ad66021527482dc

Download Submit