b5995f5a29276a920facbb76b65bc50bc95f5e71ffd8d7fb396515ed13f21716

Analysis

max time kernel
240s
max time network
297s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
12/11/2023, 17:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Silent.cmd
Size

12B
MD5

b5bd9c610cfa992abe5be79853c4366e
SHA1

6a39ed56c06f430d05d6388b4e2c78d73e3843ff
SHA256

2c4dfb3e8496e059ac2dee560e230f50063c110253b4b4bd61cd63bba04b76de
SHA512

449864a964c0269cd5f9b6b2629cfac78219d74ffb8ba00decd5a4d56633f63f9d3e8adcd13d1c9be93a873ca04b46c4410d4f98f8463e3b593d8554a8c45f4c

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral7/files/0x000b000000012273-5.dat	acprotect
behavioral7/files/0x000b000000012273-8.dat	acprotect
behavioral7/files/0x000b000000012273-10.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
1388	Start11Srv.exe

Loads dropped DLL 3 IoCs

pid	Process
2540	Setup.exe
2540	Setup.exe
2540	Setup.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral7/files/0x000b000000012273-5.dat	upx
behavioral7/files/0x000b000000012273-8.dat	upx
behavioral7/files/0x000b000000012273-10.dat	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Stardock\Start11\S11Search64.exe	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Start10Config.exe	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\25.lnk	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Marble_x2.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Start2.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\S11Search.exe	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\30.lnk	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Jeans_x2.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\24.lnk	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\5.lnk	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\6.lnk	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Grunge Stone 02_x2.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Rusty Metal Grid_x2.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Launch.exe	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\20.lnk	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\el.lng	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\ko.lng	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Metallic_x2.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Arsenic Orb.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Flow Large.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Large Angle Stripes_x2.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 01.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 03.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\defs2.ini	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Fabric_x2.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Flow.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Start8 Logo Large.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Marble_x2.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Metal Grid_x2.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\21.lnk	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Element Large.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\steam_api.dll	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\1.lnk	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\10.lnk	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Start8.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Triangle Two.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\zip.exe	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Rock_x2.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Rust_x2.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe.config	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Dark Wood_x1.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Echo.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\StartButtons\Start5.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\de.lng	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\DeElevator.dll	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Start10tweak.exe	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\9.lnk	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Taskbar Grid 05.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\pt-br.lng	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\ru.lng	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\DeElevate.exe	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\SdDisplay.exe	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Start10.exe	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Start11Config.exe	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\GroupPolicy\start8_gp.admx	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\GroupPolicy\en-us\start8_gp.adml	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Links\4.lnk	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\TaskbarTextures\Old Wood_x2.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\DeElevator64.dll	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\Default.spak	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Corroded_x2.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Metal Grid_x2.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\MenuTextures\Wood_x1.png	Setup.exe
File created	C:\Program Files (x86)\Stardock\Start11\lang\en-us.lng	Setup.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\womtrust.dll	Setup.exe
File created	C:\Windows\wontrust.dll	Setup.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2540	Setup.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2540	2884	cmd.exe	29
PID 2884 wrote to memory of 2540	2884	cmd.exe	29
PID 2884 wrote to memory of 2540	2884	cmd.exe	29
PID 2884 wrote to memory of 2540	2884	cmd.exe	29
PID 2884 wrote to memory of 2540	2884	cmd.exe	29
PID 2884 wrote to memory of 2540	2884	cmd.exe	29
PID 2884 wrote to memory of 2540	2884	cmd.exe	29
PID 2540 wrote to memory of 1388	2540	Setup.exe	30
PID 2540 wrote to memory of 1388	2540	Setup.exe	30
PID 2540 wrote to memory of 1388	2540	Setup.exe	30
PID 2540 wrote to memory of 1388	2540	Setup.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Silent.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Users\Admin\AppData\Local\Temp\Setup.exe
  Setup.exe /S
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe
    "C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe" -install
    3⤵
    - Executes dropped EXE
    PID:1388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe

Filesize
244KB

MD5
66e11ddb1adf96c8ba9351f6fe59fea7

SHA1
99e30443af0e90ce98cbbaf2c1ff3d746978f633

SHA256
04d2bbf6a7216b306b13f3dc49dfb0fcda127df2bd472779e5851147c1f78185

SHA512
8d2c76bfd5304a83277a8d155308fb8d6d99123962a0659a4c5c64ebe57dec28466c9335649831f1b1de43b571f2422a54b139d7e134cc1c53515c254a0b61a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspE976.tmp\md5dll.dll

Filesize
6KB

MD5
7059f133ea2316b9e7e39094a52a8c34

SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802

SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f

SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51

Download Submit
\Program Files (x86)\Stardock\Start11\Start11Srv.exe

Filesize
244KB

MD5
66e11ddb1adf96c8ba9351f6fe59fea7

SHA1
99e30443af0e90ce98cbbaf2c1ff3d746978f633

SHA256
04d2bbf6a7216b306b13f3dc49dfb0fcda127df2bd472779e5851147c1f78185

SHA512
8d2c76bfd5304a83277a8d155308fb8d6d99123962a0659a4c5c64ebe57dec28466c9335649831f1b1de43b571f2422a54b139d7e134cc1c53515c254a0b61a0

Download Submit
\Users\Admin\AppData\Local\Temp\nspE976.tmp\md5dll.dll

Filesize
6KB

MD5
7059f133ea2316b9e7e39094a52a8c34

SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802

SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f

SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51

Download Submit
\Users\Admin\AppData\Local\Temp\nspE976.tmp\md5dll.dll

Filesize
6KB

MD5
7059f133ea2316b9e7e39094a52a8c34

SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802

SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f

SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51

Download Submit
memory/2540-15-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/2540-16-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/2540-191-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/2540-192-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download