Overview

overview

7

Static

static

3

Deluxe_Syn...ze.exe

windows7-x64

7

Deluxe_Syn...ze.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    177s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    17/11/2023, 12:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Deluxe_Synchronize.exe

  • Size

    4.5MB

  • MD5

    b58a9bc9b609042051a647f6544a7b20

  • SHA1

    e6d212dccc03ae4e4657c60aa8e3ea94d83c85e1

  • SHA256

    fe4b3993120d4a06c43423d8bdcba075464e035c094bbb922adecb48055263df

  • SHA512

    95877a7ca098808a58ee8e2f639925eb5bcebcc1c2b517e41512c7c1639bbe2b7bfb7110ecc94c22bb81b18c4c05dd674aea18529343a0a711a77759a872b098

  • SSDEEP

    98304:pxm3SibLcCMPHvHKM0Bo7JAGeI8VEHpjPyFlKXldmDtnz6:pILcrPyYJWqHtyFoldmDpz6

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 1 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Deluxe_Synchronize.exe
    "C:\Users\Admin\AppData\Local\Temp\Deluxe_Synchronize.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Suspicious use of WriteProcessMemory
    PID:2652
    • C:\Windows\SysWOW64\setup16.exe
      F:\msdownld.tmp\IXP000.TMP\setup.exe -m "F:\msdownld.tmp\IXP000.TMP\setup.exe"
      2⤵
      • Enumerates connected drives
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2776
      • F:\~MSSETUP.T\~msstfqf.t\acmsetup.exe
        F:\~MSSETUP.T\~msstfqf.t\acmsetup /T setup.stf /S F:\msdownld.tmp\IXP000.TMP\
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Modifies registry class
        PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • F:\msdownld.tmp\IXP000.TMP\SETUP1.CAB
    Filesize

    4.4MB

    MD5

    791506dacb494385a3d7a29c2855fb8c

    SHA1

    79ad2fe0367c04666868ce7b21ff0e51d2e64894

    SHA256

    c1dccb460b24ba077d4ebea867ed03618184a63dbecdc4f6c239a0945363ea7b

    SHA512

    a07f3c86a1f4fb420b87d6d35344c412477be0fe5dce8ac69b2d0b32a19ff4ceef2fe02f85c0b2045f03245bc8e71cb710c6a8f4ebd261702d4fc88f1fb16eee

    Download Submit

  • F:\msdownld.tmp\IXP000.TMP\setup.LST
    Filesize

    1KB

    MD5

    8463d19c049228a98ffdae4c053b3ae6

    SHA1

    029d3dd65bf96f9cb538841b9649ee3d45c7bba5

    SHA256

    a6519630e3a75a760677b502c0225b86832a251e6bd694abcc7b408ee2bd1a10

    SHA512

    16a6c1866d6f0fb6ad677bd2f4f9fe24b4f606c6a78f20a100cbfc252b94169d5630d9d5ff5dff43204fb03afb252e9bb942656e38695ef6e7e02ce3215d680a

    Download Submit

  • F:\msdownld.tmp\IXP000.TMP\setup.exe
    Filesize

    72KB

    MD5

    575436cb236e86d0f4e932c76a317019

    SHA1

    c0e259ab69c43dc07831a401890c4c7d83a51b37

    SHA256

    960e235a299af4f1c961c33ab353932163b374938b4976ce83af044a151de281

    SHA512

    13c2d5682b4800178150111b0e112606bdafbe885165f89b6512f6f739fba2a7da4a7b82a53f6562f3065c2c6c6e024d1025557ba2d24a69833a9295594eb8a7

    Download Submit

  • F:\msdownld.tmp\IXP000.TMP\setup.inf
    Filesize

    1KB

    MD5

    84ffc665e2002ab05deb6a6f2d69d44a

    SHA1

    f9f83d37278d86e495da85209569960343c91714

    SHA256

    34dfe3db4a0f5998121b4a78838ac3f943689029d5d0d3b06ea2adbe12cc917f

    SHA512

    0539190787f1c04371b3877010fe83ad6b4342387e9abd89414156690460348a2ec1a5ab9c4ebf3fe8d3f6d751502faa71ac99b8526394df058cea3ef0b28996

    Download Submit

  • F:\msdownld.tmp\IXP000.TMP\setup.stf
    Filesize

    1KB

    MD5

    eb240d9f28542dc0cc7ccc0035b8f148

    SHA1

    84297557b44045c509bf00e37db4d8193f82f565

    SHA256

    259674b8af101dc75303d17c76a118a2048861bb8374a0caa20503c09061ce24

    SHA512

    1bd1e937f661f32bfe2ae4cab03228bc0235b94369a6cd6833fbf4163de836b49e4eadb04b81c553dbfff3bad8283d0fc6081dd807c572a712512d929dd6f5dd

    Download Submit

  • F:\~MSSETUP.T\~msstfqf.t\MSSETUP.dll
    Filesize

    280KB

    MD5

    077b1c94a0935d975ecd765fe6b99d98

    SHA1

    7973e2d7ccecca1bdcc2d0f678dbd84c46ed2486

    SHA256

    f11e250de4de2040821cc883fccdc1f9407f69358d1213698d6fb6c9bd123115

    SHA512

    9acd3ec7d0cf918a96ace80658226b3245dc4a7329159f4c359fd460bd40f12050639d246f0fdb3b0e5359a1fea861bea7db8a85e4767825103f513ff9adf346

    Download Submit

  • F:\~MSSETUP.T\~msstfqf.t\_MSSETUP._Q_
    Filesize

    634B

    MD5

    dfcb51bb83408248b56d0871d7b0092e

    SHA1

    1c63799c0605c56f4d1b1c88256a9f5121424b97

    SHA256

    5468cca64f1a5a0e39c37d058a6f8215b657b64f18e5998fec06ca93a45f5ef0

    SHA512

    c9e145a1f766c2031a5fc86c4335dd072010e7a57c95bb76020222ae69bf804538c32b43b637a5004eeb8999c3a9bde7418ab436ab3829a1d10bbdc92140f556

    Download Submit

  • F:\~MSSETUP.T\~msstfqf.t\_MSSETUP._Q_
    Filesize

    634B

    MD5

    dfcb51bb83408248b56d0871d7b0092e

    SHA1

    1c63799c0605c56f4d1b1c88256a9f5121424b97

    SHA256

    5468cca64f1a5a0e39c37d058a6f8215b657b64f18e5998fec06ca93a45f5ef0

    SHA512

    c9e145a1f766c2031a5fc86c4335dd072010e7a57c95bb76020222ae69bf804538c32b43b637a5004eeb8999c3a9bde7418ab436ab3829a1d10bbdc92140f556

    Download Submit

  • F:\~MSSETUP.T\~msstfqf.t\acmsetup.exe
    Filesize

    372KB

    MD5

    94a734d174eb1409437cdc43b26eacd4

    SHA1

    a00a8192706b9476aa8b411d5319d055bad24630

    SHA256

    7dca1e174d0768f8d039ce4d2e181245636b3728ac556d5a786cfaf7daada097

    SHA512

    bc44b0b87e85a8e921474564ce8ea8610b94ed34a7d31ccc9732a918e19e2ee8aac730bc1fb2a4c0b831ce82500c3b0a4a6297466aac6668e85b6bf3865eb0e6

    Download Submit

  • F:\~MSSETUP.T\~msstfqf.t\acmsetup.exe
    Filesize

    372KB

    MD5

    94a734d174eb1409437cdc43b26eacd4

    SHA1

    a00a8192706b9476aa8b411d5319d055bad24630

    SHA256

    7dca1e174d0768f8d039ce4d2e181245636b3728ac556d5a786cfaf7daada097

    SHA512

    bc44b0b87e85a8e921474564ce8ea8610b94ed34a7d31ccc9732a918e19e2ee8aac730bc1fb2a4c0b831ce82500c3b0a4a6297466aac6668e85b6bf3865eb0e6

    Download Submit

  • F:\~MSSETUP.T\~msstfqf.t\setup.stf
    Filesize

    1KB

    MD5

    eb240d9f28542dc0cc7ccc0035b8f148

    SHA1

    84297557b44045c509bf00e37db4d8193f82f565

    SHA256

    259674b8af101dc75303d17c76a118a2048861bb8374a0caa20503c09061ce24

    SHA512

    1bd1e937f661f32bfe2ae4cab03228bc0235b94369a6cd6833fbf4163de836b49e4eadb04b81c553dbfff3bad8283d0fc6081dd807c572a712512d929dd6f5dd

    Download Submit

  • memory/2908-72-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download