Overview
overview
8Static
static
7780c349cb7...bd.exe
windows7-x64
7780c349cb7...bd.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$SYSDIR/Dr...RV.sys
windows7-x64
1$SYSDIR/Dr...RV.sys
windows10-2004-x64
1ArmAccess.dll
windows7-x64
1ArmAccess.dll
windows10-2004-x64
1License.html
windows7-x64
1License.html
windows10-2004-x64
1MCFUNC.dll
windows7-x64
1MCFUNC.dll
windows10-2004-x64
1MCHelp.chm
windows7-x64
1MCHelp.chm
windows10-2004-x64
1MaxCrypt2.exe
windows7-x64
8MaxCrypt2.exe
windows10-2004-x64
7MaxDelete.dll
windows7-x64
1MaxDelete.dll
windows10-2004-x64
1SysSrvc.exe
windows7-x64
1SysSrvc.exe
windows10-2004-x64
1Updates/update.exe
windows7-x64
1Updates/update.exe
windows10-2004-x64
1uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26/01/2024, 18:17
Behavioral task
behavioral1
Sample
780c349cb73328e1a1669101c49d70bd.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
780c349cb73328e1a1669101c49d70bd.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$SYSDIR/Drivers/MC2_NT_DRV.sys
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
$SYSDIR/Drivers/MC2_NT_DRV.sys
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
ArmAccess.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
ArmAccess.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
License.html
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral14
Sample
License.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
MCFUNC.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
MCFUNC.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
MCHelp.chm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
MCHelp.chm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
MaxCrypt2.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
MaxCrypt2.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
MaxDelete.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
MaxDelete.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
SysSrvc.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral24
Sample
SysSrvc.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Updates/update.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral26
Sample
Updates/update.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
uninst.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
uninst.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral30
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
General
-
Target
Updates/update.exe
-
Size
634KB
-
MD5
874d9aebc828f4917607f338c92112de
-
SHA1
af14252f3bb4f0aa0f34f05e0cb47aa7257f7ef6
-
SHA256
0b7b34a3f42fb1a78673e75ca9c787ce3158f8156326df02a3809073ef483994
-
SHA512
94b7d575ee2859841823343dfe5c9c122a7a3b554937b135c0301965735c08c442b6cb42910d7f7b79542b07faa47188e38ebab1ede32438d1a1f458fd65e768
-
SSDEEP
12288:+jNQkvgZ9NekP920NtaxnBNNFEoCRiICLid2Kja4g3nwCCKF:+xQOgZe2nNWBNYoAumoOa4UwE
Malware Config
Signatures
-
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe 2316 update.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2316 update.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
404B
MD511f5c920ae525a63a74a2a33b43d457e
SHA1c331fce7161e318458ba07e4861562bfc854b726
SHA256b60b0e98d13004edad048fa8cdc6a2f5e1f542c506addb41135b370beae9a7a0
SHA5122d69e138aec742f0e874b8be31152a8f34c03fef858f7151a24dab8e04eec05737916003584f75fe19251b8693cf49c891ae9976f29680931c1e0616b8f57ed7