4ded255e332b6d3eb2aa0330e3363b49ca9208c55fb57c310499b5a78783e3f0

Analysis

max time kernel
1800s
max time network
1594s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
24/02/2024, 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CS1.6_NextClient_resursecs16ro_v2.3.2.exe
Size

247.5MB
MD5

b7780091ced26cb88bd271a1c3411eae
SHA1

fcec5e81fd3ae5cd99f2bafae937647410e26ad8
SHA256

4ded255e332b6d3eb2aa0330e3363b49ca9208c55fb57c310499b5a78783e3f0
SHA512

886760201e425575d3baeb3a1ba62843bbaca56c7dd38550d8ecaeb97c5ffb03af1fb38068a8160382208035688f21a4023df1e53185eec2a6c6f9be615ca6fd
SSDEEP

6291456:lo3+L6FaK214isYEZjmnrVDYIHx+JzGdqRjiLCckI8i:lo3+uFaK21T5nr5p86qVcRF

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000600000001abfc-163.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2204	CS1.6_NextClient_resursecs16ro_v2.3.2.tmp

Loads dropped DLL 5 IoCs

pid	Process
2204	CS1.6_NextClient_resursecs16ro_v2.3.2.tmp
2204	CS1.6_NextClient_resursecs16ro_v2.3.2.tmp
2204	CS1.6_NextClient_resursecs16ro_v2.3.2.tmp
2204	CS1.6_NextClient_resursecs16ro_v2.3.2.tmp
2204	CS1.6_NextClient_resursecs16ro_v2.3.2.tmp

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2204-168-0x00000000052B0000-0x00000000052E1000-memory.dmp	upx
behavioral1/files/0x000600000001abfc-163.dat	upx
behavioral1/memory/2204-179-0x00000000052B0000-0x00000000052E1000-memory.dmp	upx

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	3	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2204	CS1.6_NextClient_resursecs16ro_v2.3.2.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 2204	5116	CS1.6_NextClient_resursecs16ro_v2.3.2.exe	73
PID 5116 wrote to memory of 2204	5116	CS1.6_NextClient_resursecs16ro_v2.3.2.exe	73
PID 5116 wrote to memory of 2204	5116	CS1.6_NextClient_resursecs16ro_v2.3.2.exe	73

C:\Users\Admin\AppData\Local\Temp\CS1.6_NextClient_resursecs16ro_v2.3.2.exe
"C:\Users\Admin\AppData\Local\Temp\CS1.6_NextClient_resursecs16ro_v2.3.2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Users\Admin\AppData\Local\Temp\is-28F8B.tmp\CS1.6_NextClient_resursecs16ro_v2.3.2.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-28F8B.tmp\CS1.6_NextClient_resursecs16ro_v2.3.2.tmp" /SL5="$300DE,258527659,783872,C:\Users\Admin\AppData\Local\Temp\CS1.6_NextClient_resursecs16ro_v2.3.2.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-28F8B.tmp\CS1.6_NextClient_resursecs16ro_v2.3.2.tmp

Filesize
2.5MB

MD5
1caa72a22046894675ecc90580a9995c

SHA1
bec86e697ef79ce267ae852338d9f5667ca906a4

SHA256
a0f121b1273754061d134e68399cecd48fcff085bb135b0f666927e9d820ed0e

SHA512
3627c6adb955a5148bb80d59f12ad6ae453a806a01b4920734050c0e7f93ba7f1b8a678e2749d87b371e994036bad97c4329b46621039e2b9664b1a15667089b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-R53OF.tmp\cs.png

Filesize
10KB

MD5
841ed556044bda914a5b32cd7b0f6b52

SHA1
a6a9864530abadcb70631e00613173dcd2daf1c8

SHA256
8084cf13740debcea08ec69e5d396b9927844b0cbd1ebd074d7a4cdec09103bb

SHA512
438a33d90480fdcf1cb757529927b7601f4304e5406cfb995f3ded550e784e9751eefb3069bd891aa3c28a38a8e4798054797f43a72e619cacc8cc77317496ba

Download Submit
\Users\Admin\AppData\Local\Temp\is-R53OF.tmp\ISSkinU.dll

Filesize
385KB

MD5
7d9087c4e2f9ab2db78a46ab52a7f360

SHA1
15624c6e5ae4b2689a6975a8faf9f0efbd940b7d

SHA256
ff1374abd93690f5e6e591bae23b49aacc8bbe8b7b05b539ec8aee755070a0e3

SHA512
70375fe15072531de481a0ff95473fa152178d2fd5f0610712cd4fd63ed9da9a40c669442021c23937465ee1e81c39e38332444f10463b5a4fda2048ec4f1d5a

Download Submit
\Users\Admin\AppData\Local\Temp\is-R53OF.tmp\isgsg.dll

Filesize
34KB

MD5
09974eaff6defadde38b1328754dbe09

SHA1
001cfb5514444188e455b97acc369f037079ca9d

SHA256
9eeef28d82fc4db7d1269dfbc0ea282768ce5e2e4e4bdc867d80d6847468dca7

SHA512
da29b01ebebb454c004420c6b29bb8dca9fb50554a7a5db30035a5ec458d766049bf5502f708bf7eb210a4f9cbdb308cc0c8dcdad9f745b01a9e4f1455bbc846

Download Submit
\Users\Admin\AppData\Local\Temp\is-R53OF.tmp\steam.cjstyles

Filesize
413KB

MD5
6f6c35b7edf1d7f6fde264a828cc17df

SHA1
6a613d881a995801ad156d0f0901c2fa617e1d70

SHA256
bd371be89f5997694a224e8ff7121f0f6aa8893f31ab5bee7b6a3c32fb31d96a

SHA512
ce42315cce4d64d1fb8d5897b722c275ab46f36af93c3ca7db898cf508096c525f70d38ac2181960818dfe8b323d6ccd4a55d47f65eb0f8955a2b133ec2e3b5d

Download Submit
memory/2204-47-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2204-51-0x0000000074640000-0x00000000746B8000-memory.dmp

Filesize
480KB

Download
memory/2204-17-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2204-18-0x00000000757C0000-0x0000000075837000-memory.dmp

Filesize
476KB

Download
memory/2204-46-0x0000000073EB0000-0x0000000073FE3000-memory.dmp

Filesize
1.2MB

Download
memory/2204-20-0x00000000757C0000-0x0000000075837000-memory.dmp

Filesize
476KB

Download
memory/2204-21-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2204-22-0x00000000757C0000-0x0000000075837000-memory.dmp

Filesize
476KB

Download
memory/2204-23-0x0000000075080000-0x00000000750A5000-memory.dmp

Filesize
148KB

Download
memory/2204-24-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2204-26-0x0000000075080000-0x00000000750A5000-memory.dmp

Filesize
148KB

Download
memory/2204-25-0x00000000757C0000-0x0000000075837000-memory.dmp

Filesize
476KB

Download
memory/2204-28-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2204-27-0x0000000074060000-0x000000007408E000-memory.dmp

Filesize
184KB

Download
memory/2204-29-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2204-30-0x0000000075080000-0x00000000750A5000-memory.dmp

Filesize
148KB

Download
memory/2204-31-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2204-32-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2204-33-0x0000000077A90000-0x0000000077B7F000-memory.dmp

Filesize
956KB

Download
memory/2204-34-0x0000000075E50000-0x0000000077198000-memory.dmp

Filesize
19.3MB

Download
memory/2204-35-0x0000000075670000-0x0000000075761000-memory.dmp

Filesize
964KB

Download
memory/2204-36-0x0000000074700000-0x000000007490E000-memory.dmp

Filesize
2.1MB

Download
memory/2204-37-0x0000000073EB0000-0x0000000073FE3000-memory.dmp

Filesize
1.2MB

Download
memory/2204-38-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2204-39-0x0000000077A90000-0x0000000077B7F000-memory.dmp

Filesize
956KB

Download
memory/2204-40-0x00000000775C0000-0x0000000077719000-memory.dmp

Filesize
1.3MB

Download
memory/2204-41-0x00000000777F0000-0x0000000077835000-memory.dmp

Filesize
276KB

Download
memory/2204-42-0x0000000075E50000-0x0000000077198000-memory.dmp

Filesize
19.3MB

Download
memory/2204-43-0x0000000075670000-0x0000000075761000-memory.dmp

Filesize
964KB

Download
memory/2204-44-0x0000000074700000-0x000000007490E000-memory.dmp

Filesize
2.1MB

Download
memory/2204-45-0x0000000074640000-0x00000000746B8000-memory.dmp

Filesize
480KB

Download
memory/2204-5-0x0000000000B20000-0x0000000000B21000-memory.dmp

Filesize
4KB

Download
memory/2204-19-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2204-16-0x00000000757C0000-0x0000000075837000-memory.dmp

Filesize
476KB

Download
memory/2204-73-0x0000000074640000-0x00000000746B8000-memory.dmp

Filesize
480KB

Download
memory/2204-48-0x0000000077A90000-0x0000000077B7F000-memory.dmp

Filesize
956KB

Download
memory/2204-52-0x0000000073EB0000-0x0000000073FE3000-memory.dmp

Filesize
1.2MB

Download
memory/2204-53-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2204-50-0x0000000074700000-0x000000007490E000-memory.dmp

Filesize
2.1MB

Download
memory/2204-54-0x0000000077A90000-0x0000000077B7F000-memory.dmp

Filesize
956KB

Download
memory/2204-55-0x0000000075E50000-0x0000000077198000-memory.dmp

Filesize
19.3MB

Download
memory/2204-56-0x0000000074700000-0x000000007490E000-memory.dmp

Filesize
2.1MB

Download
memory/2204-57-0x0000000075080000-0x00000000750A5000-memory.dmp

Filesize
148KB

Download
memory/2204-58-0x0000000074640000-0x00000000746B8000-memory.dmp

Filesize
480KB

Download
memory/2204-60-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2204-61-0x0000000077A90000-0x0000000077B7F000-memory.dmp

Filesize
956KB

Download
memory/2204-59-0x0000000073EB0000-0x0000000073FE3000-memory.dmp

Filesize
1.2MB

Download
memory/2204-62-0x0000000075E50000-0x0000000077198000-memory.dmp

Filesize
19.3MB

Download
memory/2204-65-0x0000000073EB0000-0x0000000073FE3000-memory.dmp

Filesize
1.2MB

Download
memory/2204-63-0x0000000074700000-0x000000007490E000-memory.dmp

Filesize
2.1MB

Download
memory/2204-66-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2204-64-0x0000000074640000-0x00000000746B8000-memory.dmp

Filesize
480KB

Download
memory/2204-67-0x0000000077A90000-0x0000000077B7F000-memory.dmp

Filesize
956KB

Download
memory/2204-68-0x00000000775C0000-0x0000000077719000-memory.dmp

Filesize
1.3MB

Download
memory/2204-69-0x00000000777F0000-0x0000000077835000-memory.dmp

Filesize
276KB

Download
memory/2204-70-0x0000000075E50000-0x0000000077198000-memory.dmp

Filesize
19.3MB

Download
memory/2204-71-0x0000000075670000-0x0000000075761000-memory.dmp

Filesize
964KB

Download
memory/2204-49-0x0000000075E50000-0x0000000077198000-memory.dmp

Filesize
19.3MB

Download
memory/2204-74-0x0000000074610000-0x0000000074633000-memory.dmp

Filesize
140KB

Download
memory/2204-75-0x0000000073EB0000-0x0000000073FE3000-memory.dmp

Filesize
1.2MB

Download
memory/2204-76-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/2204-72-0x0000000074700000-0x000000007490E000-memory.dmp

Filesize
2.1MB

Download
memory/2204-77-0x0000000075E50000-0x0000000077198000-memory.dmp

Filesize
19.3MB

Download
memory/2204-168-0x00000000052B0000-0x00000000052E1000-memory.dmp

Filesize
196KB

Download
memory/2204-177-0x0000000000B20000-0x0000000000B21000-memory.dmp

Filesize
4KB

Download
memory/2204-179-0x00000000052B0000-0x00000000052E1000-memory.dmp

Filesize
196KB

Download
memory/5116-0-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/5116-176-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download