405afe98393ff3e1bbf9ee11bca78a6260d964d313c77bc088ee658e20f5e06c

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 14:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Maxon_App_2024.1.1_Win.exe
Size

42.8MB
MD5

9d6bff2664275db5a5563904126024f8
SHA1

a04fd43cf5da016f2a2d3a91015f677db5bf353a
SHA256

405afe98393ff3e1bbf9ee11bca78a6260d964d313c77bc088ee658e20f5e06c
SHA512

98b8c56f6813e5c524c0d21d2d2ab42d39e608ddcb1e65b54ff684bb506dbd937753cb8200cce2581ee5dd1e36a559924175a40b641e56fa0479c868d395c5c1
SSDEEP

786432:+P85CCP/tTWaoKptj3ZkJqtLjmX01qKzqZdqHTgxXU2fHUb4VECJ:VLPVTWaoKptj3ZkctLE8sigxTvEC

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Maxon_App_2024.1.1_Win.exe

Loads dropped DLL 14 IoCs

pid	Process
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Maxon_App_2024.1.1_Win.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Maxon_App_2024.1.1_Win.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Maxon_App_2024.1.1_Win.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe
2292	Maxon_App_2024.1.1_Win.exe

C:\Users\Admin\AppData\Local\Temp\Maxon_App_2024.1.1_Win.exe
"C:\Users\Admin\AppData\Local\Temp\Maxon_App_2024.1.1_Win.exe"
1⤵
- Checks whether UAC is enabled
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\BRL000008f4\BR1CD4.tmp

Filesize
128KB

MD5
1ebc6771762f78019131c13039e82932

SHA1
37c57dbdce9530f5e1f230c211bee78a6c1a9927

SHA256
1efa623b990d8505f01d4afd67b7e1e5bdecc03420b730cd3c85cd4a84bdf001

SHA512
069b9ed6427951383b86aab3ed0de05d102b2a6e30afb18bc875b59efd2f9d44cd85109d6c316c01c25d92f454385cc67cc6b1e48d5e79c2ee387951d81486f0

Download Submit
\Users\Admin\AppData\Local\Temp\BRL000008f4\BR1D13.tmp

Filesize
356KB

MD5
c3c4f3fe90e3b3b02bea0e8da3447ed2

SHA1
7ac0f54119d2273a2cd261f1fe6c5667e9c486df

SHA256
3524ec77985e390acf9d07d81b1b44305165d711bbca770f7458ea0a78751f82

SHA512
0e24c9394c635a3f1671a297f97b613e6936cd8f862a214125d3456324a18668ae138d5c4fde036f55e2b13b158e4cebc53f78153862a008b1ae747eab228a60

Download Submit
\Users\Admin\AppData\Local\Temp\BRL000008f4\BR1D43.tmp

Filesize
59KB

MD5
f62dd6ce51e19349ec1d1f2e88c4ef4d

SHA1
60bd29538b4fecaf527ba8b7d92b7f32d2e72ddb

SHA256
be88244da9faaa6636a9d2f4c4249c08066a0b48359690b9b27a2b9ed47e093d

SHA512
ba68a59427ec252b895e1c3d6879e0c7a010893d23b5a8687ce86d738faaec1367f73abbcf63fb8ce8b95d32afa3049cd59f22f0bc5a2ff2a3b123a54fe02012

Download Submit
\Users\Admin\AppData\Local\Temp\BRL000008f4\BR1D53.tmp

Filesize
198KB

MD5
78b6849a39c4b2767f15f427adf6032c

SHA1
9b721d2fc6676381bf7a857412da97a40bc3d1bd

SHA256
99c45f2615af1b1ca375528ce70d5d50f4f9a160a139a2c2b5a8685c51638465

SHA512
a0377ca1138af2526ab14054d092584e2195df90c39f6275eab7f80fbf0639dd4318418dc18a7c0f495dc93d40882b2398d460c96eccc3b71f8fe10fa0ac491f

Download Submit
\Users\Admin\AppData\Local\Temp\BRL000008f4\BR1D74.tmp

Filesize
513KB

MD5
5fbc6bd806a8a6c460faceeea73bd7f7

SHA1
4d1586a9631a72c3e1d75fb3c385dbd278804665

SHA256
8033d1b3af84d47d275e022608da35baac16cf40d9607ca026a47b6cd65e6a97

SHA512
4c51f9f331ac15206942e13504334b4c3549888519388607c44b617a68a9095114b0e6127e82b84170445df06260cc62308bc197b90cfb95af18d7cb6d413195

Download Submit
\Users\Admin\AppData\Local\Temp\BRL000008f4\BR1DA3.tmp

Filesize
235KB

MD5
51c675fc1ef0a62322052d3e86567c06

SHA1
e295d0b668105d81f9180ef1056d0528e4b2116a

SHA256
aaa3d7e589e9be1911eee5974afa68c64af1bbd5e039ff6a82a15c2b54c0f9f0

SHA512
a352e82db5c930c73165a48337ae51acda7ebd393b8b0b57d03d2e1b5057c41c26b1f321759b7bc521166890853ecdad7b37531212243ad86e181e2252a3b78d

Download Submit
\Users\Admin\AppData\Local\Temp\BRL000008f4\BR1DB4.tmp

Filesize
18KB

MD5
6d2c718c3059ceaa7b90919e6725a09a

SHA1
489967f8fe2b9021a891112754b840fe7dc71d13

SHA256
2ca70bc6394ee1b299a8cf1fe28e95c7d68b765e1828db1b651a7a62acae5356

SHA512
37547e9c6080d0dcb3ea23d9c856ce689997275b40d72bf9fd7c7c165e8cee4afe2ebe52e052c5f8bfc3e618391425219e9681191ee6f650444ebd643cb5a50d

Download Submit
\Users\Admin\AppData\Local\Temp\BRL000008f4\BR1E22.tmp

Filesize
19KB

MD5
a56543b9cd3aa403311b49189d25851e

SHA1
bd2609d35d4a967fe23ef4092b1daa6f74a858ad

SHA256
034756f772399552cd33605a189ee0e45d7947860e0d83ec12aa6da1a5a42054

SHA512
2237f493d70799675ae0e395f551b6cd46ff4789e46e2453c48fede07b7623b4b8111904d6fa139c204eea4405b5fd5812b0a91f27374219b721339149c25edf

Download Submit
\Users\Admin\AppData\Local\Temp\BRL000008f4\BR1FB9.tmp

Filesize
96KB

MD5
9b299884420745d80c70bba6b8a7f05a

SHA1
195423185a7776e072a65fbabae868c15f7b2f56

SHA256
9426e96a97f41645fab524385a852687792f99b505554b6b9809ed99451b2399

SHA512
ed839dc1b6ef53f3663b6055fb2869a522600b2af8d8a800958ddb531154f4e9a3f1733f32dff5511a22fe01525191c8683519cbdcedec138b1bcf3425f2155b

Download Submit
\Users\Admin\AppData\Local\Temp\BRL000008f4\BR1FC9.tmp

Filesize
179KB

MD5
79b690260195499e756cee3dbe0cb1e2

SHA1
2d1c8918c67ebd63136d71b6aa0217e4b63ffad6

SHA256
3ed71920d5d23234f694bd2cd73ba3b477e2bd899bf695ca328ca66615271285

SHA512
6246273e0d155f2820353fc376255ef2a51514ba062044ef6aa100a513cd2768b9e8841a6885180f0e4200e9d2947b29b2248d212dc39e32aea4906501c3ce6f

Download Submit
\Users\Admin\AppData\Local\Temp\BRL000008f4\BR1FEA.tmp

Filesize
53KB

MD5
2c8f6a964ca7761122f7da22042462f4

SHA1
290e48bf0f83b3f3832f69bb1ea0637ed4d8ccca

SHA256
9d6f2629aa5978dd6b87fe9bce77a5cf0135b8da2980a050579eb4e23a92f8fa

SHA512
88c49dbc5a5cce28fc61689b953e091dc5114196a9ce5977de1bc1ea916333d73a13d06abb56b7afd88f6c4f80953a2b9b720cd79e773a1246d44b37eae4cbf8

Download Submit
\Users\Admin\AppData\Local\Temp\BRL000008f4\BR1FFA.tmp

Filesize
53KB

MD5
4640fd47f64bb72cb34dbafee65dbdde

SHA1
508c8713e06ba55588d41918c5a99308cb4b37a0

SHA256
f02c4352ea80e1b476eb4754455ae684efb4289d95edf925e38bd3789f6ead49

SHA512
de2d05ea66ab37b7120cde8f4aeb79c6365430bd94f56b07019451e1329f8f3a2674af9ed6677b8ade59fa2185c6a48eaead47091edc8284e686260c69544a4c

Download Submit
\Users\Admin\AppData\Local\Temp\BRL000008f4\BR1FFB.tmp

Filesize
218KB

MD5
7190ecf05ec3b297d6ded3e204399e95

SHA1
5c085cbbbcc8686266acfb318e75a38794625e88

SHA256
49e2c502923de5f89958de86f1cc6f91e7ddafe46d0f81bfb51a669627650e6e

SHA512
4e12adcaaebdc08e06270437dd4ebf33c4aecd5b6cce7245bf12b0303c809465d75d5b319fb262a807cf9a5cb99d808e466fc30b19d88ddcf2b3f0b9c9f74881

Download Submit
\Users\Admin\AppData\Local\Temp\BRL000008f4\BR200C.tmp

Filesize
125KB

MD5
053a60f34c75ca0a4a821b46eae86d31

SHA1
ebcf9f84a393969655969c248c2d572d7a05541c

SHA256
683f19a461948f4cca2fbece26949b34d6347dff279efece983b9f64a868422c

SHA512
346c989ef320079b5978678264059ad9e545081dded233d10dca73a72906fa01df30a3c96f6d319efcea64c198ef409748e511dab8a4d43e1fa7af50ed3f0256

Download Submit
memory/2292-67-0x0000000000FD0000-0x00000000012AE000-memory.dmp

Filesize
2.9MB

Download
memory/2292-79-0x000000006A180000-0x000000006A1B9000-memory.dmp

Filesize
228KB

Download
memory/2292-78-0x0000000063100000-0x0000000063114000-memory.dmp

Filesize
80KB

Download
memory/2292-80-0x0000000066080000-0x00000000660A3000-memory.dmp

Filesize
140KB

Download
memory/2292-77-0x0000000063980000-0x0000000063994000-memory.dmp

Filesize
80KB

Download
memory/2292-76-0x0000000074E70000-0x0000000074EA2000-memory.dmp

Filesize
200KB

Download
memory/2292-75-0x0000000066C00000-0x0000000066C1B000-memory.dmp

Filesize
108KB

Download
memory/2292-74-0x000000006CA00000-0x000000006CA0E000-memory.dmp

Filesize
56KB

Download
memory/2292-73-0x0000000074F20000-0x0000000074F2E000-memory.dmp

Filesize
56KB

Download
memory/2292-72-0x000000006C580000-0x000000006C599000-memory.dmp

Filesize
100KB

Download
memory/2292-71-0x0000000067C80000-0x0000000067D09000-memory.dmp

Filesize
548KB

Download
memory/2292-70-0x00000000710C0000-0x00000000710F4000-memory.dmp

Filesize
208KB

Download
memory/2292-69-0x0000000066680000-0x0000000066695000-memory.dmp

Filesize
84KB

Download
memory/2292-68-0x0000000074EB0000-0x0000000074ED6000-memory.dmp

Filesize
152KB

Download
memory/2292-122-0x000000006A180000-0x000000006A1B9000-memory.dmp

Filesize
228KB

Download
memory/2292-121-0x0000000063100000-0x0000000063114000-memory.dmp

Filesize
80KB

Download
memory/2292-123-0x0000000066080000-0x00000000660A3000-memory.dmp

Filesize
140KB

Download
memory/2292-120-0x0000000063980000-0x0000000063994000-memory.dmp

Filesize
80KB

Download
memory/2292-119-0x0000000074E70000-0x0000000074EA2000-memory.dmp

Filesize
200KB

Download
memory/2292-118-0x0000000066C00000-0x0000000066C1B000-memory.dmp

Filesize
108KB

Download
memory/2292-117-0x000000006CA00000-0x000000006CA0E000-memory.dmp

Filesize
56KB

Download
memory/2292-116-0x0000000074F20000-0x0000000074F2E000-memory.dmp

Filesize
56KB

Download
memory/2292-115-0x000000006C580000-0x000000006C599000-memory.dmp

Filesize
100KB

Download
memory/2292-114-0x0000000067C80000-0x0000000067D09000-memory.dmp

Filesize
548KB

Download
memory/2292-113-0x00000000710C0000-0x00000000710F4000-memory.dmp

Filesize
208KB

Download
memory/2292-112-0x0000000066680000-0x0000000066695000-memory.dmp

Filesize
84KB

Download
memory/2292-111-0x0000000074EB0000-0x0000000074ED6000-memory.dmp

Filesize
152KB

Download
memory/2292-110-0x0000000000FD0000-0x00000000012AE000-memory.dmp

Filesize
2.9MB

Download