Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29-02-2024 22:47
Behavioral task
behavioral1
Sample
Guna.UI.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Guna.UI.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Guna.UI2.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Guna.UI2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Onyx Free Crypter.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Onyx Free Crypter.exe
Resource
win10v2004-20240226-en
General
-
Target
Onyx Free Crypter.exe
-
Size
4.6MB
-
MD5
0639440ebf99e58c833be2870e4259b0
-
SHA1
afbfeb6cce8b5710ddbf227f31e386ccc9c3b669
-
SHA256
f28df7a1b0093d68e0230388c11bab5bf87ba5efc979f1a6a717f2e92d470443
-
SHA512
3a559375273344fccc7e4cdd7ebda4eb3df439a63944208352792dc09bb478a68ec8c4a381141887e06eb0fea6dc9f88c8722f0764803f56a09d131ff31bc26b
-
SSDEEP
98304:8b0dJK6mzAKcsfyllmpSzvyAKrtvCFbLADJyaWoKuxG/:hdJK69llcpSpKrMF3QG
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Onyx Free Crypter.exepid Process 1200 Onyx Free Crypter.exe -
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral5/memory/1200-7-0x000000000AB00000-0x000000000AD4C000-memory.dmp agile_net -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Onyx Free Crypter.exedescription pid Process Token: SeDebugPrivilege 1200 Onyx Free Crypter.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
Onyx Free Crypter.exepid Process 1200 Onyx Free Crypter.exe 1200 Onyx Free Crypter.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
136KB
MD59af5eb006bb0bab7f226272d82c896c7
SHA1c2a5bb42a5f08f4dc821be374b700652262308f0
SHA25677dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA5127badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a