e67cb5c9cf008296b2fbc28c990c5620de84520a9f3a6a4de14c49fff1478ee3

Analysis

max time kernel
143s
max time network
28s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 08:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe
Size

698.6MB
MD5

c19227e74f0fedfbd0ba8045196fd6e2
SHA1

b4394748c37ac772f59a203d92bb76a06f84b245
SHA256

e67cb5c9cf008296b2fbc28c990c5620de84520a9f3a6a4de14c49fff1478ee3
SHA512

8e6716ab3021921fc94f755499974fb4549620c57d4eec0be1402da667247e1434817cf02c0ea3258cb0b8814da9f0970a051e2bde6a7f7e4c08832fa3562ba3
SSDEEP

12582912:1u5I/7sxFIiuwW9HgkEf4dGurYT4jcnW7Qsx7mgvCh9NlRM/asa6jHyNTmi2EOm6:A5IDsrhwfYu0sNQuCHy/aD6Tycj

Score

8^/10

evasion upx

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2272	netsh.exe

Executes dropped EXE 2 IoCs

pid	Process
1660	helper.exe
2088	Autorun.exe

Loads dropped DLL 7 IoCs

pid	Process
3008	Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe
3008	Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe
3008	Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe
3008	Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe
1660	helper.exe
1660	helper.exe
1660	helper.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000015f6d-194.dat	upx
behavioral1/memory/1660-195-0x00000000034E0000-0x000000000398B000-memory.dmp	upx
behavioral1/memory/2088-199-0x0000000000400000-0x00000000008AB000-memory.dmp	upx

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File created	C:\\InDesign2021x64\AUTORUN.inf	Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe
File opened for modification	C:\\InDesign2021x64\AUTORUN.inf	Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International	Autorun.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 1660	3008	Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe	30
PID 3008 wrote to memory of 1660	3008	Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe	30
PID 3008 wrote to memory of 1660	3008	Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe	30
PID 3008 wrote to memory of 1660	3008	Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe	30
PID 3008 wrote to memory of 1660	3008	Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe	30
PID 3008 wrote to memory of 1660	3008	Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe	30
PID 3008 wrote to memory of 1660	3008	Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe	30
PID 1660 wrote to memory of 2272	1660	helper.exe	31
PID 1660 wrote to memory of 2272	1660	helper.exe	31
PID 1660 wrote to memory of 2272	1660	helper.exe	31
PID 1660 wrote to memory of 2272	1660	helper.exe	31
PID 1660 wrote to memory of 436	1660	helper.exe	33
PID 1660 wrote to memory of 436	1660	helper.exe	33
PID 1660 wrote to memory of 436	1660	helper.exe	33
PID 1660 wrote to memory of 436	1660	helper.exe	33
PID 1660 wrote to memory of 2088	1660	helper.exe	35
PID 1660 wrote to memory of 2088	1660	helper.exe	35
PID 1660 wrote to memory of 2088	1660	helper.exe	35
PID 1660 wrote to memory of 2088	1660	helper.exe	35
PID 1660 wrote to memory of 2088	1660	helper.exe	35
PID 1660 wrote to memory of 2088	1660	helper.exe	35
PID 1660 wrote to memory of 2088	1660	helper.exe	35

C:\Users\Admin\AppData\Local\Temp\Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe
"C:\Users\Admin\AppData\Local\Temp\Adobe InDesign 2021 16.3.0.24 RePack by KpoJIuK.exe"
1⤵
- Loads dropped DLL
- Drops autorun.inf file
- Suspicious use of WriteProcessMemory
PID:3008
- C:\InDesign2021x64\install\helper.exe
  "C:\InDesign2021x64\install\helper.exe" /XSTART
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1660
- - C:\Windows\SysWOW64\netsh.exe
    netsh.exe advfirewall firewall delete rule name="all" remoteip=95.141.193.133
    3⤵
    - Modifies Windows Firewall
    PID:2272
- - C:\Windows\SysWOW64\route.exe
    route.exe delete 95.141.193.133
    3⤵
    PID:436
- - C:\InDesign2021x64\Autorun.exe
    C:\InDesign2021x64\Autorun.exe
    3⤵
    - Executes dropped EXE
    - Modifies Control Panel
    PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\InDesign2021x64\AUTORUN.exe

Filesize
988KB

MD5
da747ddfbc719e1eebf4a751f8a61cf8

SHA1
45f21778a4f58224c6cb2edaab55070bb61c47dd

SHA256
2e9cdf31e2dcb93f9126b7ac208ed7557a432962d38d95ab389734f9c932ccc9

SHA512
256b8bfe13a5cefa38980a8b82f875d76ecdb1def3341b4e26dd95cf261b89aca3fa5a9dea9997e8743979a228904607468fb176db5cf80034657c38a70bcaa2

Download Submit
C:\InDesign2021x64\install\Helper.exe

Filesize
5.1MB

MD5
6ecc1131e7a7b6ba730236f4139ce976

SHA1
4ccc9ba77671d781302c8da4724334d0c513096b

SHA256
7c81f20ccecae4031c7b8b80a1179acabfffcf7a7df3f9dc0b5ffa79748f05c7

SHA512
72ea8a5702f8982be725fe6767613108f3bb8355495fb058929792ad220f68b1267494f3a504ec61b1212cac144458a0d2dbd87a68c0859c73fe1dbeb2df52f7

Download Submit
C:\InDesign2021x64\install\Helper.exe

Filesize
2.9MB

MD5
ed2871b36e4bfc62b756e97f057be8fb

SHA1
8428ae122b18f867a949278609b8532b9aebcd04

SHA256
33f6c3d9d35c92539cf874e5f3c401025013e5aa378c6f20feb1748ea783b93f

SHA512
0d608245bac0b7a7704fe22bf27691e5da4681b993d9fddddaefe38f990f69b5b78193ab7801ec988395d82c4b0ec587ce3e0674ac1fe3c717fb57de2f81a32a

Download Submit
C:\InDesign2021x64\install\config.ini

Filesize
114B

MD5
cf3f4261586a16375d06fbcb20623db5

SHA1
3afd2ed0536eb72831122c1fe334f4b058afa101

SHA256
a65ab6e54ab96873d97dd3963410d210800330fae0d74912e5036ac807030880

SHA512
a8506e8429783903c52f65b443db3fad8ac48b8591bc659b2c03e771bdfa206c2dd16f48767ce09a625ec53b4c241fc9aff27e2a79958c1ce5429f60aa4b2679

Download Submit
C:\InDesign2021x64\install\helper.exe

Filesize
2.0MB

MD5
b0230d14b9909d0d4cf9d71e4c8f3589

SHA1
e6e1ff531a40b1f8afa51c7d579016e7a05af971

SHA256
47aa721901844bd93dd3731eb0833b4b503beaed68ffc96e7f1793a021f1a51e

SHA512
b4d9edbd11400be66b62297879bcad7d0d6a794d593048646177253497f587013176225d0eb6ee972ad8032bb43b55534cfb5aa71e889cf1dd0110e9e1cbb4e6

Download Submit
\InDesign2021x64\install\Helper.exe

Filesize
5.8MB

MD5
2012906cf1f2a3807b4a9afd51758d4a

SHA1
6a17a8678b91428c9ad3353aa2c23e79350cf656

SHA256
1deb072518d862c59125c9362edc13211dfba04870cc890c9c4424f361ee00d4

SHA512
d63d81b76333362a3b9021154d3103617e51df22e4c9f2db1232440f63488d9e9f0f8681d64373a927135c7294df8b4eede7917d9eb2bfda397056767d8e80a7

Download Submit
\InDesign2021x64\install\Helper.exe

Filesize
4.3MB

MD5
82eaa3194bc29bc552bbdb8679ce4291

SHA1
309f14bb0ed78724a3429d657470e9b4ff782504

SHA256
f155f0251e241a3f9b88053e7640f7b6fcefbb4c318fc2deea4c78d9297d4d17

SHA512
7df0e1cdf676bead91d3b82a77ff7b1d32d5021477e5393a2a3fb713b9f202fc092aeba3001fe3732ba5f359480dc1bf8d91f7ed355e885ae3548e5a9cdf61c3

Download Submit
\InDesign2021x64\install\Helper.exe

Filesize
4.2MB

MD5
834e353813f71847f9d63016baa1dd42

SHA1
3e7c755cfc7ee975188ef318b6ba6b990c32b22b

SHA256
8aadaf5ddfd16c6665edccf450735068a91de996b6e177d234e3f58084aac9b6

SHA512
e42681660e704038f0b4f0ca46fe40598288afb05b0be7ec9d4ddb433b70b2c7f818bca82a8362077441e39e317f0b7e6247ed7c9f7b2916a7b9926798e9cefb

Download Submit
\InDesign2021x64\install\Helper.exe

Filesize
3.6MB

MD5
62960fdf8a79858da27cb35aed605b39

SHA1
8185cfd8b46e530dd4f8a518acd8cac282317175

SHA256
3482b93788be90442f7f3451e8196a323c7ccea7e1bf711084b0313888f4f842

SHA512
71805e45601e47b8e5f7e3fdb1af05125c8aa7ac8bdd7d519de59fe725c2874af78ee8e9398f306eb282b35886dea8506cc5933ddfa8dfffe8666d356757e2bb

Download Submit
\Users\Admin\AppData\Local\Temp\nsjE1D8.tmp\nsExec.dll

Filesize
7KB

MD5
f27689c513e7d12c7c974d5f8ef710d6

SHA1
e305f2a2898d765a64c82c449dfb528665b4a892

SHA256
1f18f4126124b0551f3dbcd0fec7f34026f930ca509f04435657cedc32ae8c47

SHA512
734e9f3989ee47a86bee16838df7a09353c7fe085a09d77e70d281b21c5477b0b061616e72e8ac8fcb3dda1df0d5152f54dcc4c5a77f90fbf0f857557bf02fbc

Download Submit
memory/1660-195-0x00000000034E0000-0x000000000398B000-memory.dmp

Filesize
4.7MB

Download
memory/1660-200-0x00000000034E0000-0x000000000398B000-memory.dmp

Filesize
4.7MB

Download
memory/2088-198-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2088-199-0x0000000000400000-0x00000000008AB000-memory.dmp

Filesize
4.7MB

Download
memory/2088-202-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads