Overview

overview

10

Static

static

10

IDA Pro 8.3.rar

windows10-2004-x64

7

IDA Pro 8.3.rar

windows11-21h2-x64

3

Analysis

  • max time kernel
    409s
  • max time network
    315s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-04-2024 17:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IDA Pro 8.3.rar

  • Size

    470.1MB

  • MD5

    92b55d4c375f3620d506f8ceab1f9237

  • SHA1

    95ac2bff2c7ca67aeabfe66eb3ebf52832cdded1

  • SHA256

    910b2262331aeb0e498263a39a830761b20fd63c6d922669ab47f983b7745ed8

  • SHA512

    575f920c47563b57c0013f0d25a8451464ebfdf457b7dc0cacdcb6e21ac6721fb92df7b8c5a8096dc6b2b64264ee3ce81d433e97c7c465904a96e57a7168a8c5

  • SSDEEP

    12582912:4ev5f/auItI6VCr/bVC1wfzeRrrR3Pz8pC+ZFPQOl1gdC7eGZ:Pv5f9KobQEKRPlzG1XFicZ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 47 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 48 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3.rar"
    1⤵
    • Modifies registry class
    PID:4564
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1304
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1644
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\" -spe -an -ai#7zMap142:102:7zEvent30560
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4612
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro Keygen + key\" -spe -an -ai#7zMap11706:142:7zEvent12275
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2100
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
      1⤵
        PID:4892
      • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro Keygen + key\ida_keygen.exe
        "C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro Keygen + key\ida_keygen.exe"
        1⤵
        • Executes dropped EXE
        PID:3648
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro Keygen + key\reamde.txt
        1⤵
        • Suspicious use of FindShellTrayWindow
        PID:3740
      • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro 8.3 (x86, x86_64)\ida64.exe
        "C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro 8.3 (x86, x86_64)\ida64.exe"
        1⤵
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:2716
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x338 0x2e0
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3328
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro Keygen + key\reamde.txt
        1⤵
          PID:4756
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:4340
          • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro Keygen + key\ida_keygen.exe
            ida_keygen.exe -v 830 -u fuckshitfuckfuck -e [email protected] -t 3 -s 5169
            2⤵
            • Executes dropped EXE
            PID:3608
        • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro 8.3 (x86, x86_64)\ida64.exe
          "C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro 8.3 (x86, x86_64)\ida64.exe"
          1⤵
          • Suspicious use of SetThreadContext
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2768
          • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro Keygen + key\ida_keygen.exe
            "C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro Keygen + key\ida_keygen.exe"
            2⤵
            • Executes dropped EXE
            PID:4208
        • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro Keygen + key\ida_keygen.exe
          "C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro Keygen + key\ida_keygen.exe"
          1⤵
          • Executes dropped EXE
          PID:1084

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro 8.3 (x86, x86_64)\ida.key
          Filesize

          3KB

          MD5

          13c23e2a46213a51c22986a93d90643e

          SHA1

          be6066b9d3d684edb16b2fe8e7d62c1b3c0135ad

          SHA256

          8807d9a11d4623616532fab38bf30b832f45df60246c54b4b43e84b38606ff51

          SHA512

          960a63fa0ea424797b6d80c67d61ffc1a5c9fcaa9d18cf0ebdba4c0d44a531141d30040048826584fc614dd0acce63bc714279ae928ed3f17435ee6ba777bea7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro 8.3 (x86, x86_64)\ida.key
          Filesize

          3KB

          MD5

          bd63e89acf137cdc69aef375bba6b8f3

          SHA1

          0150f6c034920057f50af25e48fe5427e4539ef4

          SHA256

          2c088f8b122c261271f9c03b186b26023bdf3bd707ddab9e95f759dc0ed2bff3

          SHA512

          0238b348560ea7c3dc33355113bfd479dfca2a1a83ae87351a806c5f6286ba06928aca3f6efc1bf45b4aab4329019ca5505233567c4dc6896b679f649b725381

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro 8.3 (x86, x86_64)\qwingraph.exe.id0
          Filesize

          4.1MB

          MD5

          932bad1851c3eeb9dbb50b06fcce4885

          SHA1

          04ff62521b2a2839317d64b0772c625dc708b896

          SHA256

          c1d9dd8eae13474b855197bacdecb8e29ae548bbc276e9bcc6cc848fcc6a0d66

          SHA512

          40424db1dccd9668b8cc50ee5056f59ffe97e985c51b0b45d6d4ea3a8fbbea041bf48b0a6aefe660b22065799cf02005628377adb0ab45567a41ec37a3e19351

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro 8.3 (x86, x86_64)\qwingraph.exe.id2
          Filesize

          44B

          MD5

          6a08e3741d92a4b9696ef6736b036cc7

          SHA1

          dfb044c1a3442b6c8bdaeff3386867c36834fc57

          SHA256

          88f664ead28d06047c84c569f9c9923e24f86a780c10f40c03f4756ac87c5683

          SHA512

          10ea14fe5e746734bfcc8f9a1fc08729984b1785f9580ef741c95d2cbb54798d688f1f55550cc785e9ecaf706eafbc49fc2dde5a50c83ea00b9dbdfa893b37c7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro Keygen + key.7z
          Filesize

          1.6MB

          MD5

          73e7446aff9d02553144192f0a1dd719

          SHA1

          bb0a957fdd71b593a324c8ae6669fa9af13c7e09

          SHA256

          cd1853060ede7ba0f5158b1445496f2dd8abb4c7dd46e5cff83cc3510e9793f4

          SHA512

          fcd9f5607e71516764d38d486d48ed6d71a2c5ea8fe1388739ab0281a4f95f821cb79d36b8d0d32f004b93c10ffba0a6e76e1fd625f916c427e0968a1ebb0f92

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro Keygen + key\ida_keygen.exe
          Filesize

          5.3MB

          MD5

          df02135d4bd17c9e1f29c2e331ad243e

          SHA1

          e7a292b83da3bf2cb61335db728436d79ccea7cd

          SHA256

          9b54e11c659654d065eab45632e820b11c59eeeb7f4c496772f1d5d4b14f36f8

          SHA512

          342836a5ddd28bc63aac6287a6f9f388d1ce90c91e363c0995d06b85437b2e8bf43e76a929485c6679a5272f3cf61c6a64584dbeac3e068c1b57948c9a9a4a5c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro Keygen + key\ida_keygen.exe.id0
          Filesize

          47.9MB

          MD5

          59facfba1ecab754b90fc2e4607cd24e

          SHA1

          756063086bccef26a09ee85dac3bac29dfefec74

          SHA256

          6645f4ef79a2b1f9b680fc193e9c74dd05c5bb243a264b71c0a3821b2816000d

          SHA512

          c2148393c0af881b35b6ae6f99b8480a6bed73653abcb6da8c7f58c660a8e8a328dd935f51d4cd1d96221ea5dba67313bb26280bfd26f284d084e13521377bbf

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IDA Pro 8.3\IDA Pro Keygen + key\reamde.txt
          Filesize

          133B

          MD5

          63494844de0fdccef78d2d5a29e756f7

          SHA1

          efe3a1499ff9a25fe446e62c28e63cbf0029fd99

          SHA256

          511d1e7f3b6dff8fad9830aeb7f0ea21ba60a13723f91db48d757f4bd08fa403

          SHA512

          0e027127ead3a4476524c3e0668c18aab2a6d300570011fc51f5bccbf0c62343b7e3f7f0d334ebb6ad145424ae342def32ada99fcbd2f30616df777fb5c2566d

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Hex-Rays\IDA Pro\proccache64.lst
          Filesize

          7KB

          MD5

          f682739d75c737d41cc64737cff79b7f

          SHA1

          1f6f8702133582e3002c742fe2644a2f1e5dcc21

          SHA256

          0097c1f8799cd2436d102cc77281a932af5d7f7f566ba8a0e3d39671ef3f6289

          SHA512

          615aba803640691c18eb6b9093bf2b1b6c65e152ae2d26ef9e927d3679b99aab7a453dbf6196a27cf88e16daacf1ed425d645cdeed41619763b1c7d70e455ca6

          Download Submit

        • memory/2716-29-0x00007FFD85350000-0x00007FFD858A8000-memory.dmp

          Filesize

          5.3MB

          Download

        • memory/2716-48-0x00000231719E0000-0x00000231719F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2716-31-0x00000231719E0000-0x00000231719F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2716-30-0x00007FF603FD0000-0x00007FF6043D2000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/2716-28-0x00007FF603FD0000-0x00007FF6043D2000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/2768-85-0x00007FF603FD0000-0x00007FF6043D2000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/2768-86-0x00007FFD85350000-0x00007FFD858A8000-memory.dmp

          Filesize

          5.3MB

          Download

        • memory/2768-87-0x0000029CBCC30000-0x0000029CBCC40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2768-110-0x0000029CCCAA0000-0x0000029CCD9DB000-memory.dmp

          Filesize

          15.2MB

          Download

        • memory/3608-83-0x000001AACA240000-0x000001AACA250000-memory.dmp

          Filesize

          64KB

          Download