09b7ec5fec8d9c8ac697834e6301b151156d16e8bea07fcef51bf68aa6fe03cd

Analysis

max time kernel
1791s
max time network
1179s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stardock.Start11-2.0.7.exe
Size

37.3MB
MD5

f82aceee36b7877d8b6271eed4a02d94
SHA1

bbe31d560cbcaf0f5b2a55e3a0385d606c90a41c
SHA256

09b7ec5fec8d9c8ac697834e6301b151156d16e8bea07fcef51bf68aa6fe03cd
SHA512

541d681825b93df9842f3701ffe77caaa4a0a077b7fb5f89021f2e0c6fe26036b563e789aebd2b289f1282c29ba1ffff733e338175e0db4ee42c935613b725e6
SSDEEP

786432:gDRV6fqb4UMq/PUb/cqUEiCc1kV6bAw69N0J2iVCNt:gDRjzE/DU/CukVrw69Nriit

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0008000000023420-13.dat	acprotect

Loads dropped DLL 5 IoCs

pid	Process
5048	Stardock.Start11-2.0.7.exe
5048	Stardock.Start11-2.0.7.exe
5048	Stardock.Start11-2.0.7.exe
5048	Stardock.Start11-2.0.7.exe
5048	Stardock.Start11-2.0.7.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/5048-15-0x0000000074830000-0x000000007483A000-memory.dmp	upx
behavioral1/files/0x0008000000023420-13.dat	upx
behavioral1/memory/5048-29-0x0000000074830000-0x000000007483A000-memory.dmp	upx

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\womtrust.dll	Stardock.Start11-2.0.7.exe
File created	C:\Windows\wontrust.dll	Stardock.Start11-2.0.7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Stardock.Start11-2.0.7.exe
"C:\Users\Admin\AppData\Local\Temp\Stardock.Start11-2.0.7.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:5048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nss4CD9.tmp\Aero.dll

Filesize
6KB

MD5
243bf44688b131c3171f2827a93e39dc

SHA1
07e9c7bd16ae47953e42c06ae2606de188386f35

SHA256
04a577df50431eb0ff6fb103566402bf66c50415bcc1f8a86b9c235053131455

SHA512
a1a8c21d38c54a43d1c6c394f481dfbddcb359c617e9928ecca8f84d47354616a78d20735a1fe7bebd21626c21cf96d0e1a69e3e98f6b35f2a774cc0244f9516

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4CD9.tmp\BrandingURL.dll

Filesize
4KB

MD5
71c46b663baa92ad941388d082af97e7

SHA1
5a9fcce065366a526d75cc5ded9aade7cadd6421

SHA256
bb2b9c272b8b66bc1b414675c2acba7afad03fff66a63babee3ee57ed163d19e

SHA512
5965bd3f5369b9a1ed641c479f7b8a14af27700d0c27d482aa8eb62acc42f7b702b5947d82f9791b29bcba4d46e1409244f0a8ddce4ec75022b5e27f6d671bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4CD9.tmp\LangDLL.dll

Filesize
5KB

MD5
40eaa85160444940ff71d7aec7c6aa39

SHA1
62b0c779f32af751f3ef00833d3f5c75ed9f081d

SHA256
b4e00150349af7a646a84792b565a0c81f080a838a6e0da69e5cf8f4cdc560a3

SHA512
6d9e04dae68f9fd78a4f20a1d3fd34a9b92cf78b554d1e3e8e7fc3b2881d4659e49346f707cab43fd72c001ac192516deea7ef458ecab6b9f74b16ec05382ab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4CD9.tmp\System.dll

Filesize
11KB

MD5
8571f5fc7f75b0ee8d99849a147e0a67

SHA1
0881a57ef76dae56454d3af836f0f8da8e583d49

SHA256
6c84f2582301ac235aa5ad222c7138f44f262d7a03dcab2a293f0f2a5e32c002

SHA512
e1e5854e9378f0c9d8590b66c10e23b56977ba367d724e272f5714b16845369d53a4bab29f0d41a9bb383032f7fb4ea3d814bf13b7fbb29a04f5876c14d61e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4CD9.tmp\nsDialogs.dll

Filesize
9KB

MD5
2d4e6314e1291e211f3326b9e9a7be8c

SHA1
67236ee783506c854a40229f311eec7f8a74d218

SHA256
01c37f54c7019f09734ce28ac929d2f1f3da1ae469282a6df1d34b69b8ff9280

SHA512
6063b3f82376cacf95bcc70061cb29bd2c4261959cfa1063426f4b4617e399d263f4ad63551ec64187ec04b847304bfd1cbbbc6825c810cecdff5b17f0b64fd1

Download Submit
memory/5048-15-0x0000000074830000-0x000000007483A000-memory.dmp

Filesize
40KB

Download
memory/5048-29-0x0000000074830000-0x000000007483A000-memory.dmp

Filesize
40KB

Download