Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A

Processes

C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe

"C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe"

Network

N/A

Files

memory/2240-0-0x0000000000400000-0x0000000000545000-memory.dmp

memory/2240-1-0x0000000000230000-0x0000000000231000-memory.dmp

memory/2240-2-0x0000000000400000-0x0000000000545000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-28 14:03

Reported

2024-05-28 14:04

Platform

win10v2004-20240426-en

Max time kernel

71s

Max time network

63s

Command Line

"C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe"

Signatures

ModiLoader, DBatLoader

trojan modiloader

ModiLoader Second Stage

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A

Checks computer location settings

Description	Indicator	Process	Target
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A

Executes dropped EXE

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\Upx.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A

UPX packed file

upx

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A

Adds Run key to start application

persistence

Description	Indicator	Process	Target
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\am.exe = "C:\\Users\\Admin\\Desktop\\am.exe"	C:\Users\Admin\Desktop\am.exe	N/A

Enumerates physical storage devices

Modifies registry class

Description	Indicator	Process	Target
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0c00000050000000a66a63283d95d211b5d600c04fd918d00b0000007800000030f125b7ef471a10a5f102608c9eebac0e00000090000000	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlot = "2"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A

Suspicious behavior: EnumeratesProcesses

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A
N/A	N/A	C:\Users\Admin\Desktop\am.exe	N/A

Suspicious behavior: GetForegroundWindowSpam

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A

Suspicious use of FindShellTrayWindow

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A

Suspicious use of SetWindowsHookEx

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	N/A

Suspicious use of WriteProcessMemory

Description	Indicator	Process	Target
PID 5056 wrote to memory of 1004	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	C:\Users\Admin\AppData\Local\Temp\Upx.exe
PID 5056 wrote to memory of 1004	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	C:\Users\Admin\AppData\Local\Temp\Upx.exe
PID 5056 wrote to memory of 1004	N/A	C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe	C:\Users\Admin\AppData\Local\Temp\Upx.exe

Processes

C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe

"C:\Users\Admin\AppData\Local\Temp\WinLocker-Builder--master\WinLocker Builder v1.4.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Users\Admin\AppData\Local\Temp\Upx.exe

"C:\Users\Admin\AppData\Local\Temp\Upx.exe" "C:\Users\Admin\Desktop\am.exe"

C:\Users\Admin\Desktop\am.exe

"C:\Users\Admin\Desktop\am.exe"

C:\Windows\explorer.exe

explorer.exe

Network

Country	Destination	Domain	Proto
US	8.8.8.8:53	133.211.185.52.in-addr.arpa	udp
US	8.8.8.8:53	99.56.20.217.in-addr.arpa	udp
US	8.8.8.8:53	68.159.190.20.in-addr.arpa	udp
US	8.8.8.8:53	95.221.229.192.in-addr.arpa	udp
US	8.8.8.8:53	232.168.11.51.in-addr.arpa	udp
US	8.8.8.8:53	86.23.85.13.in-addr.arpa	udp
US	8.8.8.8:53	56.126.166.20.in-addr.arpa	udp
US	8.8.8.8:53	82.90.14.23.in-addr.arpa	udp

Files

memory/5056-0-0x0000000000400000-0x0000000000545000-memory.dmp

memory/5056-1-0x0000000000A20000-0x0000000000A21000-memory.dmp

memory/5056-2-0x0000000000400000-0x0000000000545000-memory.dmp

memory/5056-3-0x0000000000400000-0x0000000000545000-memory.dmp

memory/5056-4-0x0000000000400000-0x0000000000545000-memory.dmp

memory/5056-5-0x0000000000A20000-0x0000000000A21000-memory.dmp

memory/5056-6-0x0000000000400000-0x0000000000545000-memory.dmp

memory/5056-7-0x0000000000400000-0x0000000000545000-memory.dmp

C:\Users\Admin\Desktop\am.exe

MD5	97eb6f7ec0586fe37b82dbe2f522da35
SHA1	7b9995845a89aec0a6eabe7e9eeb446abe8e5d58
SHA256	f738afbd4c316267d35e2f4d7b818139a55d8ef6b636c3bf736f1672cb4c8ea1
SHA512	888850fe4ea693a5168d6c0f2ab638862dc1a09a1e25f1de8cbfb373753cad982f2461826f5fa54144ba04ff6ed2c19c5850d70a3a2edc3bbb2024cf42710c49

C:\Users\Admin\Desktop\RCXF2CE.tmp

MD5	a09557ca77a214add6e0e182f29980f4
SHA1	188e31a86d3d9205c63e4b83ddc9893200f2b6a0
SHA256	0af6a1395815cd750de2b54e12c1999f024c012c0444c863ed01c748539a9d8e
SHA512	fc6cf7b39d1cabfa24c1569d76122cd416dff5525b0abf0f64c73c1c5adfb1ade17bb5e69276db8bd018434b25043b7353735ad522d816f4439929f7a5ba6ea6

C:\Users\Admin\AppData\Local\Temp\Upx.exe

MD5	308f709a8f01371a6dd088a793e65a5f
SHA1	a07c073d807ab0119b090821ee29edaae481e530
SHA256	c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35
SHA512	c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

memory/1004-48-0x0000000000400000-0x000000000057E000-memory.dmp

memory/1004-58-0x0000000000400000-0x000000000057E000-memory.dmp

memory/5056-59-0x0000000000400000-0x0000000000545000-memory.dmp

C:\Users\Admin\Desktop\am.exe

MD5	b68a9f97b82e339cd8c90ab5224a34d9
SHA1	691f5733e5980b6e94023ae236a693a672cb6fe9
SHA256	b5acfd2a9b6b9cef70e56f3b6c90cc798cc0bf94244a17aa07099faa34370552
SHA512	b1ff95d3e787efb6bbccd85858b63161e6972ff7be51d015bade131ad9389cc410eb471f7eb8f25200b95eab8329192b006b0d9d620b2da41cfe55055191246f

memory/3540-62-0x0000000000400000-0x000000000046A000-memory.dmp

memory/3540-63-0x0000000000630000-0x0000000000631000-memory.dmp

memory/5056-64-0x0000000000400000-0x0000000000545000-memory.dmp

memory/3540-65-0x0000000000400000-0x000000000046A000-memory.dmp

Sample ID	240528-rc1cxshe37
Target	WinLocker-Builder--master.zip
SHA256	d22c5d94f184d1a4e1783a7aaaf81333041f85b4172fc7ad549436ec6b4c2017
Tags	modiloader trojan persistence upx aspackv2

Malware Analysis Report

2024-08-06 14:32

Table of Contents

Analysis Overview

Threat Level: Known bad

Malicious Activity Summary

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files