Overview

overview

8

Static

static

3

AcesX.V.2/Aces X.exe

windows10-2004-x64

8

AcesX.V.2/....3.dll

windows10-2004-x64

1

AcesX.V.2/...ox.dll

windows10-2004-x64

1

AcesX.V.2/...PI.dll

windows10-2004-x64

1

AcesX.V.2/Module.dll

windows10-2004-x64

3

AcesX.V.2/...on.dll

windows10-2004-x64

1

AcesX.V.2/...PI.dll

windows10-2004-x64

1

AcesX.V.2/...PI.dll

windows10-2004-x64

1

AcesX.V.2/...PI.dll

windows10-2004-x64

1

AcesX.V.2/krnl.html

windows10-2004-x64

1

AcesX.V.2/krnlapi.dll

windows10-2004-x64

1

Resubmissions

31-05-2024 23:46

240531-3sea6saf93 8

31-05-2024 23:43

240531-3qkp6saf27 3

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2024 23:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AcesX.V.2/Aces X.exe

  • Size

    259KB

  • MD5

    8f583e9118d18e67dc5334e060a7269e

  • SHA1

    3dd4ae11c37291e2fb69f4f4dcea220319d6d8cc

  • SHA256

    eed4fc802562ffef745b65a9eb8812c9d5111307d64bbc49ad31b777c3323d3c

  • SHA512

    709ca3cc262607ef1509db6e8401533131c3a8d85d1c53ad05ea3cc30bdb795d3e473f5e16f4900e3ecc6e7a5611de1164ae0ddf2337e8c2904be278ec93476e

  • SSDEEP

    1536:8Cs6ju2mbVY4/dRXVL6s5zjalOYCXuVyOkd3/BKFnYjn+C+2RlxYHe8qUMvELKk7:HtibVY41RXD5YxyOkuiXXfL8rOCJaG

Score
8/10
execution

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Powershell Invoke Web Request.

    execution
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AcesX.V.2\Aces X.exe
    "C:\Users\Admin\AppData\Local\Temp\AcesX.V.2\Aces X.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4408
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C powershell -c "Invoke-WebRequest -Uri 'https://cdn.krnl.rocks/bootstrapper/files/krnl.dll' -OutFile 'C:\Users\Admin\AppData\Local\Temp\AcesX.V.2\krnl.dll'"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:456
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -c "Invoke-WebRequest -Uri 'https://cdn.krnl.rocks/bootstrapper/files/krnl.dll' -OutFile 'C:\Users\Admin\AppData\Local\Temp\AcesX.V.2\krnl.dll'"
        3⤵
        • Blocklisted process makes network request
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ucfavewr.kcj.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/4408-8-0x00000000746AE000-0x00000000746AF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4408-5-0x0000000004F70000-0x0000000004FB2000-memory.dmp

    Filesize

    264KB

    Download

  • memory/4408-9-0x00000000746A0000-0x0000000074E50000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4408-4-0x0000000004F10000-0x0000000004F1A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4408-10-0x00000000746A0000-0x0000000074E50000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4408-6-0x00000000746A0000-0x0000000074E50000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4408-7-0x00000000746A0000-0x0000000074E50000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4408-11-0x0000000009F50000-0x0000000009FEE000-memory.dmp

    Filesize

    632KB

    Download

  • memory/4408-3-0x0000000004D80000-0x0000000004E12000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4408-2-0x0000000005290000-0x0000000005834000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4408-1-0x0000000000310000-0x0000000000358000-memory.dmp

    Filesize

    288KB

    Download

  • memory/4408-12-0x0000000009EB0000-0x0000000009EBA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4408-13-0x0000000009FF0000-0x000000000A048000-memory.dmp

    Filesize

    352KB

    Download

  • memory/4408-44-0x00000000746A0000-0x0000000074E50000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4408-43-0x00000000746A0000-0x0000000074E50000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4408-0-0x00000000746AE000-0x00000000746AF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4408-42-0x00000000746A0000-0x0000000074E50000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4824-15-0x0000000005130000-0x0000000005758000-memory.dmp

    Filesize

    6.2MB

    Download

  • memory/4824-20-0x00000000746A0000-0x0000000074E50000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4824-17-0x0000000005030000-0x0000000005052000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4824-19-0x0000000005940000-0x00000000059A6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4824-30-0x0000000005AB0000-0x0000000005E04000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4824-31-0x0000000006080000-0x000000000609E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4824-33-0x0000000006130000-0x000000000617C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/4824-32-0x00000000746A0000-0x0000000074E50000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4824-34-0x0000000007920000-0x0000000007F9A000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4824-35-0x0000000006570000-0x000000000658A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4824-41-0x00000000746A0000-0x0000000074E50000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4824-18-0x00000000057D0000-0x0000000005836000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4824-16-0x00000000746A0000-0x0000000074E50000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4824-14-0x0000000004AC0000-0x0000000004AF6000-memory.dmp

    Filesize

    216KB

    Download