2d2114e35bf66929b86f0fe125639559105a35570124a0711bec2d06e33223f6

Analysis

max time kernel
10s
max time network
4s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 07:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PANDAFREEAV.exe
Size

3.2MB
MD5

19dde1bb8bd1fc0b202b90d90df9e3ff
SHA1

d14948d38dd9e4856fb8a8b7291ebe302cda9647
SHA256

2d2114e35bf66929b86f0fe125639559105a35570124a0711bec2d06e33223f6
SHA512

0520fc41022680f20f93584721666dbf59680e982772c7c55733b9bdc47f5cf2be9b3c0dc66a09bf39d1a9cc37d445c3049b461bdd12b2b46c45add20bc77ae1
SSDEEP

98304:KWxnQjLbTM4tSpnctPL+EyYLgTjzAlgknJ1g9+JXlxsW1:KWeL0nctaQAU9L7sG

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2468	Stub.exe

Loads dropped DLL 5 IoCs

pid	Process
2468	Stub.exe
2468	Stub.exe
2468	Stub.exe
2468	Stub.exe
2468	Stub.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2468	Stub.exe
2468	Stub.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2468	Stub.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 2468	1496	PANDAFREEAV.exe	83
PID 1496 wrote to memory of 2468	1496	PANDAFREEAV.exe	83
PID 1496 wrote to memory of 2468	1496	PANDAFREEAV.exe	83

C:\Users\Admin\AppData\Local\Temp\PANDAFREEAV.exe
"C:\Users\Admin\AppData\Local\Temp\PANDAFREEAV.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Users\Admin\AppData\Local\Temp\7zS8D55AD07\Stub.exe
  ".\Stub.exe" /c "191048" /u "http://acs.pandasoftware.com/Panda/FREEAV/191048/FREEAV.exe" /a "GGLPDFREE0720" /p "4252"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Panda Security\PSLogs\Stub_exe.log

Filesize
2KB

MD5
dfb69514c4c99c9e950733274a350c57

SHA1
8f5da454222d8f1ca6ea0610a74fe38ad051c347

SHA256
452300e64de4be24b2c703c377a59400c4c088fd5f8dd85c66858a3ad9b9aee4

SHA512
4055aa9b9df75f63c0c76d18a6077c956038674e1baabddc32c875b820cd7f5c8cad939a8b62f255646b5a512fc01e4d353396f5e866871c34395da88ed55e34

Download Submit
C:\ProgramData\Panda Security\PSLogs\Stub_exe.log

Filesize
3KB

MD5
5a72f3e277870b955395e7652968aca9

SHA1
1cf1e18dcf4a3449f93b719451d8bb9ae0807efc

SHA256
6e29dfedfcfbd6008d32d472fcccf3aace85bb8e8bc00db3a661f0c2b76a2dd8

SHA512
a7ca575f9b62c3a3aa60bb01e0627b0096de03ae9f1c9d82c6da3e2e8d5f7632b23779adc66603342a13526032eed04a05d83ece6b4b44a9450ab365af73995e

Download Submit
C:\ProgramData\Panda Security\PSLogs\Stub_exe.log

Filesize
4KB

MD5
a9929ec51f0bd1118d29473e75e0669d

SHA1
8ed164022476424b7137d135283d9079fe75a022

SHA256
848769e6159529b34347df1c49c0c3034db6099fc17fde1d65b94ad71f1e2b59

SHA512
e6e3bfd6b6d5039d48016def92e6f00f4d3096e9c3dd2a7c4ea895330d6d1edfeebae6b2cb8c20439ff05e504aada382a5fe93ae59492c0c904e5f829918815f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D55AD07\AvDetect.dat

Filesize
23KB

MD5
9a17b5ac44705cc4bc3608c6232e1f16

SHA1
4a5f78bc37a704d5181f51aa32cefcb51c66d3cf

SHA256
4ad849f737b18084b060828c7cca48bcf512cc2ada2a937f5cfbab79f1b29677

SHA512
79db7e450faa9e81f27789f328a58860438713e58aef7ddd37661f1c62ed4cafc437cb7499273e7f36e805edbd93405153f66f6dc37cdd09fd0aea611ca91ce2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D55AD07\CommsWrapper.dll

Filesize
82KB

MD5
de835b63304969aab279fd08ff927a8d

SHA1
ffa8608c831d0fd782265dff342eed71d53bfcdd

SHA256
a474a520c9dac0e66678a967e9b94923fcbd084e449403399f96b1f0879cf0e6

SHA512
31ab5e134da5b55cc28d0478e8b55016449a9753c81e92f0c37f8803cf621d52ecaaf11cea4fa6dcf038ae0562d7faca6e6e58cfa45c4189dc359beea90b2002

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D55AD07\InstallRes.dll

Filesize
1.2MB

MD5
acf7d45e9b3e5be0fb4c1a2c38a6000b

SHA1
c737b90454f6f308eafc5d042e7ac570756b8eeb

SHA256
d5a071d71a25eadfe9782a53aea53dfa807992e9c3f2d0eefb8c6c1a67865a0a

SHA512
7ddf01c454ea7119da9612afd229d2e7cd61ab30460191fafb244aed7ff4af202bef5b378a76ca4d2d80141babc56b7b8b4c11fad9cd9d119234f54bd30b8549

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D55AD07\MSVCR100.dll

Filesize
755KB

MD5
bf38660a9125935658cfa3e53fdc7d65

SHA1
0b51fb415ec89848f339f8989d323bea722bfd70

SHA256
60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

SHA512
25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D55AD07\Stub.exe

Filesize
1.4MB

MD5
1af7fb8dcdafcab0f29c5a9c5c192793

SHA1
1fddc13da4e122164b3992d06f0aa266baafbb9d

SHA256
0c876c022c0b6aca9eb622a8c9ac50996a15ae39c65bd937cb0b66bf93e4b734

SHA512
c8e19c326dc2931716577c8c0466d6d3f61a9f69ba89f66a380152c4d729e1cc99078ae818083832f9dfcb9e31e635d5dda19fbdf304bc69c8059b595d5603ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D55AD07\StubInstaller.dat

Filesize
5KB

MD5
238dcab1cb4709a2cb212a4acf1944d2

SHA1
5693a7ac7bc35da7e3b8ff3a74c6832c1ff41376

SHA256
17b5f3d0697f2b41cf09d65f595e030b90de23b2afcdfb85be1969b57c9a4b72

SHA512
0bba56bccbeca5b98790ddb09311a375426d55dd6415891b00b5749d50cd143c0327d4ae54fcccbe12644b19e671bdaf5627dd1770c20b55624a64ada17cbaac

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D55AD07\msvcp100.dll

Filesize
411KB

MD5
e3c817f7fe44cc870ecdbcbc3ea36132

SHA1
2ada702a0c143a7ae39b7de16a4b5cc994d2548b

SHA256
d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

SHA512
4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D55AD07\res\StubInstaller.ico

Filesize
361KB

MD5
b1c57c999f8a3bdec9529abe456eed97

SHA1
58a29bdde7d7834aebb4381a8df5f58458d53263

SHA256
e64df356b9e79a982daa7c3d35db3bf85a800d4d7f870a64c666216bde731657

SHA512
ebe6062d3abdd5df7c89bd5aee7254f1f1e19fc2c452015bcdd8ce7438ccf0f3fed8036259ab02a0cb9bab3888a1f85528e8dad561aea34016a722df3a7fdf06

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D55AD07\res\background.png

Filesize
163KB

MD5
66f91f2b36927e1b51344bda4b373b04

SHA1
3f316487c2116c0dd4eb6ca709ebee0d18fb2df1

SHA256
dae5e3f303d3cab68a7d920f081923bf89dd8fd1c58621c6bc3cad8b880f1494

SHA512
029238de264b3450c64da59757ff98c2bb8fc68e7234243ed9f36b99ab27d9fc15d2a1a83274dece6a8fd993709de366be2436b376f54498419b109b37331fa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D55AD07\res\cancel.png

Filesize
1KB

MD5
dc86c6898184a6335c26f7830a67b6b0

SHA1
b72a74f92a4b15d190917dde6fdff0f5ecb01960

SHA256
bb138da55a6362afc4851c30c23be279b08b1ffa2b4d3170a715c7571c46e5c1

SHA512
4c27579e83836409bcaf7bfa8a89e03495749a504269e7b372d0656ff8154ecaf6ec8421f83c28a16f470e136018bf5602e79f22aaece724bacbc2af63a790c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D55AD07\res\ico_ven_cancel.png

Filesize
2KB

MD5
d3d94c8acb4ce42424526da2dcf5df39

SHA1
f8fbdf57dc374cc0bfcfc093204f3de0ea8526f0

SHA256
4e67660226a201929a6cf6d75cba7681fa278d30541d412458768ff785ea886b

SHA512
c3af6ea85e6ec50cea62a49176a0a0234655bf041a6a662b06320cdd89cc4e8da5f3c2ca4e54d44e63c9bccc3395838735e0e330875a88865661c5da1b7894d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D55AD07\res\img_product2.png

Filesize
4KB

MD5
fd92546fc781efef844196c15e45f570

SHA1
318ae93b9f903d21bc66751ad8d8a17215cafb35

SHA256
99466f827368ef2fe2783e0112b683fdb29973055bea1d88b30462918d776993

SHA512
ac68648ad49c468b478dce94bd070bf59e91bd2d57bf656690ec90d164adff8221cf01d7dd33df541c475ca060669fe7b5b00f7f6689828dd5360fff63078b87

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D55AD07\splash.dll

Filesize
96KB

MD5
cae3bdf938e570dc1d06d9b669de35f3

SHA1
50c190667b3d6c0fbf4a181136951fb1bc2111f9

SHA256
daddee5633db37c0968befd9339dac7e202b9265bdeef364341e8287ba38b85a

SHA512
4d3f84a68790649e075e6f51bd20d42fa10d5699ccca7ac4c609d9d6d57df323387cd0ef114f153f1f1ac89b71719ff27ced30f2723421b72368590066112f1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8D55AD07\stubinstaller.ini

Filesize
3KB

MD5
ff92b1699ad48a479d9482b3cc3a36c6

SHA1
38e28220ae339004406e72c193b16b3ac2aa66bb

SHA256
762402ac55a8459493ae7a3d5e293fdf93679b02e2d13dda4beded31b61b8357

SHA512
4167dec370c8adac1e36d71b3c0d103c36943a881957f8936405400d087d4189546e70c73669073ba20064cbb1bc7066edbce8e7e1a81e93aea7579b4842a1a3

Download Submit
memory/2468-195-0x0000000003320000-0x0000000003321000-memory.dmp

Filesize
4KB

Download