d2592794639164f5c4952b5c73dead881a3282443b6ef362feb91cc1016a7610

Analysis

max time kernel
91s
max time network
92s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
19/06/2024, 14:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Golden Hearts Juice Bar.exe
Size

717KB
MD5

63cd4e8e3d2a6f0b5ba1bac3df0ff3b3
SHA1

a97677c6cd05aa9a78f0158cf8e61c8443741875
SHA256

d2592794639164f5c4952b5c73dead881a3282443b6ef362feb91cc1016a7610
SHA512

4fbfadd2cae2352a3901858f95fd2f02d5a851c7b79071fab03ae8c3edc8908f5e26ca2dccdff79e47f3eaec446a2f71e7d35460142477f41df782f905699105
SSDEEP

12288:2Wvp/4twXq7+7MYczzqWPAz20nMIZ54RitUErly6MYyetvY/AkNCvu4cVYa1cWKr:2WvSwXqi7vcMXnMIH4RxKly6YW0NAjcf

Score

7^/10

evasion trojan upx

Malware Config

Signatures

UPX packed file 43 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3032-6-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-4-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-0-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-7-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-87-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-88-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-86-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-95-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-94-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-93-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-92-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-114-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-115-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-116-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-117-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-119-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-118-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-139-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/2700-143-0x0000000000940000-0x0000000000A98000-memory.dmp	upx
behavioral1/memory/2700-146-0x0000000000940000-0x0000000000A98000-memory.dmp	upx
behavioral1/memory/2700-144-0x0000000000940000-0x0000000000A98000-memory.dmp	upx
behavioral1/memory/2700-140-0x0000000000940000-0x0000000000A98000-memory.dmp	upx
behavioral1/memory/3032-147-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-149-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-151-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-152-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-155-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-156-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-154-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-158-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-160-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-163-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-168-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-169-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-167-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-164-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-171-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-173-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-174-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-179-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-178-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-181-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx
behavioral1/memory/3032-183-0x0000000001D60000-0x0000000001EB8000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Golden Hearts Juice Bar.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\is259400240.log	Golden Hearts Juice Bar.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	Golden Hearts Juice Bar.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3032	Golden Hearts Juice Bar.exe
3032	Golden Hearts Juice Bar.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3032	Golden Hearts Juice Bar.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3032	Golden Hearts Juice Bar.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3032	Golden Hearts Juice Bar.exe
3032	Golden Hearts Juice Bar.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2700	3032	Golden Hearts Juice Bar.exe	28
PID 3032 wrote to memory of 2700	3032	Golden Hearts Juice Bar.exe	28
PID 3032 wrote to memory of 2700	3032	Golden Hearts Juice Bar.exe	28
PID 3032 wrote to memory of 2700	3032	Golden Hearts Juice Bar.exe	28

C:\Users\Admin\AppData\Local\Temp\Golden Hearts Juice Bar.exe
"C:\Users\Admin\AppData\Local\Temp\Golden Hearts Juice Bar.exe"
1⤵
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Users\Admin\AppData\Local\Temp\Golden Hearts Juice Bar.exe
  "C:\Users\Admin\AppData\Local\Temp\Golden Hearts Juice Bar.exe" /_ShowProgress /PrTxt:TG9hZGluZy4uLg==
  2⤵
  PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259399726\bootstrap_43849.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399726\css\main.css

Filesize
6KB

MD5
8ca183485dee29adde796f88c1cfc6b4

SHA1
3a39e320dbec91ab62db7cfb7480588190478d43

SHA256
b836bf42c37c528a66249c28bdb3ace496d31d327d4c18dc1ed8fef5ba8e478c

SHA512
5a4b4e3bdca68ce9e419c721109ded7e803d9e9818dda62bbe0292071044c5c157c584ab4d108494e28d9196d90da5cc050283c1b9aef059dd331d9b377bc171

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399726\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399726\images\BG.png

Filesize
12KB

MD5
1fafe60ba8b977d02770aa000558dc52

SHA1
d361f5cc22a1ccb0ebf4f148cf110ea94cd1fd25

SHA256
5c9e6b81b171156bd877629af354875e39570a4ef9f0ca5b9cd8e452e56111ef

SHA512
96cee9afae614753ff7ab640b0e9d41d312fe66f7b3286b4f6c29e57b51aea4bd5645fccb397e6c0755f8ec4daecdb27760f148de2ed649f2d13e1d5cb275abe

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399726\images\Close_Hover.png

Filesize
1KB

MD5
e091da7c1fadcf939e82069eb87b4677

SHA1
2461fddc2af7903e43d1a765519912f9c48b656a

SHA256
aedf0e41ac2102141e1bc1ede283c28f5f6b1f04ad08805c4e77f808020c52a7

SHA512
bcc610f45d57a8d9329d86ade84a56bc33ff6d2fdfcd902cad34f89b1ddb88601cb4a21c268681b5cca35a004f59175f2683b33c1f957c6af862a4750037564b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399726\images\Color_Button.png

Filesize
1KB

MD5
5dd27a61c056f030a067972eddeef4f1

SHA1
05dcc226ec41438e1d5a853ad540cb62a2f87679

SHA256
94b76d24c9aa200ed0033d846ac2a255ddd0014c738723582ea3476ee3431905

SHA512
f9356b17436388b565f779b5370da03d4c0b8f0b851d734d035b9f5defa4ea8a9e7db7e9d0f204418c2383b37c02fb20a6cea0602e3691c960c4c329248d9610

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399726\images\Color_Button_Hover.png

Filesize
1KB

MD5
0651559d77ec9cbca52a8468e7881d50

SHA1
7a208b34a99c4c356ba1bff09f17b91846937b21

SHA256
e5660264f1fac63d6b62b65041293631516ad8c4921328ed0146d410b883de98

SHA512
48726b8c88e42dd5fdf0399c9cca68cb554b749d042ca91c4e2b8f6d55311d5e558d0c4b75458ba66de6f839580236eda2f32b40307609b439df0e61d7b0e6c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399726\images\Loader.gif

Filesize
10KB

MD5
57ca1a2085d82f0574e3ef740b9a5ead

SHA1
2974f4bf37231205a256f2648189a461e74869c0

SHA256
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

SHA512
2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399726\images\Progress.png

Filesize
2KB

MD5
5995603e376b72b3f2f02d400b44584a

SHA1
4127535df235428d157f83006fa23225130215ce

SHA256
392d2b22da905e8f2092d96116b6aa3326dbede98fc6f0c45e5b9146f9fc2f48

SHA512
74aa387e04e79fab7b6ce570acada3d0cb882f440999f3539caf7bbd9ec505765d9b6b39cea5edfdb176b17186b302f21dcf059dc03ed0045a81595c9947a861

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399726\images\ProgressBar.png

Filesize
1KB

MD5
41e2db8679de78b2a15a5ada20c0228f

SHA1
4e0cac7678928d838a61bf171c496b922c121f00

SHA256
cbd36783ed6c4a4bae2414f76102032fcd0905b911c5596014ed0d14c5685b7a

SHA512
aad04e4fd9ff2d90bbee9231b0c095f350393703c3e10351bafc1160896c30d0d3ed5f616bd9820742aed4295a698af392f6106995492bb532d0163d557642b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259399726\images\sponsored.png

Filesize
2KB

MD5
e3758d529f93fee4807f5ea95fbc1a6c

SHA1
3a9a1ba234e613e5f808c3ffeda05a10a5dafe00

SHA256
8d46eb0c60043dcb7d79ab3d0525148fc901764620c02e4b9c5dd8b0e9026303

SHA512
e891552bee3aa10247cad1fcc510331077016a6e71d46827be2dd46017f943c5acc2c1506b41217880d35d52a94989923ad0a345f8791da4bb379eceefe3c407

Download Submit
memory/2700-140-0x0000000000940000-0x0000000000A98000-memory.dmp

Filesize
1.3MB

Download
memory/2700-144-0x0000000000940000-0x0000000000A98000-memory.dmp

Filesize
1.3MB

Download
memory/2700-145-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2700-146-0x0000000000940000-0x0000000000A98000-memory.dmp

Filesize
1.3MB

Download
memory/2700-143-0x0000000000940000-0x0000000000A98000-memory.dmp

Filesize
1.3MB

Download
memory/3032-118-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-149-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-116-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-117-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-119-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-94-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-87-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-7-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-0-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-3-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/3032-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3032-114-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-6-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-4-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-139-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-88-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-86-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-95-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-92-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-93-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-147-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-115-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-151-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-152-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-155-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-156-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-154-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-158-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-160-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-163-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-168-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-169-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-167-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-164-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-171-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-173-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-174-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-179-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-178-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-181-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download
memory/3032-183-0x0000000001D60000-0x0000000001EB8000-memory.dmp

Filesize
1.3MB

Download