a2fa034d006bdbc3ee2a15e55eb647f8097355c288a858da1e309fe8ac1cf0a3

Resubmissions

30-06-2024 18:29

240630-w47crssckh 10

30-06-2024 18:24

240630-w2dyfasbmb 7

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyplaceControlInstall.exe
Size

5.9MB
MD5

de3f653561daa3c88bea49b8a6df874b
SHA1

08720bc41df746aa0a2eb4a4c46ebbbecca0f123
SHA256

a2fa034d006bdbc3ee2a15e55eb647f8097355c288a858da1e309fe8ac1cf0a3
SHA512

a8d237ba7cf89d7101fe42ed4a1c841c934f222ccc2041494bf49f67c4cc9bf190988a7a138860a9aec3e6862cb99663dcde96c93ba40b81a923fc68dae2ac7f
SSDEEP

98304:FtUY9cZjRMe8g7dF1OPYtugGpbNer/xZssPZ31x+B10Q3RAss685EL4bD/vcMTL:FjqN1NZF1OAtugM6vZYRAZiyD/vcMTL

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1756	AnyplaceControlInstall.exe
1756	AnyplaceControlInstall.exe
1756	AnyplaceControlInstall.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1756-0-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/1756-60-0x0000000000400000-0x0000000000469000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\AnyplaceControlInstall.exe
"C:\Users\Admin\AppData\Local\Temp\AnyplaceControlInstall.exe"
1⤵
- Loads dropped DLL
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4108,i,8998666007764333392,14724298544432336038,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:8
1⤵
PID:3184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Temp\1J96AC6U\AnyplaceControlInstall\plugins\0\CustomUI.dll

Filesize
345KB

MD5
0fe39de528a1afa32ed1f5f10a02aa4e

SHA1
8651305d45126ad268b498eecab7db5cae570b7c

SHA256
2ad7b88bea948708cef7dd539567686b0662692802edf0bb544594306cef7c73

SHA512
74a2f59e7d2a788dda76c2566d7c827ecde4f3b5e16191586fbcab69b04f1436e0963b8dff97fbbe383e9c580c9fffe5a9a5fe11da8ede6b8d06dcb040c09e27

Download Submit
C:\Temp\1J96AC6U\unpack.dll

Filesize
34KB

MD5
e619dbc708231336467add6b6f6ff99c

SHA1
cd9b0168d3d8259709098edea0d83834d580fbfb

SHA256
c66742cee46087844c244af84c91a464eeab5ac0fe57be6d9c7aef6daea54793

SHA512
5e5fb37db93eb11f7e0e7f5249e5733e6ecda3395ad51323d22bb1fbbf3e3b137c4554600faee5e53368426a0827add13862c3b400a7f54acbbbb2d9becfaf1e

Download Submit
memory/1756-0-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/1756-6-0x0000000000A60000-0x0000000000A87000-memory.dmp

Filesize
156KB

Download
memory/1756-56-0x0000000002F80000-0x0000000002FDD000-memory.dmp

Filesize
372KB

Download
memory/1756-60-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/1756-61-0x0000000002F80000-0x0000000002FDD000-memory.dmp

Filesize
372KB

Download
memory/1756-67-0x0000000002F80000-0x0000000002FDD000-memory.dmp

Filesize
372KB

Download