Overview

overview

7

Static

static

3

Stardock S...ch.exe

windows11-21h2-x64

7

Stardock S...ir.exe

windows11-21h2-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Stardock_Start11_v2.0.7.4_Multilingual_x64_Downloadly.ir.rar

  • Size

    51.4MB

  • Sample

    240701-nxwnpazcrd

  • MD5

    f15c78d227840290a685d943ddb211d1

  • SHA1

    b8b4fd6ff3cd01778096fcb55016ca81e842a544

  • SHA256

    c3a47e38f4bb9fdcdd6d0d728b37c90f5b90afe5f8d062f495e043ff043d4371

  • SHA512

    e65b95aff20295e41612721e399349e33797a294f8e441f91ae4f83175afff0d20a157bbeca68201a5b064719cd64bdbdf65566c49de0e08d5a62ae0b19ef6bd

  • SSDEEP

    1572864:tua1b/tFDcbbguFcwSasfx+ZZ66sDxpUdr:tlVFDcbEu2hasfD6szO

Score
7/10
discoverypersistenceprivilege_escalationupx

Malware Config

Targets

    • Target

      Stardock Start11 v2.0.7.4 Multilingual x64/Crack/Patch.exe

    • Size

      382KB

    • MD5

      285725090ae7cf7c17264fb1d9810fe0

    • SHA1

      506efffe9f682c067e307f995c2f5e112e0b2c3c

    • SHA256

      ccbe694ce564c5c8bbcd6922693c7001dd774381ece53ca3f787ec652f32a64b

    • SHA512

      0cd3e96a8389874a324a8a045fc570f7ecb834ea4ad92219e989bcb828def28ffcce259696f39248101d8782dbf0456d12f2e0c905b3b422d1a88b99bec8f08b

    • SSDEEP

      6144:Sw2TQh2f9vGMRnCRsIUl7SEK7j2mC9Y9NXcGTJU/03ekokN9kqWWzVwoytk+3XWH:hkQhCvz+sIOU32mPcaJNWWyZ3XW

    Score
    7/10

    • Loads dropped DLL

    behavioral1

    • Target

      Stardock Start11 v2.0.7.4 Multilingual x64/Start11v2-setup_Downloadly.ir.exe

    • Size

      50.0MB

    • MD5

      5e9f7801853ddcac8f76e5e601f50a57

    • SHA1

      7224b37537b0d77b85e104fac7a9a244b1356120

    • SHA256

      5185aa53dffc0d7cda93c528b42f4c40cfb4e6a46197f9bf6cdeff07bd344be1

    • SHA512

      70092cdbf530c641e4f5b9833abd4c37cdf068c5769e78e9bbcf3e2561744970f0283174bb3d2a3dfd079dae7dc9467bf0f33c198085b3213e5f63951c3e192b

    • SSDEEP

      1572864:cxftmqJM7A9Ey/Hrhj1Po1DhW7bs5tbbsOH4PBB:ch67wh/HrhjFUW/IbCB

    Score
    7/10
    discoverypersistenceprivilege_escalationupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks