3da951c56a2b1a30bc04ab13d354d0790f97bfdb336e481e7f9af3d165ffdeb3 | Triage

Sharing

General

Target

winxvideo-ai-gv.exe
Size

146.5MB
Sample

240814-aah77asapc
MD5

b7cfb124699f5e04fb78c1dbe534fed3
SHA1

2e332cf42988591630a5c333df77837ec835aa64
SHA256

3da951c56a2b1a30bc04ab13d354d0790f97bfdb336e481e7f9af3d165ffdeb3
SHA512

7def8fcdfe2ba0fcf247f95b66720f3d3795f3c7448d2f1f8940aa9a39c493b45cefd017e40ca44eafdbd106906568dd1215db7cce9d34917f6ff1472f0b7a29
SSDEEP

3145728:vCV7iRpt7uXuWIjpjR6Q8tjtgH51CfTKfYxDOuXjjzyiOD:v5d4uWIjpz8t+Z4fTKfYxnjjmiOD

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  winxvideo-ai-gv.exe
- Size
  
  146.5MB
- MD5
  
  b7cfb124699f5e04fb78c1dbe534fed3
- SHA1
  
  2e332cf42988591630a5c333df77837ec835aa64
- SHA256
  
  3da951c56a2b1a30bc04ab13d354d0790f97bfdb336e481e7f9af3d165ffdeb3
- SHA512
  
  7def8fcdfe2ba0fcf247f95b66720f3d3795f3c7448d2f1f8940aa9a39c493b45cefd017e40ca44eafdbd106906568dd1215db7cce9d34917f6ff1472f0b7a29
- SSDEEP
  
  3145728:vCV7iRpt7uXuWIjpjR6Q8tjtgH51CfTKfYxDOuXjjzyiOD:v5d4uWIjpz8t+Z4fTKfYxnjjmiOD
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/BgWorker.dll
- Size
  
  2KB
- MD5
  
  33ec04738007e665059cf40bc0f0c22b
- SHA1
  
  4196759a922e333d9b17bda5369f14c33cd5e3bc
- SHA256
  
  50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be
- SHA512
  
  2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/license_videoproc.rtf
- Size
  
  4KB
- MD5
  
  fb2bb708ab8757206d2f987ead469820
- SHA1
  
  4a158ccc1497299353734ad168904b55aaee5f81
- SHA256
  
  6229fe87351598dbe7eec751749fcc7e82ba3c7d16a60a9a5e80b3aee010c6fd
- SHA512
  
  4f8cf7a07a5b0b0184a4dbbfc1c5b9b3919e2e16a84311e8424433998fad8306c31da859eacc5e899b3e23135ce90591e08d59ab81c394a0a214d1e393a738d8
- SSDEEP
  
  96:Xy8LQ9B8fgKnzUPzxQ4qzgma2WHe7E5Lw0D2:C8LQ92zU7y8mBWH2Edw0D2
Score

4^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/md5dll.dll
- Size
  
  6KB
- MD5
  
  7059f133ea2316b9e7e39094a52a8c34
- SHA1
  
  ee9f1487c8152d8c42fecf2efb8ed1db68395802
- SHA256
  
  32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
- SHA512
  
  9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51
- SSDEEP
  
  96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsArray.dll
- Size
  
  12KB
- MD5
  
  da4bc09439ed21faf7620a53433aac92
- SHA1
  
  94e3347aebe16cb88b9f29f00134d9e0fb67e508
- SHA256
  
  216d68d3f0b37bb2203b3a438a84a089e8c388608f46377ad7e7d6a2709cf9b0
- SHA512
  
  920294456e8fee0c4137e4b4ba1389f09ade297d6ed49d78a9593d129dbb5eb048da2cbff7ac29687999991d5f38657cb31af73e2ccf6b8b9ce29480d4d81ec6
- SSDEEP
  
  192:LULA8tZt1pehCUVFpZ/XXz5F8qioPYtS/Z8i4NVhWp1h2ph30R:gLAe1peEUD/X1F8qiAFLhOh
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsNiuniuSkin.dll
- Size
  
  892KB
- MD5
  
  77270fd8bbc780b411eb737641e1e6cd
- SHA1
  
  3d0b9351785836e81fbd38f17d4d50e0224bce44
- SHA256
  
  562a8cb521971572445f73d9344a1984345f44d631397d0c305cf4512d2c8db1
- SHA512
  
  37cd6f15e819242fcf8a1ef8c4e4f0fb5b313aae572230b1d1c3506e4584dbe9e6dc860223d2ff104f96fdb34a082becb6df1e789e846343047dae69a1f98097
- SSDEEP
  
  24576:T9IcjGQXmnvnDy2zwK5DezNs7cQh+5LJa:8QXml5izN+3kLw
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/nsis7zU.dll
- Size
  
  313KB
- MD5
  
  06a47571ac922f82c098622b2f5f6f63
- SHA1
  
  8a581c33b7f2029c41edaad55d024fc0d2d7c427
- SHA256
  
  e4ab3064f2e094910ae80104ef9d371ccb74ebbeeed592582cf099acd83f5fe9
- SHA512
  
  04b3d18042f1faa536e1393179f412a5644d2cf691fbc14970f79df5c0594eeedb0826b495807a3243f27aaa0380423c1f975fe857f32e057309bb3f2a529a83
- SSDEEP
  
  6144:rA9ssOlBrbYr5UP4m3mC/FvBbhQ1JzI+yQKiJGxdNtsm0:r2S165UP4mL/FvBtC8zQdSDmm0
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  AMDCheck.exe
- Size
  
  206KB
- MD5
  
  aff7bf445fd6ed06874ac35417ac7b8e
- SHA1
  
  ba9f0c0bc38c6fed246337f0a81a0aec349a74df
- SHA256
  
  6b412c5d8b57c6bfb5277bf4d061c5f6d61a71f3d4b1e6cfdbec7e149639113a
- SHA512
  
  b112f8575967554fdb446806202a3df53b2b85ee849281c5262cc88dabcdee1286198a585cd91fc5005270517caf37d9a881d06bbaa352a7e93931ca57f0c126
- SSDEEP
  
  3072:TJh6N+uHrCCs6MGjEtiq75K+4oD0DSGjM9NczoY466M4wqq/jA3fq8UN:TCzrC16MGjy7ozDSibohW4w5bA3fqR
Score

1^/10
behavioral19 behavioral20
- Target
  
  AtomicParsley.exe
- Size
  
  852KB
- MD5
  
  a93883bfbf3554bef37e77f2e59da0c2
- SHA1
  
  d9c4d454caff82db55e5efcfe5b9dd63d92bb515
- SHA256
  
  f51273f94cb3a73e9fb04f8b5f4003fd07100c70fb87a6227117fda7afa29caa
- SHA512
  
  9f78a2133c3af6607906dd113342c94b9af1d01f3f6e2809ba51dcd56d7231edacec14a9de32bcd199a2b47232fd7edf3bf1c9d7ed44be7b4ec7c5039c367bc1
- SSDEEP
  
  24576:DTszM5Zh+x5B9Tul94G69zmUM5qJRJDqCuVtsFf2a5A:DwzM5ZhQ1ul94G685UIa5A
Score

1^/10
behavioral21 behavioral22
- Target
  
  D3Dcompiler_47.dll
- Size
  
  4.0MB
- MD5
  
  e3a7c7880106304bed586728b9eddd67
- SHA1
  
  83ec447319e00d5a719d9500d6790f86c40d75f6
- SHA256
  
  51d217976012c5f6e9ae67633b109dd7075319d5455e65041eb67e41f245b509
- SHA512
  
  103099f2cb16bb934fa04604f5a87fc863fc03e6c3ec44683151a0d3d5f5cff5255ef0f4ff346e6fdff5aab740e2364f9f2235dedbde05c5700b9f9f61495e09
- SSDEEP
  
  49152:sBfmqCtLI4erBYysLjG/A8McPyCD6hw16JVTW7B3EgvVlQ3LAYmyNOvGJse+aWyH:MeZevVKACOvWYQZ
Score

1^/10
behavioral23 behavioral24
- Target
  
  DgAIModules.dll
- Size
  
  34.7MB
- MD5
  
  83a9fddcba5eb7ade96f32ca7d82f975
- SHA1
  
  a60f95ac91bacd05842031b4b5c32fad12030b8d
- SHA256
  
  4c8be80d62842de5a24545000c7a30d6bf474ba76fff407da1810892d958dc68
- SHA512
  
  93496f8b5bf6f6e4d4adc6100e8119d1df5e002172a4e948b21100a16b840bd842cc055ea0861af8ab2110ec1fa53217df34905e32916b40b9ebe1a7bcfc47e2
- SSDEEP
  
  393216:CTDMOmlY947OQTMGkVVkD2om3a16Tt9cLiAUG:XY9dQTrkVVkVm3a0h2
Score

1^/10
behavioral25 behavioral26
- Target
  
  DisplayDrivers.exe
- Size
  
  296KB
- MD5
  
  37fe821cef6f0cb8957dad68dd1cd341
- SHA1
  
  485d029f2eb1bc1c30b9bf32cf1afdca835d4c18
- SHA256
  
  1932276b040da99555faa20fa9ff96facd5be68d90dfe5c86e3e27986d654385
- SHA512
  
  9253f8f52c731a900f90a29b5db96aa1078e0f66265e09dc9a25d4d446f4b1438bbf37398ffab305636989e7b2dc609f0cdfae72a1f635038dd6072886fb4987
- SSDEEP
  
  3072:MRVHbXI+ZgvM7rHZBCYwK0GVrSttQI0B4EFV4wImL4RUh1bJIjToY46AQ4/xoSmQ:MJgvM7DvC2VrOuI0B4ftKWohBRqL3i
Score

1^/10
behavioral27 behavioral28
- Target
  
  IntelCheck.exe
- Size
  
  227KB
- MD5
  
  6f415cebcc00c9f65b8bb9f4d35bf83b
- SHA1
  
  7c5148ef22875b37729c816471b18a694da6706a
- SHA256
  
  695594ccf8c578b140c0078ad198292195db869ee25f7253d5caf4548fedaa2b
- SHA512
  
  2b0caf1ba75c29895567c9e3de3eedba24226b2f92563d6d20c0fada3e75e6eab607cebf842991a03154d647a6a5e9513ce3c8b937adc057a3c9d795e80e28bd
- SSDEEP
  
  3072:Qyahqwd2QrDFlQNCbaPUlOGlZnavkAzm+XPE+tNA5R1ZtJXB9kwD0Nt9ivmD:pQd2elQNCbaPUlOoZnxutNyRltL0ge
Score

1^/10
behavioral29 behavioral30
- Target
  
  MediaInfo.dll
- Size
  
  6.1MB
- MD5
  
  f98571573aee17db62cc80206fe34134
- SHA1
  
  ca2f3c2a2dfad0f6f49afd40ac5e17863d5368da
- SHA256
  
  95f0ef1426708ee0748aec4332ef194b1842d375a31f21321f10d50c241cc4b5
- SHA512
  
  7ee4432dc3ca29220ad033c9d97a1e7e261d9ca676c552a87a9441fa691f7ab952f21093f4ccdfd8c6498935b56d8b546e3ab125d1ef43cf9af0ced4af26fbf3
- SSDEEP
  
  98304:k4fJFvi7MUuFN9uHcXEXJ2IAuOyG6ikQgwGI5Wd:k4fJFq7MUuFnu8Xa2IA/yG64a
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32