aec6c22c784989b03b7dc6c11e0bf6ab4d64e09f25823b60c1d62be551c223b4

General

Target

CryptoObfuscator.exe
Size

13.2MB
MD5

9b3604701295001c27febda4ede73773
SHA1

25ce96ee0ca0002f49b8541036568a20b1cd273d
SHA256

aec6c22c784989b03b7dc6c11e0bf6ab4d64e09f25823b60c1d62be551c223b4
SHA512

652eb8869fed99b32414e818a1be04786c003359ce6d425e56e0eb254fab0cc91b27278da2579c12300f26602e3b0d5ec3d0f905eb8adb58d6e98c57c817d2f1
SSDEEP

393216:RqaA3LtpfnVkUcmwH0hr528lRMCpYRG8:LA3Lnfnmgrs8lmAYG

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
380	CryptoObfuscator.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe
380	CryptoObfuscator.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
380	CryptoObfuscator.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
380	CryptoObfuscator.exe

C:\Users\Admin\AppData\Local\Temp\CryptoObfuscator.exe
"C:\Users\Admin\AppData\Local\Temp\CryptoObfuscator.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:380

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\SkinSoft\VisualStyler\2.4.0.0\x64\ssapihook.dll

Filesize
67KB

MD5
8b003c3f98f8d08968ac5d3c1cc90a60

SHA1
68f8d418638a81839a2ad665909916cda8efe625

SHA256
d52a9c53f510237a194211aa3dc7d0f22f80fcc0593d9d77e0827ba6681b47e9

SHA512
429e97c74b8e45a43d09618972f04ba46a8075867a631543eb7b7cbbb55a719cbe2e0412f3b63b989741e3807d733b2a6f3ecb735278adc5e734e18e297c4015

Download Submit
memory/380-21-0x00007FFD35760000-0x00007FFD35761000-memory.dmp

Filesize
4KB

Download
memory/380-2-0x00007FFD9A2E0000-0x00007FFD9ACCC000-memory.dmp

Filesize
9.9MB

Download
memory/380-3-0x000000001BF50000-0x000000001C034000-memory.dmp

Filesize
912KB

Download
memory/380-4-0x000000001C250000-0x000000001C2DE000-memory.dmp

Filesize
568KB

Download
memory/380-5-0x000000001BEC0000-0x000000001BEC8000-memory.dmp

Filesize
32KB

Download
memory/380-6-0x000000001C130000-0x000000001C232000-memory.dmp

Filesize
1.0MB

Download
memory/380-7-0x000000001C580000-0x000000001CB40000-memory.dmp

Filesize
5.8MB

Download
memory/380-8-0x000000001CB40000-0x000000001D160000-memory.dmp

Filesize
6.1MB

Download
memory/380-9-0x000000001D160000-0x000000001DBBC000-memory.dmp

Filesize
10.4MB

Download
memory/380-10-0x000000001DCC0000-0x000000001DCEE000-memory.dmp

Filesize
184KB

Download
memory/380-11-0x000000001C450000-0x000000001C458000-memory.dmp

Filesize
32KB

Download
memory/380-1-0x0000000000660000-0x000000000138C000-memory.dmp

Filesize
13.2MB

Download
memory/380-16-0x00007FFD356E0000-0x00007FFD356E1000-memory.dmp

Filesize
4KB

Download
memory/380-17-0x00007FFD356F0000-0x00007FFD356F1000-memory.dmp

Filesize
4KB

Download
memory/380-18-0x00007FFD32FD0000-0x00007FFD32FD1000-memory.dmp

Filesize
4KB

Download
memory/380-19-0x00007FFD35700000-0x00007FFD35701000-memory.dmp

Filesize
4KB

Download
memory/380-0-0x00007FFD9A2E3000-0x00007FFD9A2E4000-memory.dmp

Filesize
4KB

Download
memory/380-20-0x00007FFD35710000-0x00007FFD35711000-memory.dmp

Filesize
4KB

Download
memory/380-32-0x00007FFD30EC0000-0x00007FFD30EC1000-memory.dmp

Filesize
4KB

Download
memory/380-23-0x00007FFD356D0000-0x00007FFD356D1000-memory.dmp

Filesize
4KB

Download
memory/380-24-0x00007FFD35730000-0x00007FFD35731000-memory.dmp

Filesize
4KB

Download
memory/380-25-0x00007FFD35740000-0x00007FFD35741000-memory.dmp

Filesize
4KB

Download
memory/380-26-0x00007FFD35720000-0x00007FFD35721000-memory.dmp

Filesize
4KB

Download
memory/380-27-0x00007FFD35750000-0x00007FFD35751000-memory.dmp

Filesize
4KB

Download
memory/380-28-0x00007FFD35770000-0x00007FFD35771000-memory.dmp

Filesize
4KB

Download
memory/380-29-0x00007FFD30E80000-0x00007FFD30E81000-memory.dmp

Filesize
4KB

Download
memory/380-30-0x00007FFD30EB0000-0x00007FFD30EB1000-memory.dmp

Filesize
4KB

Download
memory/380-31-0x00007FFD30E90000-0x00007FFD30E91000-memory.dmp

Filesize
4KB

Download
memory/380-22-0x00007FFD356C0000-0x00007FFD356C1000-memory.dmp

Filesize
4KB

Download
memory/380-33-0x00007FFD9A2E0000-0x00007FFD9ACCC000-memory.dmp

Filesize
9.9MB

Download
memory/380-34-0x00007FFD9A2E0000-0x00007FFD9ACCC000-memory.dmp

Filesize
9.9MB

Download
memory/380-35-0x00007FFD9A2E3000-0x00007FFD9A2E4000-memory.dmp

Filesize
4KB

Download
memory/380-36-0x00007FFD9A2E0000-0x00007FFD9ACCC000-memory.dmp

Filesize
9.9MB

Download
memory/380-37-0x00007FFD9A2E0000-0x00007FFD9ACCC000-memory.dmp

Filesize
9.9MB

Download
memory/380-39-0x0000000020C20000-0x0000000020C40000-memory.dmp

Filesize
128KB

Download
memory/380-41-0x00007FFD9A2E0000-0x00007FFD9ACCC000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads