Resubmissions
15-09-2024 23:12
240915-27aqvsxhjq 815-09-2024 23:02
240915-21efgaxake 815-09-2024 22:58
240915-2xypyaxdkj 315-09-2024 22:56
240915-2wn44sxcpk 315-09-2024 22:43
240915-2np2fawhpr 315-09-2024 22:42
240915-2m3k5swhmk 1015-09-2024 22:33
240915-2gqdmawbja 815-09-2024 22:27
240915-2de4gswekk 715-09-2024 22:15
240915-16esravenh 10Analysis
-
max time kernel
1793s -
max time network
1454s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
15-09-2024 22:42
General
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Antivirus Platinum/[email protected]
-
Size
739KB
-
MD5
382430dd7eae8945921b7feab37ed36b
-
SHA1
c95ddaebe2ae8fbcb361f3bf080d95a7bb5bf128
-
SHA256
70e5e902d0ac7534838b743c899f484fe10766aefacc6df697219387a8e3d06b
-
SHA512
26abc02bde77f0b94613edc32e0843ac71a0a8f3d8ba01cb94a42c047d0be7befef52a81984e9a0fa867400082a8905e7a63aaaf85fa32a03d27f7bc6a548c3b
-
SSDEEP
12288:kUWA3AheuswygKEOKlC0DaWL8ldxj1UT1fzosC2kyINJATi1v2yUQpf84i:kUWqistgKErL8P6VzosCfE6TNpf8D
Malware Config
Signatures
-
Windows security bypass 2 TTPs 3 IoCs
-
Disables RegEdit via registry modification 1 IoCs
-
Executes dropped EXE 2 IoCs
-
UPX packed file 7 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification 2 TTPs 3 IoCs
-
Drops file in Windows directory 10 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 3 IoCs
-
Modifies Internet Explorer start page 1 TTPs 2 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 33 IoCs
-
System policy modification 1 TTPs 4 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Antivirus Platinum\[email protected]"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Antivirus Platinum\[email protected]"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\302746537.exe"C:\WINDOWS\302746537.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\AAFF.tmp\302746537.bat" "3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s c:\windows\comctl32.ocx4⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s c:\windows\mscomctl.ocx4⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
\??\c:\windows\antivirus-platinum.exec:\windows\antivirus-platinum.exe4⤵
- Windows security bypass
- Disables RegEdit via registry modification
- Executes dropped EXE
- Windows security modification
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Windows\SysWOW64\attrib.exeattrib +h c:\windows\antivirus-platinum.exe4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
348B
MD57d8beb22dfcfacbbc2609f88a41c1458
SHA152ec2b10489736b963d39a9f84b66bafbf15685f
SHA2564aa9ed4b38514f117e6e4f326cb0a1be7f7b96199e21305e2bd6dce289d7baa2
SHA512a26cf9168cf7450435a9fe8942445511f6fda1087db52bd73e335d6f5b544fc892999019d9291d9dcc60c3656de49688f6d63282c97706e2db286f988e44fd94
-
Filesize
22KB
MD58703ff2e53c6fd3bc91294ef9204baca
SHA13dbb8f7f5dfe6b235486ab867a2844b1c2143733
SHA2563028a2b0e95143a4caa9bcd6ae794958e7469a20c6e673da067958cbf4310035
SHA512d5eb8a07457a78f9acd0f81d2f58bbf64b52183318b87c353a590cd2a3ac3a6ec9c1452bd52306c7cf99f19b6a897b16ceb8289a7d008c5ce3b07eda9b871204
-
Filesize
9KB
MD5cd1800322ccfc425014a8394b01a4b3d
SHA1171073975effde1c712dfd86309457fd457aed33
SHA2568115de4ad0b7e589852f521eb4260c127f8afeaa3b0021bfc98e4928a4929ac0
SHA51292c22c025fd3a61979fa718bf2e89a86e51bf7e69c421a9534fbf9c2d5b23b7a9224d0e9f3e0501992038837015214d1ef73b532a68b7d19de559c9ab9c6e5f6
-
Filesize
595KB
MD5821511549e2aaf29889c7b812674d59b
SHA13b2fd80f634a3d62277e0508bedca9aae0c5a0d6
SHA256f59cdf89f0f522ce3662e09fa847bca9b277b006c415dcc0029b416c347db9c4
SHA5128b2e805b916e5fbfcccb0f4189372aea006789b3847b51018075187135e9b5db9098f704c1932623f356db0ee327e1539a9bf3729947e92844a26db46555e8cd
-
Filesize
1.0MB
MD5714cf24fc19a20ae0dc701b48ded2cf6
SHA1d904d2fa7639c38ffb6e69f1ef779ca1001b8c18
SHA25609f126e65d90026c3f659ff41b1287671b8cc1aa16240fc75dae91079a6b9712
SHA512d375fd9b509e58c43355263753634368fa711f02a2235f31f7fa420d1ff77504d9a29bb70ae31c87671d50bd75d6b459379a1550907fbe5c37c60da835c60bc1
-
Filesize
24KB
-
Filesize
64KB
-
Filesize
52KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
52KB
-
Filesize
52KB