7c5b449226d2c3e8e65341baffb10b9393282d53b7f6fb164ed788ca2967bb99

Analysis

max time kernel
32s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-09-2024 23:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

antimicrox-3.4.1-Windows-AMD64.exe
Size

13.5MB
MD5

1943da99ebbe840ac89c3045fe24babb
SHA1

a4ca3555efc9b12e515403a79d7316ccb69a7377
SHA256

7c5b449226d2c3e8e65341baffb10b9393282d53b7f6fb164ed788ca2967bb99
SHA512

462aa3fb349c23f7b44b6ca049f3f96f363c8ce0596f6f18a09bf45c0087088d3c92f0a7195aeb69cce7c89cec38cb0df2d85c39a5defc017bf48c5308cc07f5
SSDEEP

196608:OZh/vKV4AhS5RX0Ooll6Vv4eCklq7CZhKNbgANGvnU8T6slsWD7PdtSX6kcFCjuh:s/9AEuzC/rLWnNAnVmW/VtQ6kjjo

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 8 IoCs

Processes:

antimicrox-3.4.1-Windows-AMD64.exe

pid	process
2416	antimicrox-3.4.1-Windows-AMD64.exe
2416	antimicrox-3.4.1-Windows-AMD64.exe
2416	antimicrox-3.4.1-Windows-AMD64.exe
2416	antimicrox-3.4.1-Windows-AMD64.exe
2416	antimicrox-3.4.1-Windows-AMD64.exe
2416	antimicrox-3.4.1-Windows-AMD64.exe
2416	antimicrox-3.4.1-Windows-AMD64.exe
2416	antimicrox-3.4.1-Windows-AMD64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 42 IoCs

Processes:

antimicrox-3.4.1-Windows-AMD64.exe

description	ioc	process
File created	C:\Program Files\AntiMicroX\bin\Qt5Core.dll	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\bin\libwinpthread-1.dll	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_de.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_uk.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_vi.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\bin\antimicrox.exe	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\bin\libssl-1_1-x64.dll	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\bin\libstdc++-6.dll	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\bin\platforms\qwindows.dll	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_ru.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_tr.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\bin\Qt5Widgets.dll	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_ja.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_ko.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_rue.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_pt.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\Uninstall.exe	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\bin\Qt5Gui.dll	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\bin\libEGL.dll	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\LICENSE_SDL_GameControllerDB	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\gamecontrollerdb.txt	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_en.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_fi.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_ca.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_fr.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_it.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_zh_CN.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\bin\libgcc_s_seh-1.dll	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_br.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_nb_NO.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_pl.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\bin\SDL2.dll	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\bin\libcrypto-1_1-x64.dll	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_es.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_fa.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_hr.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_sv.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\bin\Qt5Concurrent.dll	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\bin\Qt5Network.dll	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_pt_BR.qm	antimicrox-3.4.1-Windows-AMD64.exe
File created	C:\Program Files\AntiMicroX\share\antimicrox\translations\antimicrox_sr.qm	antimicrox-3.4.1-Windows-AMD64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\antimicrox-3.4.1-Windows-AMD64.exe
"C:\Users\Admin\AppData\Local\Temp\antimicrox-3.4.1-Windows-AMD64.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nse2D97.tmp\NSIS.InstallOptions.ini

Filesize
1KB

MD5
1478c5a8d40faf213ed27db7c67f7ec8

SHA1
7a3e685cb17e1763ef4b31e82d83ab94239f1a63

SHA256
46407f1bfdb16c8880881587001a142086bfd80316e1fc06946505885f152d21

SHA512
dd0e648d4d07769b027d908ff58d813561ecaab282cb94b91de86bfe0efe1bd2b36d48830d2cfcf239918d34c3773a7c68332562110c53c94c4954e69991ec27

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse2D97.tmp\NSIS.InstallOptions.ini

Filesize
1KB

MD5
c160f5eff3387009277a04dea7f6ca87

SHA1
39f2f75b1ff0abb13daa80a4edb166266f669e51

SHA256
a8d4a831cd40671d870cfe1776e968f0060486462960d45683808d0623784a5d

SHA512
4c751af4a73dd16c742fa4010dbef1c833b71e2c3a0378b8891ba29dde5e1f6245c01bf2721108a6134fae71693b2079e307d9539fff9579865aca3ac039bdc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse2D97.tmp\NSIS.InstallOptions.ini

Filesize
1KB

MD5
c723a3e2e56e129ad66a65676bc92b75

SHA1
8df04124759d562d7b33309ed9adb93cc2d31f0b

SHA256
bca217e217f970c95058328e1c6a0a168760bccf97b066edba083f2a9772969b

SHA512
23b39e297e6760e6eb41b8984d668ea6be0e2149be6e7e7d85e474004ad5d8d39a37520d83c7692464efc325c0572b38fbdb0fe9cab113ecb4078992d5910f94

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse2D97.tmp\ioSpecial.ini

Filesize
1KB

MD5
4ec42f3b5438ea029df2cc352760e938

SHA1
52d629655ba02195dddd3503cad5304209d4f8f5

SHA256
795c269cc1e9ada44b9658529da62a66bc64b2dfca88edeeba58ce56662d7778

SHA512
377a2fe0848dc34d40fe6e48dd661df8027fb9f1158ee7f64401c1066b7ffb81ffedd695029fb3b7bb999ee8075cf7cad8c3676260ecbf8be9a4fd5cb84b0d0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse2D97.tmp\ioSpecial.ini

Filesize
1KB

MD5
c6afa86d7ef7bf6ff063679665ded211

SHA1
b52cf57adc209e4a11fc2787691bdfca912083f0

SHA256
cc54fd36706834b0a9628d60923e6fb24d6242396507c52d24af454182ed3a6c

SHA512
887e80fc41b7df17bde67645f407a41826b4e0ee491ab992a7be6cd2a29d57fb8cc63ff885f13a635e71920f267ea7f43ff68946d91b6e953af0a8b5c88f7763

Download Submit
\Program Files\AntiMicroX\Uninstall.exe

Filesize
435KB

MD5
52d37cce3d790de4dd62847db58f9b01

SHA1
e96b9e41700adb4baa2168f5ced4aea2a05b75cf

SHA256
c4c0d1c7d60100725f3a642a1b5768409bc34eee24cad9aafacd770676da9f53

SHA512
2e124c35e5924bf20f0bd5eea0a366103021d113c5208205550609e6bb070cdc73d3eb0e3498e3c779a0949b0765ab378cfdeae247e90cefe9e01dfeaf8eaa01

Download Submit
\Users\Admin\AppData\Local\Temp\nse2D97.tmp\InstallOptions.dll

Filesize
30KB

MD5
a7d3a18ddc6206b7d980a40700ea6619

SHA1
2da1598e44a0d7541c236d678bfffb28de805c08

SHA256
c555c346cc1f80ff0cb9aeaab8875a10c15ea4e5cf445a0f1597363fcf686924

SHA512
53bffcd80bf3b8da2c1576b57bf4f993abed8a8c45f3831db4a983f05651bb6c22678b903e0c66fe2bc303fa2c8ef9b333826a998e0bf96719e4914c62efa374

Download Submit
\Users\Admin\AppData\Local\Temp\nse2D97.tmp\StartMenu.dll

Filesize
11KB

MD5
65c301d9a85f4342cdef7fedeabafd5d

SHA1
10606ffc00f2400fb2f52d404b30115cb33137e9

SHA256
48765294aa273ec2fd55cc5f9301e138b4d56a9f6d00fcf24473788e64b52bfd

SHA512
0dcdd78d8f472168614200900afd479a60106c94deda18c9999c32b1af497c32d9fd41f6039d94bfa28855121e61fb4031e4464b2f074d9fb7024f5f74950efd

Download Submit
\Users\Admin\AppData\Local\Temp\nse2D97.tmp\System.dll

Filesize
25KB

MD5
46de30b73f6fa1d4ef62ba7b169e0191

SHA1
59850382f1f5f30c840f502d8fc5fc228df33d6d

SHA256
322e35bcdd0dd61cad8810bb446c425d8b91ceeba897b13fa0f50f1f48f88056

SHA512
2e51a23297bbe74bb1b1ecc5a7257c546ea43d864e0691a437577431d022f6be5e653dc1ce186698095833245c869bb769c7088ece85851f539b9b763b2cef70

Download Submit
\Users\Admin\AppData\Local\Temp\nse2D97.tmp\UserInfo.dll

Filesize
7KB

MD5
5df25c042bdda748d1f396b4fe070ede

SHA1
e470ebe89bd49373f4175b5cf796c49ca1ee9a4e

SHA256
c9dd715d31c8cdf763f5edc92b8228df617bc528d7f558d6e531434c62a4b37b

SHA512
29bfd4d17200286bb84b9956f21f43aa8ae470870835064d60f2de2ef535535115c17a7bce75935518c0aec18db4bde700740d4b7227ba18a34ac57bbaa4657f

Download Submit
memory/2416-216-0x000007FEFBC40000-0x000007FEFBC4D000-memory.dmp

Filesize
52KB

Download
memory/2416-215-0x000007FEF7E80000-0x000007FEF7E94000-memory.dmp

Filesize
80KB

Download
memory/2416-214-0x0000000140000000-0x0000000140184000-memory.dmp

Filesize
1.5MB

Download
memory/2416-99-0x0000000140000000-0x0000000140184000-memory.dmp

Filesize
1.5MB

Download
memory/2416-100-0x000007FEF7E80000-0x000007FEF7E94000-memory.dmp

Filesize
80KB

Download
memory/2416-354-0x0000000140000000-0x0000000140184000-memory.dmp

Filesize
1.5MB

Download