Malware Analysis Report

2025-08-10 21:19

Sample ID 241031-mjzmraxakn
Target 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f
SHA256 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f
Tags
discovery evasion trojan
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f

Threat Level: Shows suspicious behavior

The file 5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion trojan

Checks whether UAC is enabled

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Modifies Internet Explorer settings

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-31 10:30

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-31 10:30

Reported

2024-10-31 10:33

Platform

win7-20240903-en

Max time kernel

121s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe"

Signatures

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000c559c88889a78271ad3819940c1acad83f560006ae454f4b9a971b758b8dc926000000000e8000000002000020000000707027e2e8a6882528d09b0857ed9704c551e429ff13020fa8ec258f04ea5442900000003dc63d086d8a6c69852bdd7891fc6e3516c0a88e99ec1863a7360d969d6f5c17798d41ce755e1fcfb5d444e6dff9f7493df28fff5a1f169a8fd3971409442c0fc7b5d3d62c263792992db5e0fa915013dcb353911c0b1f26824a33af3efb31b4833067e1fa7bc07e534e8e8843a20bdbbb42c1106ab7698f03e0548ccc17e17510c5db13d9a85ed94097c5cc56a7ffbf4000000032e7fc4b711af3d2a9ced6fc1a77030fc47b8f98cb3157419fe5a49f3752bbc235faa9d5147748b7124d1ef571d0e6728bbc1da07438504715356939069e2485 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2DD87381-9773-11EF-8B74-7694D31B45CA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436532510" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30799e02802bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000bd81c027a8455028193d78f2a6a1e525b25a5996b482992b85282ba3759e253d000000000e8000000002000020000000d235cf1ad3c392f7cfccd41f98b63e582818784c85ab3c4d716133c9f51ca1f620000000ad21ef755dc18dc160807e7e414778753081b42e20130dac6f7d8529a714555b4000000008cd3cf26a55ef832458d876d7156ae4d3a9c30639e98bc68de291102ac9b50dcd1a86d727f8e0c7f52df4c29831fc441e545287d90cbed022c6a671547d9b24 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe

"C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://buy-download.norton.com/downloads/2024/22.24.7/DSPN360/US/DSP-N360-ESD-22.24.7.8-EN.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1472 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 stats.norton.com udp
US 52.188.144.172:443 stats.norton.com tcp
US 8.8.8.8:53 stats.norton.com udp
US 52.188.144.172:443 stats.norton.com tcp
US 8.8.8.8:53 faults.norton.com udp
US 172.172.227.142:443 faults.norton.com tcp
US 8.8.8.8:53 buy-download.norton.com udp
GB 184.26.56.35:443 buy-download.norton.com tcp
GB 184.26.56.35:443 buy-download.norton.com tcp
GB 184.26.56.35:443 buy-download.norton.com tcp
GB 184.26.56.35:443 buy-download.norton.com tcp
GB 184.26.56.35:443 buy-download.norton.com tcp
GB 184.26.56.35:443 buy-download.norton.com tcp
GB 184.26.56.35:443 buy-download.norton.com tcp
GB 184.26.56.35:443 buy-download.norton.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI

MD5 49a01e95742ca14b639c32e4529e0897
SHA1 b37e6bd7a17f7bc2721327c4301aebaad2886abf
SHA256 479050b0a74a09f1d725b83a42a81d2adf22e46f2ce060efbdc80f9ff4ae1bd7
SHA512 18c7b20fa50c68f2bc1679cd260b6867bf02b5dd95b42ac82f57094feca46751025706fad9e681c06e05a62554d5899355c2ab68db20ad208bc846125a598ca8

memory/2780-9-0x0000000000380000-0x0000000000381000-memory.dmp

C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

MD5 1452a63e958b526a1bd2aded17944609
SHA1 de4cc6596c36a6311d14b87ce188da915f8066c7
SHA256 385abfeddeca5cde3a87d18047f86210bf80a5944cb71b6373af74139eca90da
SHA512 12335731547ef84fc0702c767c2c88e2dbc757e8da8c5979be92a8eaa60dc974c5253dbd8bc8188d6b5b304f1a2073b9478c83a1d7077644f80586fffacbe3c5

C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

MD5 2dd6ea665f708cc8829f8c3e04f0d3de
SHA1 a785ef79beaa8b448a671b09cd05b5f31920854e
SHA256 6d81afb978b81625b6a4eabfd6f86d3cc47c4daf6d0c3c42335fbce45173ec91
SHA512 db8933102a80af23123555ab37c49678c6e4bd3bb4d3698263e0ae9159527f4e6919d5384c9c779a49bfbc7f2e44ae3f8d08e977a6ec2cde5d4ecf76a2fa6200

memory/2780-59-0x0000000000380000-0x0000000000381000-memory.dmp

C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

MD5 6f04250419ba6545da18a28e601c12d6
SHA1 be8836144487ec6062733f3032d55ba3fb6bc94b
SHA256 a307200e980dd7054127b612bc2cba707ddcb58bf5f670610e33e554961c3eb7
SHA512 92c18793f53867eb76b3fa948909864277a3f65b5085aab7f2b7f3512ceaf87560a4468c7d28cd25f468c46a34928055fb145aeda1c4906e681c9150f05140ea

C:\Users\Admin\AppData\Local\Temp\Cab3F16.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3FB5.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2424fe44ec8a895179b2545f969ae31b
SHA1 36d5460ad5615141693b2c2dab5fe11500dfadd8
SHA256 cc2e0658a69228c6a10e321a9dcc71f7614b751fda7d5976689f1a498c446dbd
SHA512 625282b70907a8fe1933aa35b7e9c18a1b69be85ef1a739d3d417e959527cbd60d05fcba9184b91da513e9e947af7b310827cb10669f99d609e23d431d16f94d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c13c296608ef767275fb1cbe59fcc3f7
SHA1 f32f8e88344e53302267598aa9a99fd41f126a39
SHA256 2cdc16a48d9c45a5dd45d01f9cf12c63614cc2494548bbad62c9e1eb85178830
SHA512 f47f65c27b582b98b8ef2ef4bc143a2fbae9907c701654ff08402847e3cbdd4c769714c2110e7406e7551658835180e2ca213ed46e783790010012147a2302cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d21b1d9a85a109d572389a55a54ca339
SHA1 d505c1364e892cb7450ec2aa88ad311c97e99887
SHA256 13963a23cd86fccd053a498ce7f772e42c448e1e07bdfe24272386303075cc2c
SHA512 609eb46cd3f37d795e1f0d217fcd959bae368dc6f167e8ad99415561815f184472a0cb925eaf05f98036f08334e23dd1c9ff48438c9157e55d934ca79c760f9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b1fe3e4be8be234c2e3522df53f377a
SHA1 ccc3aaea65160fe1127dc62293c2cc1c8edb6a9f
SHA256 21c3f50a43e574ff993ff4ad9bcbe4cd663f13a38065abc6c72c1517379bab69
SHA512 fadb9a7822a54913b27bd95d58eee5296a7b823260d172291f2cf75183e90e26118f32854f68e1e7165e3f7a06dfd1f2189e2addcb6a7d5a43c3e28d17ea2498

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eeaccca8cd054f0131208d6014bc4d73
SHA1 2ef4707a93221754e49267e79f245775900e1c12
SHA256 9e33169ce3116c855f7443a95dff0b192f96ef7fae7e79876c76219ce99e458e
SHA512 d87d1e37ee869731e84a1495d03c265c46384aff3aaa8450806720babbdf50969ef9ec245364eb40c722f8de8e55aa162badf0b88f0ca49438209a104059b735

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b8e61ea370266ea145ef86a17f6eb62
SHA1 044f762a2270ade8974761ba2f6b2ad01d732874
SHA256 404df5a9f08d82072c9c148c86391e6a471b5052ca785dbfb97cecdb4e48a64b
SHA512 e61c5b71431d476f02c7af5b8bccbcf2d124b7e51405e53764a6200f5cfaccd86ff4c0c17820e8f1dc1a456648808dbbb777039ab4181d87cac2feedff602f91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 706436f59c592d8f16303b94b2fb3d0e
SHA1 5baf4ad431b34af150ea9b5b696ead1e21959a32
SHA256 4a23e0fd5f8d462100ff3689abf573fa182752a94534a2663e8e7ac52a813be6
SHA512 ef732ec298f27ad30a8d58fd90f188fe0a49ccf826e1649289a2a09d7b913908319e42daa8477cea6d02eced7b8f6e6d511e365f473811ffae996339fbcca870

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43ca9e9f05befa8a63ecca5c4b5dbaa6
SHA1 b336883eb0a9ef28eb343622deae493d1a401278
SHA256 098b84f5ac1bc49a10d770fa2dd7842418aa281aa59d0b2b03c12aeb4d3cbea8
SHA512 809b92a855d9184c58aa015ce5ab70c77b4bd13ff5868a7d26ce9c97fa316238fac4c4abd9fb1964b041744efe7cee11064426b7761aa5c8bf95f9ae181632b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b291bc67343261751bef4e94b3ae6ced
SHA1 4661600c4b570f350037d062dd8b5117f484b68f
SHA256 17a4e0c1c59d14a6c0a60ccf73d12c67987ecdb36321758cb64d683b42193ec5
SHA512 039d88c53d3833b55db55e9d677ef1e7f6310b3c0742cd7d3a2b81ac6146f112197368e8dabb6832e9a03e33da18ba971eede8399f59c989ab23380206ab9307

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9b4a20ce4e0e46c30e8632e78fd60c7
SHA1 07266060ebe70b7d426ac06ed30e3dcfcd7250db
SHA256 98df03e5b9d143a70d46ea50ef4976e09150983493a55fbb457252967c65d784
SHA512 d737f3007c8d88599bc72b0e7f6e824fb5111f191275ed5b954be5ea44325859dadb4888aa75d364ce1d18eb3228afd6f86eb7fe4db7e49b20278850697418fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bf1f130e08fb6a421b91412fc92747a
SHA1 4d27c016a5096620627cce95f5980bef19e20d5c
SHA256 0934716e24ab7cecd92669babcde75391d7b3504b0068a03fab202f862fcd24b
SHA512 f772ec5125fe1b5680b220bf0d48954412189b3a89ee12b1bdf01e4a953adf153624b15747614164049a2b3b54bc19a6dadbb48515566db27c57598239b3bc08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7a45028260e315886ef5e87b4497bfd
SHA1 090327989b97057f4ee1616f88e19b988b6c072e
SHA256 7316868e90c00e5e4149851c70a4adc1fb9e5355b1ccc259a683ddc34fe8d3bd
SHA512 c1b4a43184b618774b06525bedd3342b6f861ab3d8cfe5d3da6727cc5db68fe640e130497d025c241ef8b4fc6619e5d5c5fa7a19e4bba23f7d9eb1038e8c7628

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4eee39efa75dadd7336a7966dd7c6770
SHA1 ef44e26057fe9e0ad9efdf57e337c33bb873f142
SHA256 f19c367e6a1f308309dd0ee438016b11dd61c4b3b11092c5bf7c6186f36b8186
SHA512 7228f19ca00be3f9081ca9fdd49fc53d96f8a68e0b0dd68b2cd96525d60ded0d0d666027a973b3fc2ee1e618504192bf39c8416386e0a60ec769fdfed175ee7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d18cb48cbdbd00f0ef8c018a531ed0d4
SHA1 367a3172031ff6c5354c9ba6d64649f4b5cbcb18
SHA256 49bc1926c94948774bf8ca208193aec066c544c9b35849ee0151f1e751d65c86
SHA512 a74b7784f1c8ba72c1f2cd274c36183fdc5e258251e95fa17e20e19e3c2693ca14e835f18b98b098680b5183246a4db13b698409520eafbc0bc194ad191bbbb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c34a2e7653ebf0f95e9e385f1b68c06b
SHA1 e47f309d648ed459b7f5ec266e614483520290d1
SHA256 9c1eb63ed91185a86a4aa9b52153b6a4f77ab9a57a71a58f399fc7bc9002b5d0
SHA512 c4d1a3b654661b44b48ce69bbd58c96bc0eefb10dbe166b7f8d2cd46633cc267431baf36db8f61663c421f6bce8f5cc9a54926b9adee541feb07c411f2cc499e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 839d1ca5c2e0227dfe904bf7a72833ca
SHA1 08925b87e9ef63ffc871108fea6ea501f97a36fa
SHA256 e8248ddc72981ed06d60424f34b50ba72f2831a7134acdb93cd741f24fe68848
SHA512 4cd778a70e65724e9675aa84861ce84e94e29e2d7935044570043338721f3d77383eabd84f1636fee5c1bdbe4c5976f7c9a01418a8cd0e291889cbc1f79cb517

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a34d3fcc53c2bc4d97b55f98df88e99
SHA1 aa3bba809f54d00e94bd53757f2e1a38f2733235
SHA256 828b0f283b80e7edd0d5004b2e9cd9ff5130c8588fb93d812928280a77a73193
SHA512 2fc6fd95cba705c82a655664d3abb90499d30b3bcf1b5105f0303ef7a51adbe57548eaa7324f3665bbd27b78b681178538e7cc47b9c28ef9d6f361b34f00b747

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6099245321e3a2573ec8ef2cdddd339a
SHA1 178f5eb21335c118d620626f0b996652b56486f3
SHA256 5601e875d29f4775e81bb59652e0714e53c9c3ced32c655de59bb2984a01ff60
SHA512 fc47db137dd75649ac0ec2ce1aeac170bd637cbc5e2715fd6b6f1cb6b7e86dab46dd41600f27d340699cb3bae26e9d1043a62d1bb0e6966927fa69d2cd95e64e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b35b697b3b371acba3a4aa313186352c
SHA1 6173099c0f0bf272cfa0d09f300a7f2eb3998231
SHA256 96717d58b5e0556ce489834fa5c2263e4c8aafe25c6800f3f43f0a314e20d789
SHA512 002a3df6bf85209ec5b06f4da4662151739bbc8cde183ca0bc88415296d935e3ae375fad57b6820c38ce4c69f6d8f758311b5f7e4aa69582a7835338c6501aa1

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-31 10:30

Reported

2024-10-31 10:33

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe"

Signatures

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe

"C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 stats.norton.com udp
US 52.188.144.172:443 stats.norton.com tcp
US 52.188.144.172:443 stats.norton.com tcp
US 8.8.8.8:53 172.144.188.52.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 faults.norton.com udp
US 13.93.204.83:443 faults.norton.com tcp
US 8.8.8.8:53 83.204.93.13.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI

MD5 416c504e9f565b64b7bdb2ad198ba1eb
SHA1 942abed73a96ece8a10d0334e14ee8fdc8e5ab66
SHA256 bee0dfaa86fc681f644cc13cefc13bafb2f45d2b1335551daf241d1116ea8017
SHA512 96b8b076a7834c6a4d694dcdada571ead85d72e0d0407a9afd6afcf83012d0f0b3b24ca7f299ac703d19d4cd06a5f42f31a70d8e65efd6fe3dbbff3a98c6d906

C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

MD5 02d48089875ce7c3d9d2b05aada3ab74
SHA1 18f39d1ce32c30b04702dad9f78971e1f53787d2
SHA256 1467aaa7880733417a7de20d0bb2bac9a7b975692a4310ce97b4272dab13fb81
SHA512 d7405a45da46b16a55db7ac17361eb2a7d4ce489989ac43c5305c362b3a76da317b81cb35842b2f52f5a15e21a035babec5b9d7be7bc96821ac9dbcf34de5ea5

C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

MD5 59dc077e13ec15850799736c40afa150
SHA1 4a58fed3d91f80a50efdbb2495941648b1f0b8c4
SHA256 6e119bd9128a979e1c845c8412bab53826218a93316e5c71f72121f00629224a
SHA512 7a7726290768c005ef18bfa5d37d61a774886b8ad8b1aed3b46ef0f36d1b68de1e13aa50582ca0683ce8c4354c2c3667583ee6b10ec3c06f585687624fb4387c

C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

MD5 f5c9bc87f394fc20de455ab1ff967c91
SHA1 0bc9e6229b4e76381b80bad9abf987ecbdaa4975
SHA256 9985b68d73f60ee1e6a3263029c283ee46ba10de02a170cbeeb5923f1f4a44a0
SHA512 99d795def0ed728757e5c55499ba67327ccd381820a4c623ca35a34390433cc35b562ea371fae4391e7a9426008f9578a606407c7c314b819b3e4879ccdfd2a6