Overview

overview

10

Static

static

10

NeverLoseCrack.exe

windows7-x64

7

NeverLoseCrack.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    23s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2024 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NeverLoseCrack.exe

  • Size

    7.5MB

  • MD5

    bd6cc5683c249bf454adedb3275dc4de

  • SHA1

    e3de1872524a0a7223673b98af03e57dff30e497

  • SHA256

    c17240a975134899ea29f3bb84e4d98464571d4f052a42c968d5d379ec8941e8

  • SHA512

    8f51d3a7b769f966bb39bae5a09f78b8fc8755fd339578aa7adcd723241b2042bd6b63198ba4d1e0d63423bcf4f67e4c009ac1b2b8298b8f02fc523df09747e5

  • SSDEEP

    196608:i6unqZ3wfI9jUC2XMvH8zPjweaBpZ0cX2ooccXK7oSi:AhIH2XgHq+jq93Yov

Score
7/10
discoveryupx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack.exe
    "C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack.exe
      "C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack.exe"
      2⤵
      • Loads dropped DLL
      PID:2416
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1648 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2616
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\PushReset.au3
    1⤵
    • Modifies registry class
    PID:2960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI20242\python312.dll
    Filesize

    1.7MB

    MD5

    2996cbf9598eb07a64d66d4c3aba4b10

    SHA1

    ac176ab53cdef472770d27a38db5bd6eb71a5627

    SHA256

    feba57a74856dedb9d9734d12c640ca7f808ead2db1e76a0f2bcf1e4561cd03f

    SHA512

    667e117683d94ae13e15168c477800f1cd8d840e316890ec6f41a6e4cefd608536655f3f6d7065c51c6b1b8e60dd19aa44da3f9e8a70b94161fd7dc3abf5726c

    Download Submit

  • memory/2416-23-0x000007FEF5B50000-0x000007FEF6212000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/2416-48-0x000007FEF5B50000-0x000007FEF6212000-memory.dmp

    Filesize

    6.8MB

    Download