Overview
overview
10Static
static
10Crypto Rip...in.dll
windows7-x64
1Crypto Rip...in.dll
windows10-2004-x64
1Crypto Rip...or.chm
windows7-x64
1Crypto Rip...or.chm
windows10-2004-x64
1Crypto Rip...or.exe
windows7-x64
7Crypto Rip...or.exe
windows10-2004-x64
7Crypto Rip...ce.asp
windows7-x64
3Crypto Rip...ce.asp
windows10-2004-x64
3Crypto Rip...ce.vbs
windows7-x64
1Crypto Rip...ce.vbs
windows10-2004-x64
1Crypto Rip...My.vbs
windows7-x64
1Crypto Rip...My.vbs
windows10-2004-x64
1Crypto Rip...ce.asp
windows7-x64
3Crypto Rip...ce.asp
windows10-2004-x64
3Crypto Rip...SL.dll
windows7-x64
1Crypto Rip...SL.dll
windows10-2004-x64
1Crypto Rip...ng.dll
windows7-x64
1Crypto Rip...ng.dll
windows10-2004-x64
1Crypto Rip...ce.dll
windows7-x64
1Crypto Rip...ce.dll
windows10-2004-x64
1Crypto Rip...or.dll
windows7-x64
1Crypto Rip...or.dll
windows10-2004-x64
1Crypto Rip...ks.dll
windows7-x64
1Crypto Rip...ks.dll
windows10-2004-x64
1Crypto Rip...on.dll
windows7-x64
1Crypto Rip...on.dll
windows10-2004-x64
1Crypto Rip...Da.vbs
windows7-x64
1Crypto Rip...Da.vbs
windows10-2004-x64
1Crypto Rip...Da.vbs
windows7-x64
1Crypto Rip...Da.vbs
windows10-2004-x64
1Crypto Rip...es.vbs
windows7-x64
1Crypto Rip...es.vbs
windows10-2004-x64
1Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
23-11-2024 16:59
Behavioral task
behavioral1
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/COAddin.dll
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/COAddin.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/CryptoObfuscator.chm
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/CryptoObfuscator.chm
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/CryptoObfuscator.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/CryptoObfuscator.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/ExceptionReportingServiceCS/Service.asp
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/ExceptionReportingServiceCS/Service.asp
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/ExceptionReportingServiceVB/ExceptionReportingService.vbs
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/ExceptionReportingServiceVB/ExceptionReportingService.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/ExceptionReportingServiceVB/My Project/My.vbs
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/ExceptionReportingServiceVB/My Project/My.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/ExceptionReportingServiceVB/Service.asp
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/ExceptionReportingServiceVB/Service.asp
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/LogicNP.CryptoObfuscator.ExceptionReporting.SL.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/LogicNP.CryptoObfuscator.ExceptionReporting.SL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/LogicNP.CryptoObfuscator.ExceptionReporting.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/LogicNP.CryptoObfuscator.ExceptionReporting.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/LogicNP.CryptoObfuscator.ExceptionReportingService.dll
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/LogicNP.CryptoObfuscator.ExceptionReportingService.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/LogicNP.Deobfuscator.dll
Resource
win7-20241023-en
Behavioral task
behavioral22
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/LogicNP.Deobfuscator.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/LogicNP.NAntCryptoObfucatorTasks.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/LogicNP.NAntCryptoObfucatorTasks.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/MSBuildIntegration.dll
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/MSBuildIntegration.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/Samples/ExceptionReporting/C#/AddCustomDa.vbs
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/Samples/ExceptionReporting/C#/AddCustomDa.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/Samples/ExceptionReporting/C#/AddCustomDa.vbs
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/Samples/ExceptionReporting/C#/AddCustomDa.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/Samples/ExceptionReporting/C#/AttachFiles.vbs
Resource
win7-20241010-en
Behavioral task
behavioral32
Sample
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/Samples/ExceptionReporting/C#/AttachFiles.vbs
Resource
win10v2004-20241007-en
General
-
Target
Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/CryptoObfuscator.chm
-
Size
812KB
-
MD5
a444d1418acc12ef2828a1f70e93f6ff
-
SHA1
b73bb3fc0fa75038f1d10f8f29a95d88d1d5edb8
-
SHA256
a1f64fa4835b87a6eded7d46944278f7f9a5455a9eae5b314890afedbcc24119
-
SHA512
5198ba91e782f0ad52deb46950680bff36a1e6a922d49bee0b55fd82e32f0cb3068eceb3550a00435a566c30b30151829cb8cc034efda9419f9245f8c658e2b4
-
SSDEEP
24576:ZXH0fRSDIUpZru/nd+XKDPSr/WjzjpOgG+ae:ZkfRoZru/nAXKjWGXpOx+ae
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main hh.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1992 hh.exe 1992 hh.exe