Overview

overview

5

Static

static

1

IP2 Proxy Manager.exe

windows7-x64

4

IP2 Proxy Manager.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20250207-en
  • resource tags

    arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2025, 11:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IP2 Proxy Manager.exe

  • Size

    27.1MB

  • MD5

    c8c166113442ddb6b00488a8d84e787c

  • SHA1

    e2b6ba39f928dbaefda99dcdb3cf96bda2ddca37

  • SHA256

    88a2c9584c1979bb10a04b53a3f80cd18f53ad23b72d85e78c8a3e2e03214c8f

  • SHA512

    525f5a77174b2616cb112a26971eca4f1c4c04ceedc85f04c5d2ae89a0c85be17438127d3fa69340710ab5eb11c58ae31bf0da6226c17b0f47b8412dca41a6d9

  • SSDEEP

    786432:cAlrb35aHXHGqy7kJxYnJMEv0YLlYw1fY9rFkAw:cMTAGqyOunGEMYL+wZY9Brw

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 2 IoCs
    defense_evasion
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IP2 Proxy Manager.exe
    "C:\Users\Admin\AppData\Local\Temp\IP2 Proxy Manager.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Users\Admin\AppData\Local\Temp\is-2LFBM.tmp\IP2 Proxy Manager.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-2LFBM.tmp\IP2 Proxy Manager.tmp" /SL5="$30150,27615360,751104,C:\Users\Admin\AppData\Local\Temp\IP2 Proxy Manager.exe"
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c taskkill /f /t /im IP2World_S5_Proxy_CP.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3032
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /f /t /im IP2World_S5_Proxy_CP.exe
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2812
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c taskkill /f /t /im IP2World_S5_Proxy.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1984
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /f /t /im IP2World_S5_Proxy.exe
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2800
      • C:\Program Files (x86)\IP2 S5 Manager\IP2World_S5_Proxy.exe
        "C:\Program Files (x86)\IP2 S5 Manager\IP2World_S5_Proxy.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\IP2 S5 Manager\QtQuick\Controls.2\designer\is-DSJUJ.tmp
    Filesize

    2KB

    MD5

    95806d0bfadf617cdb91b9baacab5429

    SHA1

    2102999ec25be88f138ea7c8fbf2a1bf4454c766

    SHA256

    07911dff4b3128de29fb83223a78878f9e972f35a596429861c7ea7956923b2d

    SHA512

    00d3b1dd1d764859249a5997ec4b2ec68fdf7c245a3ad4276a81370b2f43090f41d32de48d94307703436e661ebaf64ff96332f109b0e611b74521f28c8f8004

    Download Submit

  • C:\Program Files (x86)\IP2 S5 Manager\QtQuick\Controls.2\designer\is-U6JTG.tmp
    Filesize

    2KB

    MD5

    df7e32b0e18bd35fa8453cb1263886b9

    SHA1

    f4336c9380a7fbee4dfbc17c545b409364f7f8b3

    SHA256

    8207c603c9de51d9954302dd9df559a1df70e0a9658af62637229b5a2437eec3

    SHA512

    21d4e9b1d71c5ea9c7c66e5bacead5d4857ac109f7452d81c6d793f8843dd1d6f9194011e41259cdb9e3faecc04675a1433a2dfcbf0b758ff97cbd068fd95732

    Download Submit

  • \Program Files (x86)\IP2 S5 Manager\IP2World_S5_Proxy.exe
    Filesize

    5.5MB

    MD5

    5fc909384134c0c7e843ffec0ced305e

    SHA1

    dc2021b33f7c8423c9421447fab27445fbe442d0

    SHA256

    63c025f6751e214facd97d4b373711b1436be280ee13fc7bb694db318a6257a6

    SHA512

    cb7dc0423381ec6cf27ba9f81bc7e37c4b09e03cd1a81992650b424a36d901cd33b804cf99d61fa115b599b21762f9cfe9428c2f36abc7927d378fa364eb6808

    Download Submit

  • \Program Files (x86)\IP2 S5 Manager\api-ms-win-core-libraryloader-l1-2-0.dll
    Filesize

    11KB

    MD5

    a9116f560839df0c03be8ad704ab3351

    SHA1

    3339421f8cb623b244dda6e76ec5b6c7d987af64

    SHA256

    27078ba4e79087a5c1146f35da386ce043a3c2bbcaed04bd82645eddb6ed896d

    SHA512

    4bded31406e6de3823a72162ba72968047c48f8373b660a431415811052be622fbf5b4d2123086601440e714dabd703ff0c36ed962590c23144a2e2b00b13ffb

    Download Submit

  • \Program Files (x86)\IP2 S5 Manager\api-ms-win-core-synch-l1-2-0.dll
    Filesize

    11KB

    MD5

    d954fdca8589f4f164baf711a32516c5

    SHA1

    2a679c903ea3b54ae84c93284e8b36aecbc5c31d

    SHA256

    72354bf1172c17d96093ce92802e83fcdad61ffb20e6ee374e437a6e9673bf0a

    SHA512

    fd48df01d2514ef5ab8982470506f108e0ab278a55e2d16878d00459823b1adad9001bd13323c31803e0a5cf6bb159d7246bb48b42b352752bab90a45bfbab53

    Download Submit

  • \Program Files (x86)\IP2 S5 Manager\api-ms-win-core-toolhelp-l1-1-0.dll
    Filesize

    3KB

    MD5

    bc2e091fe2a46319c3de61f20f0a1dd9

    SHA1

    fcb855c67bef8f0bea712ff639bf417841aec4b1

    SHA256

    787722c2ad012583bfa25e07259b0f5cf1c4811f0eb680a77efefd3f119051d9

    SHA512

    e7d8857384b239f40926a6436f720f4861481836b031718580076c0dd1479ca2cd2d3e1593d2e35a7bdc52803e8889733184ac341a6a1c3f0f74936109e46fdd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-2LFBM.tmp\IP2 Proxy Manager.tmp
    Filesize

    2.4MB

    MD5

    ae505a1a828db8e54193f5e86e878e5a

    SHA1

    b2ccaf7a3b3f7d263766982076bf3b62f88426da

    SHA256

    e58f51eeffa01e582e30c1199f021407d3139b0643a34a772855d4e024d4cee4

    SHA512

    6ff87995d703b7f9108214319289e28c29a360aba26bba6fc2f4446799d4c9009bf45c23dca8c154d68cb4d0ff1f89764303e33d5ef205f0627a97a8d6bddcc2

    Download Submit

  • memory/2344-10-0x0000000000400000-0x00000000004C5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2344-0-0x0000000000400000-0x00000000004C5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2344-2-0x0000000000401000-0x00000000004A8000-memory.dmp

    Filesize

    668KB

    Download

  • memory/2344-2324-0x0000000000400000-0x00000000004C5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2640-14-0x0000000000400000-0x0000000000680000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2640-644-0x0000000000400000-0x0000000000680000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2640-12-0x0000000000400000-0x0000000000680000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2640-8-0x0000000000400000-0x0000000000680000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2640-2323-0x0000000000400000-0x0000000000680000-memory.dmp

    Filesize

    2.5MB

    Download