a2fa034d006bdbc3ee2a15e55eb647f8097355c288a858da1e309fe8ac1cf0a3

Resubmissions

30-06-2024 18:29

240630-w47crssckh 10

30-06-2024 18:24

240630-w2dyfasbmb 7

Analysis

max time kernel
290s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyplaceControlInstall.exe
Size

5.9MB
MD5

de3f653561daa3c88bea49b8a6df874b
SHA1

08720bc41df746aa0a2eb4a4c46ebbbecca0f123
SHA256

a2fa034d006bdbc3ee2a15e55eb647f8097355c288a858da1e309fe8ac1cf0a3
SHA512

a8d237ba7cf89d7101fe42ed4a1c841c934f222ccc2041494bf49f67c4cc9bf190988a7a138860a9aec3e6862cb99663dcde96c93ba40b81a923fc68dae2ac7f
SSDEEP

98304:FtUY9cZjRMe8g7dF1OPYtugGpbNer/xZssPZ31x+B10Q3RAss685EL4bD/vcMTL:FjqN1NZF1OAtugM6vZYRAZiyD/vcMTL

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

AnyplaceControlInstall.exe

pid process

2012 AnyplaceControlInstall.exe
2012 AnyplaceControlInstall.exe
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

behavioral1/memory/2012-0-0x0000000000400000-0x0000000000469000-memory.dmp upx
behavioral1/memory/2012-55-0x0000000000400000-0x0000000000469000-memory.dmp upx
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2012	AnyplaceControlInstall.exe
2012	AnyplaceControlInstall.exe

resource	yara_rule
behavioral1/memory/2012-0-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral1/memory/2012-55-0x0000000000400000-0x0000000000469000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\AnyplaceControlInstall.exe
"C:\Users\Admin\AppData\Local\Temp\AnyplaceControlInstall.exe"
1⤵
- Loads dropped DLL
PID:2012

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

\Temp\1J96B6II\AnyplaceControlInstall\plugins\0\CustomUI.dll
Filesize
345KB

MD5
0fe39de528a1afa32ed1f5f10a02aa4e

SHA1
8651305d45126ad268b498eecab7db5cae570b7c

SHA256
2ad7b88bea948708cef7dd539567686b0662692802edf0bb544594306cef7c73

SHA512
74a2f59e7d2a788dda76c2566d7c827ecde4f3b5e16191586fbcab69b04f1436e0963b8dff97fbbe383e9c580c9fffe5a9a5fe11da8ede6b8d06dcb040c09e27

Download Submit
\Temp\1J96B6II\unpack.dll
Filesize
34KB

MD5
e619dbc708231336467add6b6f6ff99c

SHA1
cd9b0168d3d8259709098edea0d83834d580fbfb

SHA256
c66742cee46087844c244af84c91a464eeab5ac0fe57be6d9c7aef6daea54793

SHA512
5e5fb37db93eb11f7e0e7f5249e5733e6ecda3395ad51323d22bb1fbbf3e3b137c4554600faee5e53368426a0827add13862c3b400a7f54acbbbb2d9becfaf1e

Download Submit
memory/2012-0-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2012-52-0x0000000002A70000-0x0000000002ACD000-memory.dmp

Filesize
372KB

Download
memory/2012-55-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2012-56-0x0000000002A70000-0x0000000002ACD000-memory.dmp

Filesize
372KB

Download
memory/2012-68-0x0000000002A70000-0x0000000002ACD000-memory.dmp

Filesize
372KB

Download