Automated Malware Analysis IOC Report for

File Path

Type

Category

Malicious

Documents.zip

Zip archive data, at least v1.0 to extract, compression method=store

initial sample

Details

Filetype:	Zip archive data, at least v1.0 to extract, compression method=store
Entropy:	7.9999867151513575
Filename:	Documents.zip
Filesize:	13680105
MD5:	889ca52a0d02aae55c2ad5928333bf7a
SHA1:	56b37a87421d730cc85d259a9dcadb58209b4b2e
SHA256:	0fd4dc92a7affb0e2340b52171b83766b61d1374371af2e83155095bc90f2b50
SHA512:	deb9a4ff8b21f0137c6817a38710698306853d8fbee0f3b22bbb863000bd677853ab115318fd8da4bb125b67ed14ed76d7ea8084d02ec8491d814e87780800a9
SSDEEP:	393216:rAxnrz0n24YXjPCcTabQnsUV13Jqd+tUMgaUXjVuB7MTjUZMy:ranX748Dns013JqUtUMgaURuUin
Preview:	PK.........\|.Xi.HL1...1...<...MDE_File_Sample_5a1a1e6cc30fa7274f0635f7b54dc4f186da280b.zipPK.........t.X.'+.W...K.....$.Stardock_Fences_v4.21.7z.. .........)^V2....(^V2....#^V2.......\g.:.Z@...sK...+Cz_.../.R...7gsc..cK.........n8.[d0&.....U..Y-...&7..+..

Signature Hits	Behavior Group	Mitre Attack
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\C5E3399ED9A072FE864748D49BA96094.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\C5E3399ED9A072FE864748D49BA96094.dll
Category:	dropped
Dump:	C5E3399ED9A072FE864748D49BA96094.dll.21.dr
ID:	dr_1
Target ID:	21
Process:	C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	2.3834002847708287
Encrypted:	false
Size:	2560
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\AppData\Local\Temp\dup2patcher.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\dup2patcher.dll
Category:	dropped
Dump:	dup2patcher.dll.21.dr
ID:	dr_0
Target ID:	21
Process:	C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.2594747501346975
Encrypted:	false
Size:	391168
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Multi AV Scanner detection for dropped file	AV Detection	Security Software Discovery
Yara detected Generic Patcher	HIPS / PFW / Operating System Protection Evasion
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates temporary files	System Summary

IOC Report
Documents.zip