Overview
overview
10Static
static
804443c70d3...be.exe
windows7_x64
904443c70d3...be.exe
windows10_x64
905535d72f3...06.exe
windows7_x64
105535d72f3...06.exe
windows10_x64
11bec139d54...72.exe
windows7_x64
81bec139d54...72.exe
windows10_x64
81f670ff8cc...55.exe
windows7_x64
11f670ff8cc...55.exe
windows10_x64
12deaa0ec74...ea.exe
windows7_x64
102deaa0ec74...ea.exe
windows10_x64
10372b929ae9...ef.dll
windows7_x64
9372b929ae9...ef.dll
windows10_x64
938ee6bea62...15.exe
windows7_x64
338ee6bea62...15.exe
windows10_x64
3437d91ce52...8f.exe
windows7_x64
1437d91ce52...8f.exe
windows10_x64
4447058c1c6...a8.exe
windows7_x64
9447058c1c6...a8.exe
windows10_x64
95061c0b08d...03.exe
windows7_x64
15061c0b08d...03.exe
windows10_x64
15ed4b682ef...d4.exe
windows7_x64
85ed4b682ef...d4.exe
windows10_x64
86970600d21...b5.exe
windows7_x64
16970600d21...b5.exe
windows10_x64
172f528f9a6...92.exe
windows7_x64
872f528f9a6...92.exe
windows10_x64
873dcee7abe...99.exe
windows7_x64
173dcee7abe...99.exe
windows10_x64
17e118b534a...d2.exe
windows7_x64
107e118b534a...d2.exe
windows10_x64
108034fffb03...3c.exe
windows7_x64
108034fffb03...3c.exe
windows10_x64
10Analysis
-
max time kernel
135s -
max time network
129s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
15-03-2021 09:49
Static task
static1
Behavioral task
behavioral1
Sample
04443c70d34ded7f17d3a00b0f3f7309291dbcb7957a1c5664aab6c7886b17be.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral2
Sample
04443c70d34ded7f17d3a00b0f3f7309291dbcb7957a1c5664aab6c7886b17be.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral3
Sample
05535d72f3f98c73d9b660625e1b627b1bebbd15d7d4add4ecc492a2b0d67a06.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral4
Sample
05535d72f3f98c73d9b660625e1b627b1bebbd15d7d4add4ecc492a2b0d67a06.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral5
Sample
1bec139d54d147196c4e736d8dcf1f39d2bff390d59d5b240b4a97e03763cf72.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral6
Sample
1bec139d54d147196c4e736d8dcf1f39d2bff390d59d5b240b4a97e03763cf72.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral7
Sample
1f670ff8cca59a61aa0d58f297788916a6a9a318c1e7a3319367b6ffdc45c755.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral8
Sample
1f670ff8cca59a61aa0d58f297788916a6a9a318c1e7a3319367b6ffdc45c755.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral9
Sample
2deaa0ec7445c26f1442f860eb32f4fcda2d501699d09a94c26035d6185803ea.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral10
Sample
2deaa0ec7445c26f1442f860eb32f4fcda2d501699d09a94c26035d6185803ea.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral11
Sample
372b929ae9362bf357a3a8c5c968921f2c950094d928b2ed2cf94ea04bcfdbef.dll
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral12
Sample
372b929ae9362bf357a3a8c5c968921f2c950094d928b2ed2cf94ea04bcfdbef.dll
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral13
Sample
38ee6bea62658ae4fa75914261a5848a8db5b332ddfb52daf01e958871559e15.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral14
Sample
38ee6bea62658ae4fa75914261a5848a8db5b332ddfb52daf01e958871559e15.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral15
Sample
437d91ce52c0b54e125d28ea1bc6b5547183f04e40f9e487150be7862e61688f.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral16
Sample
437d91ce52c0b54e125d28ea1bc6b5547183f04e40f9e487150be7862e61688f.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral17
Sample
447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral18
Sample
447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral19
Sample
5061c0b08d522fdae45fc9285ac45fb96a4e80bd859867a0e988dfaeb2b33b03.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral20
Sample
5061c0b08d522fdae45fc9285ac45fb96a4e80bd859867a0e988dfaeb2b33b03.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral21
Sample
5ed4b682efcc4d63e5fc8a5f666f64e206e710dd408455d6061ddf3d8c95aed4.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral22
Sample
5ed4b682efcc4d63e5fc8a5f666f64e206e710dd408455d6061ddf3d8c95aed4.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral23
Sample
6970600d21285371d6a4fd6175b65b672b9b9aaea36353e1544f0672944c9fb5.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral24
Sample
6970600d21285371d6a4fd6175b65b672b9b9aaea36353e1544f0672944c9fb5.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral25
Sample
72f528f9a6bb7e6ccf45d9e25e77badb6e9fd8533c0fd8dac26a087347ff8592.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral26
Sample
72f528f9a6bb7e6ccf45d9e25e77badb6e9fd8533c0fd8dac26a087347ff8592.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral27
Sample
73dcee7abeca24a9170f800d069e80283b9ea1bd7cc6fbabdf55c613897f9699.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral28
Sample
73dcee7abeca24a9170f800d069e80283b9ea1bd7cc6fbabdf55c613897f9699.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral29
Sample
7e118b534abb919903bc15b33f5fe2db15a54f7f39a7abc87c61e4617f35c0d2.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral30
Sample
7e118b534abb919903bc15b33f5fe2db15a54f7f39a7abc87c61e4617f35c0d2.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral31
Sample
8034fffb03faec5aa94d3c16cdb98dfbcce06e8f8f7a278f7c30cff0398ea03c.exe
Resource
win7v20201028
windows7_x64
General
-
Target
447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe
-
Size
618KB
-
MD5
fa441d64d6ff82b1720ad98b1140f955
-
SHA1
0afa7eb0fb26f69ca0146c68d2b7d84c2ad5078e
-
SHA256
447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8
-
SHA512
606dd4e96f435665b29c8254ef143e0c303c0304e452f2bf1d3206ef0803ae920885e4c751c2a9a5f4a93103bc5b81c9fdebb9289fbd1d3e13a1dbc32e838e4e
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral18/files/0x000100000001abaa-12.dat acprotect -
resource yara_rule behavioral18/files/0x000100000001abaa-12.dat upx -
Loads dropped DLL 64 IoCs
pid Process 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\LinksBar 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe Set value (int) \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\LinksBar\Enabled = "1" 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe 1400 447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe"C:\Users\Admin\AppData\Local\Temp\447058c1c6551c352895be7569e33c96384da3757303fc97004be45f56b4e9a8.exe"1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:1400