92dba49b8999ee3981262de3200662d539a8d61560d96e24f0f7d859bbc47e6c | Triage

Resubmissions

16/09/2022, 21:47

220916-1m7z7agfe9 9

29/05/2021, 07:24

210529-362q33faf6 9

Analysis

max time kernel
150s
max time network
135s
platform
windows10_x64
resource
win10v20210408
submitted
29/05/2021, 07:24

Sharing

Report Analysis Logs

General

Target

sample.exe
Size

2.2MB
MD5

88af65ad6b23ee2f9745ddacff604748
SHA1

7636ea6f26c50379256b2507b7c21ecf45ad1d80
SHA256

641156d7dcbfa28f469a4df5e49c46efd4af299d418324cf108aa50aa7d7f2b0
SHA512

eface5855e358335336dadf3fda622a5609f0acacac10ab186a248c8b22e09ca1ed16e5d1d20021ba72950bb7189c3b3896c9adc513eb3caebca8bf8827b149e

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000200000001ab26-114.dat	acprotect
behavioral2/files/0x000100000001ab2a-115.dat	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/files/0x000200000001ab26-114.dat	upx
behavioral2/files/0x000100000001ab2a-115.dat	upx

Loads dropped DLL 2 IoCs

pid	Process
2544	sample.exe
2544	sample.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe
2544	sample.exe

C:\Users\Admin\AppData\Local\Temp\sample.exe
"C:\Users\Admin\AppData\Local\Temp\sample.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads