Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
04-11-2021 14:23
Static task
static1
Behavioral task
behavioral1
Sample
028d46daecc32df5eabf16e28b1e4174.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
028d46daecc32df5eabf16e28b1e4174.exe
Resource
win10-en-20210920
General
-
Target
028d46daecc32df5eabf16e28b1e4174.exe
-
Size
12.2MB
-
MD5
028d46daecc32df5eabf16e28b1e4174
-
SHA1
f0a76c4d8a4845db31093957cb7be775bf3b69f8
-
SHA256
c3034ce528edda82cc9fcf13dda5e7ee552eee0a1b1d1bf21b1f91a7e765f6c9
-
SHA512
104fa1d4d53cb7e89b870350b1a1b27efbe808a99299b55e8b5fc4f5fb30957e66bfc5999c1ef3805d551339857c35b048d55f7ee8fada9e4754a0bdbb3c4cec
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 2 IoCs
Detects file using ACProtect software.
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI7922\python39.dll acprotect \Users\Admin\AppData\Local\Temp\_MEI7922\python39.dll acprotect -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI7922\python39.dll upx \Users\Admin\AppData\Local\Temp\_MEI7922\python39.dll upx -
Loads dropped DLL 1 IoCs
Processes:
028d46daecc32df5eabf16e28b1e4174.exepid process 876 028d46daecc32df5eabf16e28b1e4174.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
028d46daecc32df5eabf16e28b1e4174.exedescription pid process target process PID 792 wrote to memory of 876 792 028d46daecc32df5eabf16e28b1e4174.exe 028d46daecc32df5eabf16e28b1e4174.exe PID 792 wrote to memory of 876 792 028d46daecc32df5eabf16e28b1e4174.exe 028d46daecc32df5eabf16e28b1e4174.exe PID 792 wrote to memory of 876 792 028d46daecc32df5eabf16e28b1e4174.exe 028d46daecc32df5eabf16e28b1e4174.exe PID 792 wrote to memory of 876 792 028d46daecc32df5eabf16e28b1e4174.exe 028d46daecc32df5eabf16e28b1e4174.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\028d46daecc32df5eabf16e28b1e4174.exe"C:\Users\Admin\AppData\Local\Temp\028d46daecc32df5eabf16e28b1e4174.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\028d46daecc32df5eabf16e28b1e4174.exe"C:\Users\Admin\AppData\Local\Temp\028d46daecc32df5eabf16e28b1e4174.exe"2⤵
- Loads dropped DLL
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI7922\python39.dllMD5
9e8ad37c6ee0f6d0d7e5f73411261459
SHA1bdc649eed0a898b7df9768d34c7016e657d06bcc
SHA256f00cd2eec777fcdb6568b428d1374f780a7cf492de23ec0e37478a883a91f575
SHA51287ccf224be3a4ece4324f6dc8cbc538c8ede330e2ffb9135a8c866d44132f4e59a5a2f633e9a6d96413b1b2e64a194d2b63bd685b7e6ad9398f872e4d3f357dc
-
\Users\Admin\AppData\Local\Temp\_MEI7922\python39.dllMD5
9e8ad37c6ee0f6d0d7e5f73411261459
SHA1bdc649eed0a898b7df9768d34c7016e657d06bcc
SHA256f00cd2eec777fcdb6568b428d1374f780a7cf492de23ec0e37478a883a91f575
SHA51287ccf224be3a4ece4324f6dc8cbc538c8ede330e2ffb9135a8c866d44132f4e59a5a2f633e9a6d96413b1b2e64a194d2b63bd685b7e6ad9398f872e4d3f357dc
-
memory/876-54-0x0000000000000000-mapping.dmp