Overview

overview

9

Static

static

8

Universal ....0.exe

windows7_x64

9

Universal ....0.exe

windows10_x64

9

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    05-12-2021 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Universal BIOS Backup ToolKit 2.0.exe

  • Size

    599KB

  • MD5

    e20002dba2f2129797400b4bbf5cace7

  • SHA1

    0bed0f6320cf705ab454ce14decc0a3fc6840337

  • SHA256

    672bc532799a091c2422f3676550b019cff007f3ebba05a4ba7222c9c810179b

  • SHA512

    bd1e9ed24fe59af9a7220ee2c96c8e3c476a30f67af7898d821d86e3bf7c92f043dccc2ee61215154d31582ea67bf673d4fbf17e89b489ee4c44adcae33a6e93

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 5 IoCs
  • Suspicious behavior: LoadsDriver 4 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Universal BIOS Backup ToolKit 2.0.exe
    "C:\Users\Admin\AppData\Local\Temp\Universal BIOS Backup ToolKit 2.0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:3148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\E_N4\GDI+Ö§³Ö¿â.fne
    MD5

    77ea76ff8b4bce61c5955bc31bb33518

    SHA1

    f152e2609c98509993e1a6b90bbd7f0e3fca5181

    SHA256

    316e6b6bf5db2eedcffbc3204423a17583b4eada920a3bb86605ee762c591687

    SHA512

    a447c6c3eef6b6bf93786981271207b33fc7d29143a061e119a88007614fa0a7e0877c7a6cc9eaa290e18aab0d2cc1e112cd07534f62d75bb13a096840646d30

    Download Submit
  • \Users\Admin\AppData\Local\Temp\E_N4\GDI+Ö§³Ö¿â.fne
    MD5

    77ea76ff8b4bce61c5955bc31bb33518

    SHA1

    f152e2609c98509993e1a6b90bbd7f0e3fca5181

    SHA256

    316e6b6bf5db2eedcffbc3204423a17583b4eada920a3bb86605ee762c591687

    SHA512

    a447c6c3eef6b6bf93786981271207b33fc7d29143a061e119a88007614fa0a7e0877c7a6cc9eaa290e18aab0d2cc1e112cd07534f62d75bb13a096840646d30

    Download Submit
  • \Users\Admin\AppData\Local\Temp\E_N4\PhyDMACC.dll
    MD5

    7d0f0c8906b2557825e346870cabbe7a

    SHA1

    bf9cf6e8d007259f6f50484953e3a9eba8ffacc0

    SHA256

    2364b47ea6c12b2746eb558a568a8c887d9ebac78dab3722f1f72c71bd9d52aa

    SHA512

    63ebb4aa7a03d52e99967f596e051b4a4013fec0d181b441e2af137cf32e42a57fae97bd19a711d336a5dadffa5ffcf6f37096b7441438b8f2f24d087780c586

    Download Submit
  • \Users\Admin\AppData\Local\Temp\E_N4\PhyDMACC.dll
    MD5

    7d0f0c8906b2557825e346870cabbe7a

    SHA1

    bf9cf6e8d007259f6f50484953e3a9eba8ffacc0

    SHA256

    2364b47ea6c12b2746eb558a568a8c887d9ebac78dab3722f1f72c71bd9d52aa

    SHA512

    63ebb4aa7a03d52e99967f596e051b4a4013fec0d181b441e2af137cf32e42a57fae97bd19a711d336a5dadffa5ffcf6f37096b7441438b8f2f24d087780c586

    Download Submit
  • \Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
    MD5

    638e737b2293cf7b1f14c0b4fb1f3289

    SHA1

    f8e2223348433b992a8c42c4a7a9fb4b5c1158bc

    SHA256

    baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b

    SHA512

    4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12

    Download Submit
  • memory/3148-118-0x0000000002380000-0x0000000002398000-memory.dmp
    Filesize

    96KB

    Download