Overview

overview

9

Static

static

ff570b5835...f5.exe

windows7-x64

9

ff570b5835...f5.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    23s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01-10-2022 17:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5.exe

  • Size

    194KB

  • MD5

    4799b81ffe38ac842330d7f60ef8d1a0

  • SHA1

    fa3d4b03356a301c89cbafa710da812c29b41800

  • SHA256

    ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5

  • SHA512

    5ea950235f23d07bccfbb85d7fcf5e445041d1e3fcb21c292447588182072ad1dc2e9d805fbf5e17bd953d7a450f03859443c3c71f6feecdb761e06ede01c1a1

  • SSDEEP

    3072:YWZo4QNTNM/s+vQrMJltjpU6b/0NBgPX7uTgjdG/ZLICBCfpA:pyxUQAJTjp3oNyP7UodG/ZsCBCfa

Score
9/10

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5.exe
    "C:\Users\Admin\AppData\Local\Temp\ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Windows\SysWOW64\hh.exe
      hh secedit.chm
      2⤵
        PID:1992

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\ytkBFF6.tmp
      Filesize

      172KB

      MD5

      685f1cbd4af30a1d0c25f252d399a666

      SHA1

      6a1b978f5e6150b88c8634146f1406ed97d2f134

      SHA256

      0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

      SHA512

      6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

      Download Submit

    • memory/1652-54-0x0000000001000000-0x0000000001008000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1652-56-0x0000000000650000-0x00000000006C3000-memory.dmp

      Filesize

      460KB

      Download

    • memory/1652-58-0x0000000001000000-0x0000000001008000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1652-59-0x0000000000650000-0x00000000006C3000-memory.dmp

      Filesize

      460KB

      Download

    • memory/1992-57-0x0000000000000000-mapping.dmp

      Download

    • memory/1992-60-0x0000000075FC1000-0x0000000075FC3000-memory.dmp

      Filesize

      8KB

      Download