Analysis
-
max time kernel
118s -
max time network
191s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
01/10/2022, 17:33
Static task
static1
Behavioral task
behavioral1
Sample
ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5.exe
Resource
win10v2004-20220812-en
General
-
Target
ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5.exe
-
Size
194KB
-
MD5
4799b81ffe38ac842330d7f60ef8d1a0
-
SHA1
fa3d4b03356a301c89cbafa710da812c29b41800
-
SHA256
ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5
-
SHA512
5ea950235f23d07bccfbb85d7fcf5e445041d1e3fcb21c292447588182072ad1dc2e9d805fbf5e17bd953d7a450f03859443c3c71f6feecdb761e06ede01c1a1
-
SSDEEP
3072:YWZo4QNTNM/s+vQrMJltjpU6b/0NBgPX7uTgjdG/ZLICBCfpA:pyxUQAJTjp3oNyP7UodG/ZsCBCfa
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 2 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral2/files/0x000c000000022e36-133.dat acprotect behavioral2/files/0x000c000000022e36-134.dat acprotect -
Loads dropped DLL 2 IoCs
pid Process 1620 ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5.exe 1620 ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1620 ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1620 wrote to memory of 2428 1620 ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5.exe 83 PID 1620 wrote to memory of 2428 1620 ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5.exe 83 PID 1620 wrote to memory of 2428 1620 ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5.exe"C:\Users\Admin\AppData\Local\Temp\ff570b583582f4346cbb87ab1d40577386b3e51eddb71783cacd542baef20af5.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1620 -
C:\Windows\SysWOW64\hh.exehh secedit.chm2⤵PID:2428
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
172KB
MD5685f1cbd4af30a1d0c25f252d399a666
SHA16a1b978f5e6150b88c8634146f1406ed97d2f134
SHA2560e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4
SHA5126555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9
-
Filesize
172KB
MD5685f1cbd4af30a1d0c25f252d399a666
SHA16a1b978f5e6150b88c8634146f1406ed97d2f134
SHA2560e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4
SHA5126555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9