589e62b951ea964b3fa2c1a90249ea99476fb2b6ced69d23de009eed20060dca

Analysis

max time kernel
45s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 04:35

Target

589e62b951ea964b3fa2c1a90249ea99476fb2b6ced69d23de009eed20060dca.exe
Size

291KB
MD5

6be35704c0b8a0799de248dd25a14b30
SHA1

a130517fb07219dbbd9fbe0142fd8d1851491251
SHA256

589e62b951ea964b3fa2c1a90249ea99476fb2b6ced69d23de009eed20060dca
SHA512

d907ff08665bf7cddeaca103d7a3748c0391df6ecefb8f842b900544da607b695f468ae4c877ea071ca43cf257df23f60fa4430bdab949b33f79f9da1d4c9d08
SSDEEP

6144:cJvrJVsjAre1HsOVdH+djIPyDiXKaJEI5:gvrJVKAgfNjyOXlP

Score

9^/10

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000500000000b2d2-54.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
1308	589e62b951ea964b3fa2c1a90249ea99476fb2b6ced69d23de009eed20060dca.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1308	589e62b951ea964b3fa2c1a90249ea99476fb2b6ced69d23de009eed20060dca.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1204	1308	589e62b951ea964b3fa2c1a90249ea99476fb2b6ced69d23de009eed20060dca.exe	28
PID 1308 wrote to memory of 1204	1308	589e62b951ea964b3fa2c1a90249ea99476fb2b6ced69d23de009eed20060dca.exe	28
PID 1308 wrote to memory of 1204	1308	589e62b951ea964b3fa2c1a90249ea99476fb2b6ced69d23de009eed20060dca.exe	28
PID 1308 wrote to memory of 1204	1308	589e62b951ea964b3fa2c1a90249ea99476fb2b6ced69d23de009eed20060dca.exe	28
PID 1204 wrote to memory of 1692	1204	cmd.exe	29
PID 1204 wrote to memory of 1692	1204	cmd.exe	29
PID 1204 wrote to memory of 1692	1204	cmd.exe	29
PID 1204 wrote to memory of 1692	1204	cmd.exe	29

C:\Users\Admin\AppData\Local\Temp\~8C9.bat

Filesize
1KB

MD5
48dc87f829439faa8054031f9aa770f6

SHA1
382f6c95b68c03674153bc4bbc12ec73706bb36d

SHA256
2f38298c0f7f7e1f1538d6b134bbbde7f1a81f7fe457f6d7efbc6a71572f71e1

SHA512
c613bb949f4e2474099308f043b163817e8de17b0598819f414de6396202b8c2df9c570b6d81b2435c136647a60790d6aeb1826388464c534997075fdd340c34

Download Submit
\Users\Admin\AppData\Local\Temp\jak85B.tmp

Filesize
172KB

MD5
825bca543d5c096c50897d59ae875860

SHA1
1e1907d4b48d2b6e4b7ae73a4b27c9852c5cac2d

SHA256
c50fd73265695efdcea2ab564e4cfff722b177058b7160b39dfe814244df17f6

SHA512
861a8e5d8aa925b40170e456470f706153df22bdfb0966d27c96c4c9beff502c584e1e24f7f2c838dd3ff0de490862dbbc2a951db9347f690e1964abcc37589a

Download Submit
memory/1308-58-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1308-59-0x0000000000230000-0x00000000002A3000-memory.dmp

Filesize
460KB

Download