eb3836dc2cc70343ef44f3d38086863d53ee7bbfd18f02cbc397c628304caa31

Analysis

max time kernel
114s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 05:55

Target

eb3836dc2cc70343ef44f3d38086863d53ee7bbfd18f02cbc397c628304caa31.exe
Size

348KB
MD5

659dd746665e89feee6216ffd94fd420
SHA1

ec750b78ee9ed7ce37a7167b5152b23cf84702c4
SHA256

eb3836dc2cc70343ef44f3d38086863d53ee7bbfd18f02cbc397c628304caa31
SHA512

65531dd5f957684b572566a85d7a0a8902e97b46f95e16ec567e86e5a90f69ea1762cc363a8f18cb401fb616d9ed0fd8ecb2076511d1635b2091a928fb596ca8
SSDEEP

6144:CKs3EQIHA7OctONehxZcdDxMJnD6iYRvCxJoSP5HFb:CN3EQ5OJNPDiQiYRAoSR

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0004000000022de5-135.dat	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/files/0x0004000000022de5-135.dat	upx
behavioral2/memory/1028-136-0x0000000010000000-0x000000001003D000-memory.dmp	upx

Loads dropped DLL 1 IoCs

pid	Process
1028	eb3836dc2cc70343ef44f3d38086863d53ee7bbfd18f02cbc397c628304caa31.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Skin5Dai.dll	eb3836dc2cc70343ef44f3d38086863d53ee7bbfd18f02cbc397c628304caa31.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3420	1028	WerFault.exe	82
2548	1028	WerFault.exe	82

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1028	eb3836dc2cc70343ef44f3d38086863d53ee7bbfd18f02cbc397c628304caa31.exe
1028	eb3836dc2cc70343ef44f3d38086863d53ee7bbfd18f02cbc397c628304caa31.exe
1028	eb3836dc2cc70343ef44f3d38086863d53ee7bbfd18f02cbc397c628304caa31.exe

C:\Users\Admin\AppData\Local\Temp\eb3836dc2cc70343ef44f3d38086863d53ee7bbfd18f02cbc397c628304caa31.exe
"C:\Users\Admin\AppData\Local\Temp\eb3836dc2cc70343ef44f3d38086863d53ee7bbfd18f02cbc397c628304caa31.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:1028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 892
  2⤵
  - Program crash
  PID:3420
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 892
  2⤵
  - Program crash
  PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 1028 -ip 1028
1⤵
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1028 -ip 1028
1⤵
PID:2364

C:\Windows\SysWOW64\Skin5Dai.dll

Filesize
89KB

MD5
6e79984e5c29ee9108fefdfa6c31c2f4

SHA1
a6869af96cb81a627ba4b68c5ebc691409e7e28e

SHA256
25524972067eb99cb966f51704bbaae1f47f4fb932b6176d4d517fbcf04a20df

SHA512
fef55831174bb14cafe2e4951675637b7ff3d9821d425f35c671a4d784bb8030d74a61ba38e24768ca9419a8721208ed075fbbf8318049045030bc3a1d68fc31

Download Submit
memory/1028-136-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download