1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 19:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04.exe
Size

609KB
MD5

4033cfb31322fb4b2d4111c1a8abf710
SHA1

8ff395ea56a24d635b892ef865f695d7b991e745
SHA256

1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04
SHA512

366de937ef359556c46cc81b375914b7185afc8b54990765a9e15fba8e67a3269854994a73a9e0b7a4eddd596cb361973b45c67c5ef50c91c7a94102f21c3a9e
SSDEEP

12288:4dmKE/bK7Fa64btPMfn1PJY8GbOsyRCAA8lR3hUXpMzrS:XKEK7FN4bhM/1BY8GRqn3aMXS

Score

9^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0008000000005c51-55.dat	acprotect
behavioral1/files/0x0008000000005c51-66.dat	acprotect
behavioral1/files/0x0008000000005c51-67.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
944	AegisI5Installer.exe

Loads dropped DLL 8 IoCs

pid	Process
852	1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04.exe
852	1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04.exe
944	AegisI5Installer.exe
944	AegisI5Installer.exe
944	AegisI5Installer.exe
944	AegisI5Installer.exe
944	AegisI5Installer.exe
944	AegisI5Installer.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\AegisI5Installer.exe	1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
852	1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04.exe
852	1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04.exe
944	AegisI5Installer.exe
944	AegisI5Installer.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 944	852	1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04.exe	27
PID 852 wrote to memory of 944	852	1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04.exe	27
PID 852 wrote to memory of 944	852	1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04.exe	27
PID 852 wrote to memory of 944	852	1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04.exe	27
PID 852 wrote to memory of 944	852	1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04.exe	27
PID 852 wrote to memory of 944	852	1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04.exe	27
PID 852 wrote to memory of 944	852	1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04.exe	27

C:\Users\Admin\AppData\Local\Temp\1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04.exe
"C:\Users\Admin\AppData\Local\Temp\1421ec87090ca3c9c41c5b3dc83f0256c99bb4f562bfbc9fc7cb2bdaa28d5e04.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:852
- C:\Windows\SysWOW64\AegisI5Installer.exe
  "C:\Windows\system32\AegisI5Installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yek28F5.tmp

Filesize
172KB

MD5
685f1cbd4af30a1d0c25f252d399a666

SHA1
6a1b978f5e6150b88c8634146f1406ed97d2f134

SHA256
0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

SHA512
6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

Download Submit
C:\Windows\SysWOW64\AegisI5Installer.exe

Filesize
368KB

MD5
2d63a311f064e635d4bb93856be1257d

SHA1
e9f6679588cf5247279eddab3856b25d4fa1a06b

SHA256
792ca2426af914d8b7a76825842196a1083319d98108f60bd740f32a3d9d4020

SHA512
35293aa74c2e147ad3a442acf753d669ba0033229b6ba5636898fd0743aced0186bd09e0fce263ec4c8d4de2a07ae4f72133ed648fe17fca420b8a9ab2d0038f

Download Submit
C:\Windows\SysWOW64\AegisI5Installer.exe

Filesize
368KB

MD5
2d63a311f064e635d4bb93856be1257d

SHA1
e9f6679588cf5247279eddab3856b25d4fa1a06b

SHA256
792ca2426af914d8b7a76825842196a1083319d98108f60bd740f32a3d9d4020

SHA512
35293aa74c2e147ad3a442acf753d669ba0033229b6ba5636898fd0743aced0186bd09e0fce263ec4c8d4de2a07ae4f72133ed648fe17fca420b8a9ab2d0038f

Download Submit
\Users\Admin\AppData\Local\Temp\MDC2A6B.tmp

Filesize
29KB

MD5
8dfc8e5a84be243b2bd1bfa0465aa5f2

SHA1
fac6217d64f52a1eda0f1432a140bd6129f03a4c

SHA256
00e51e76420169573e59172716a0b6982a9c660b0bad7fbe77448558bbf3b71b

SHA512
1b69fd85f26dfa7dd348b39ba8e57fa8da27ca8deaee6f8cc66e1e2b7436eb4507307727ef5d2eb917635f0e32b40cc4e2f5185256ca3b4e1ece54cb2fe61e77

Download Submit
\Users\Admin\AppData\Local\Temp\MDC2A6B.tmp

Filesize
29KB

MD5
8dfc8e5a84be243b2bd1bfa0465aa5f2

SHA1
fac6217d64f52a1eda0f1432a140bd6129f03a4c

SHA256
00e51e76420169573e59172716a0b6982a9c660b0bad7fbe77448558bbf3b71b

SHA512
1b69fd85f26dfa7dd348b39ba8e57fa8da27ca8deaee6f8cc66e1e2b7436eb4507307727ef5d2eb917635f0e32b40cc4e2f5185256ca3b4e1ece54cb2fe61e77

Download Submit
\Users\Admin\AppData\Local\Temp\yek28F5.tmp

Filesize
172KB

MD5
685f1cbd4af30a1d0c25f252d399a666

SHA1
6a1b978f5e6150b88c8634146f1406ed97d2f134

SHA256
0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

SHA512
6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

Download Submit
\Users\Admin\AppData\Local\Temp\yek28F5.tmp

Filesize
172KB

MD5
685f1cbd4af30a1d0c25f252d399a666

SHA1
6a1b978f5e6150b88c8634146f1406ed97d2f134

SHA256
0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

SHA512
6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

Download Submit
\Windows\SysWOW64\AegisI5Installer.exe

Filesize
368KB

MD5
2d63a311f064e635d4bb93856be1257d

SHA1
e9f6679588cf5247279eddab3856b25d4fa1a06b

SHA256
792ca2426af914d8b7a76825842196a1083319d98108f60bd740f32a3d9d4020

SHA512
35293aa74c2e147ad3a442acf753d669ba0033229b6ba5636898fd0743aced0186bd09e0fce263ec4c8d4de2a07ae4f72133ed648fe17fca420b8a9ab2d0038f

Download Submit
\Windows\SysWOW64\AegisI5Installer.exe

Filesize
368KB

MD5
2d63a311f064e635d4bb93856be1257d

SHA1
e9f6679588cf5247279eddab3856b25d4fa1a06b

SHA256
792ca2426af914d8b7a76825842196a1083319d98108f60bd740f32a3d9d4020

SHA512
35293aa74c2e147ad3a442acf753d669ba0033229b6ba5636898fd0743aced0186bd09e0fce263ec4c8d4de2a07ae4f72133ed648fe17fca420b8a9ab2d0038f

Download Submit
\Windows\SysWOW64\AegisI5Installer.exe

Filesize
368KB

MD5
2d63a311f064e635d4bb93856be1257d

SHA1
e9f6679588cf5247279eddab3856b25d4fa1a06b

SHA256
792ca2426af914d8b7a76825842196a1083319d98108f60bd740f32a3d9d4020

SHA512
35293aa74c2e147ad3a442acf753d669ba0033229b6ba5636898fd0743aced0186bd09e0fce263ec4c8d4de2a07ae4f72133ed648fe17fca420b8a9ab2d0038f

Download Submit
\Windows\SysWOW64\AegisI5Installer.exe

Filesize
368KB

MD5
2d63a311f064e635d4bb93856be1257d

SHA1
e9f6679588cf5247279eddab3856b25d4fa1a06b

SHA256
792ca2426af914d8b7a76825842196a1083319d98108f60bd740f32a3d9d4020

SHA512
35293aa74c2e147ad3a442acf753d669ba0033229b6ba5636898fd0743aced0186bd09e0fce263ec4c8d4de2a07ae4f72133ed648fe17fca420b8a9ab2d0038f

Download Submit
memory/852-54-0x0000000074E41000-0x0000000074E43000-memory.dmp

Filesize
8KB

Download
memory/852-68-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/852-69-0x0000000000230000-0x000000000029E000-memory.dmp

Filesize
440KB

Download
memory/852-70-0x0000000000A70000-0x0000000000AE3000-memory.dmp

Filesize
460KB

Download
memory/944-71-0x00000000005F0000-0x00000000005FB000-memory.dmp

Filesize
44KB

Download
memory/944-72-0x00000000005F0000-0x00000000005FB000-memory.dmp

Filesize
44KB

Download
memory/944-73-0x0000000000800000-0x0000000000873000-memory.dmp

Filesize
460KB

Download
memory/944-74-0x00000000005F0000-0x00000000005FB000-memory.dmp

Filesize
44KB

Download