c3bdde7a3bb6ca16b26e31696313395796669b079de3a7014c69e60b50894617

Analysis

max time kernel
41s
max time network
52s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3bdde7a3bb6ca16b26e31696313395796669b079de3a7014c69e60b50894617.exe
Size

961KB
MD5

6227ec7372c949e924c94821c17af44f
SHA1

e65e34c45bf6bfd04cd8336ecd1b4cbce5013ce9
SHA256

c3bdde7a3bb6ca16b26e31696313395796669b079de3a7014c69e60b50894617
SHA512

2e9bbcfef5cf5eaf6f55209b8ce8d45c53e2d729bc231dd07b2a9b740c96aa8ff31b8aec715c872bdbb2a371c884f4ba15d58784b9199ab33997976a32ae085e
SSDEEP

12288:TBIqA56AGWYIczVmjuldONAvA7KGbNuwPFqwFc3AcPkqD72oKbCZ9vZa2snY1pA0:TSncnSudONgA7XUNwFK72oKbcBDsnYJ

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0008000000013473-56.dat	acprotect
behavioral1/files/0x0008000000013473-60.dat	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0008000000013473-56.dat	upx
behavioral1/files/0x0008000000013473-60.dat	upx

Loads dropped DLL 4 IoCs

pid	Process
1436	c3bdde7a3bb6ca16b26e31696313395796669b079de3a7014c69e60b50894617.exe
1436	c3bdde7a3bb6ca16b26e31696313395796669b079de3a7014c69e60b50894617.exe
1436	c3bdde7a3bb6ca16b26e31696313395796669b079de3a7014c69e60b50894617.exe
1436	c3bdde7a3bb6ca16b26e31696313395796669b079de3a7014c69e60b50894617.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\c3bdde7a3bb6ca16b26e31696313395796669b079de3a7014c69e60b50894617.exe
"C:\Users\Admin\AppData\Local\Temp\c3bdde7a3bb6ca16b26e31696313395796669b079de3a7014c69e60b50894617.exe"
1⤵
- Loads dropped DLL
PID:1436

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsd1B30.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1B30.tmp\inetc.dll

Filesize
20KB

MD5
e541458cfe66ef95ffbea40eaaa07289

SHA1
caec1233f841ee72004231a3027b13cdeb13274c

SHA256
3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

SHA512
0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1B30.tmp\md5dll.dll

Filesize
6KB

MD5
0745ff646f5af1f1cdd784c06f40fce9

SHA1
bf7eba06020d7154ce4e35f696bec6e6c966287f

SHA256
fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70

SHA512
8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1B30.tmp\md5dll.dll

Filesize
6KB

MD5
0745ff646f5af1f1cdd784c06f40fce9

SHA1
bf7eba06020d7154ce4e35f696bec6e6c966287f

SHA256
fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70

SHA512
8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da

Download Submit
memory/1436-54-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/1436-58-0x0000000001D10000-0x0000000001D19000-memory.dmp

Filesize
36KB

Download
memory/1436-59-0x0000000001D10000-0x0000000001D19000-memory.dmp

Filesize
36KB

Download