34f7b0c3b0f671fd3f6fc9c1f8208bdcc7388a4a985cbc6167205c0ff1e4008a

Analysis

max time kernel
54s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 05:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AIMP 3.60 Build 1497.exe
Size

21.0MB
MD5

90ceeaad185f26cf0773ec2f5c97e04c
SHA1

e9552ecfd6d8acba1895064ca6c37414c641b512
SHA256

fdb7004924fec63f11f08be54c623a79fbdebb7828b3046e486b567ed81b5ed9
SHA512

bb904bbde5b5aac6571ea8453d666a08de340675590958cb55db1c58a508d691454f11d576bac5699b2a02d3b2db5154b265bc217a539f3d3388c732e200f404
SSDEEP

393216:QDyiMBwXZGtsfyEtSsvCoYt0mfjD6wHyBRJIj1VhdQwh3wvVGmU7XTx:eknmZttifj+Kyz47RXDvx

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000a0000000122f5-92.dat	acprotect

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a0000000122f5-81.dat	upx
behavioral1/files/0x000a0000000122f5-87.dat	upx
behavioral1/files/0x000a0000000122f5-92.dat	upx
behavioral1/files/0x000a0000000122f5-91.dat	upx
behavioral1/files/0x000a0000000122f5-89.dat	upx
behavioral1/files/0x000a0000000122f5-88.dat	upx
behavioral1/files/0x000a0000000122f5-86.dat	upx
behavioral1/files/0x000a0000000122f5-85.dat	upx
behavioral1/files/0x000a0000000122f5-84.dat	upx
behavioral1/files/0x000a0000000122f5-83.dat	upx
behavioral1/files/0x000a0000000122f5-82.dat	upx
behavioral1/files/0x000a0000000122f5-80.dat	upx
behavioral1/files/0x000a0000000122f5-78.dat	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2012 set thread context of 908	2012	AIMP 3.60 Build 1497.exe	28

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}\ = "DynamicNS"	AIMP 3.60 Build 1497.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AIMP 3.60 Build 1497.DynamicNS\Clsid	AIMP 3.60 Build 1497.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AIMP 3.60 Build 1497.DynamicNS\Clsid\ = "{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}"	AIMP 3.60 Build 1497.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}\ProgID	AIMP 3.60 Build 1497.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}	AIMP 3.60 Build 1497.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}\LocalServer32	AIMP 3.60 Build 1497.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AIMP36~1.EXE"	AIMP 3.60 Build 1497.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AIMP 3.60 Build 1497.DynamicNS	AIMP 3.60 Build 1497.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AIMP 3.60 Build 1497.DynamicNS\ = "DynamicNS"	AIMP 3.60 Build 1497.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}\ProgID\ = "AIMP 3.60 Build 1497.DynamicNS"	AIMP 3.60 Build 1497.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
908	AIMP 3.60 Build 1497.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 908	2012	AIMP 3.60 Build 1497.exe	28
PID 2012 wrote to memory of 908	2012	AIMP 3.60 Build 1497.exe	28
PID 2012 wrote to memory of 908	2012	AIMP 3.60 Build 1497.exe	28
PID 2012 wrote to memory of 908	2012	AIMP 3.60 Build 1497.exe	28
PID 2012 wrote to memory of 908	2012	AIMP 3.60 Build 1497.exe	28
PID 2012 wrote to memory of 908	2012	AIMP 3.60 Build 1497.exe	28
PID 2012 wrote to memory of 908	2012	AIMP 3.60 Build 1497.exe	28
PID 2012 wrote to memory of 908	2012	AIMP 3.60 Build 1497.exe	28
PID 2012 wrote to memory of 908	2012	AIMP 3.60 Build 1497.exe	28
PID 2012 wrote to memory of 908	2012	AIMP 3.60 Build 1497.exe	28
PID 2012 wrote to memory of 908	2012	AIMP 3.60 Build 1497.exe	28
PID 2012 wrote to memory of 908	2012	AIMP 3.60 Build 1497.exe	28

C:\Users\Admin\AppData\Local\Temp\AIMP 3.60 Build 1497.exe
"C:\Users\Admin\AppData\Local\Temp\AIMP 3.60 Build 1497.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Users\Admin\AppData\Local\Temp\AIMP 3.60 Build 1497.exe
  "C:\Users\Admin\AppData\Local\Temp\AIMP 3.60 Build 1497.exe"
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\{5E1508C9-6295-47A3-B242-1562DB178FF2}.dll

Filesize
5KB

MD5
a9ac9730323dfd3bba9c93d1fe5304eb

SHA1
8b79101501a178d37e54bb487538f9c5d06ae5cd

SHA256
fc92549d6cffc940f37b2c687ff8dfaa6d1ab71b8f2c017c17958c2aed3d5c60

SHA512
48de0922c6088274cac9a0b79ddd815ffec920b79dad04fcd1ed2f70ae3c8b8649396de26fdf538d1a2a1ff4374175b964437137d2b751326938b0c2687fa6da

Download Submit
\Users\Admin\AppData\Local\Temp\{5E1508C9-6295-47A3-B242-1562DB178FF2}.dll

Filesize
17KB

MD5
95f17721f27c10bc04c3264fbea83b21

SHA1
cfeab43948826344154af978174186cb801fcd8c

SHA256
35f35f0634daf849be981180a137ebb2276c23413ba663c396c3e40af666765b

SHA512
f6b34c49286f42f30a940c9d86fc650c949d10acbd77895648b2ec2c9778c7117399c7a7c8a475597d4dfc0923d023846abdf0997fc6b9d91398732751234281

Download Submit
\Users\Admin\AppData\Local\Temp\{5E1508C9-6295-47A3-B242-1562DB178FF2}.dll

Filesize
41KB

MD5
7ce74a827e5aa62470ab924220b61652

SHA1
91f11da4103f3ecfb1df61952c7db1f4cdef68f3

SHA256
cb8c91194344674c09449ddf9e97a1c7864d438956d7ebb7b4f253bcb5baced7

SHA512
d079347ef9e8463a0eb5a8342736a51200d6b98e8bd5ecf27b8c2998e99574a43349c4355b5747f8fe76c7a35df32b9d54dd03d78b5361ea87d90df308fc7750

Download Submit
\Users\Admin\AppData\Local\Temp\{5E1508C9-6295-47A3-B242-1562DB178FF2}.dll

Filesize
11KB

MD5
3aacb9b05d5597540ce045d782da8317

SHA1
0fe6d206189f8365b41a2eeeb7863ed839bc06ab

SHA256
d9b02ae4b4b88a0b06db92887a696acd8202e0cbb113a5b10f9c8f580014781e

SHA512
81cdb483201a9b287d24c6db52eaa4b8fad04ed22a4730ed3e47de5180885b8733bbe62375eca30a4552c5c16b9f478f1b75ab0ee0b77a56e98da214d778d6f6

Download Submit
\Users\Admin\AppData\Local\Temp\{5E1508C9-6295-47A3-B242-1562DB178FF2}.dll

Filesize
10KB

MD5
caf790dd20c98245904f732de64a9c98

SHA1
bb708444086267252b74c4a2abc8d56bda256af3

SHA256
efee875b4071a276ccc96b303d031f07496fbf43eda9bb9663d2ef4beb230cad

SHA512
1e5e5cbb2f88b9153582f2e9d19f11280dcba269433cfbe2166bef31c874e0fc749159e1f952ebb46c4eed050b4af0af5236dbea451310ef87f27cd97d157236

Download Submit
\Users\Admin\AppData\Local\Temp\{5E1508C9-6295-47A3-B242-1562DB178FF2}.dll

Filesize
8KB

MD5
1f5c456ae010234c3b78bbeb301977da

SHA1
97f47ad6855c742f368168f5da313490f9afd1e5

SHA256
1fe598b7dd575731a2a4a5ff66773043a61f679869e09dd0f7ffc0b04a85829f

SHA512
3209e574a0564bb05a574532ed43ca9af347e1db4a884a20374404b8942440721499d2d67f0bd780098c31ef37a1d8290258653034248171566ec03e447be703

Download Submit
\Users\Admin\AppData\Local\Temp\{5E1508C9-6295-47A3-B242-1562DB178FF2}.dll

Filesize
9KB

MD5
64807cdeccdd20ff8d8e8ab1b8067d26

SHA1
1bc97f90ea5b4b576ff81e0581aee584f52a713c

SHA256
b0cd71d7402c08c221c48c8526b93d7d6471e8132563ecba55da8d3872a7dacf

SHA512
639acb0c88761744b0cb9835deb6580089888edda44b690ecce38997fdf83902b937f13501a19227b1030f796fbdd655967a89b936b4bf233a8a42e957ac1a15

Download Submit
\Users\Admin\AppData\Local\Temp\{5E1508C9-6295-47A3-B242-1562DB178FF2}.dll

Filesize
4KB

MD5
9f942be3f5da2d7415750d8807cfcc3d

SHA1
0f08bc39a9f16c389713f1e296a1f338174609e0

SHA256
e120e30226311ac7aa3e3ffed1dd7d67c62304bae63392a04e61927a790963c5

SHA512
87f9625cd753884c650c1836ebdf844975ccbaf9bf0d6ae243465bac6403de65b262c98fd89c4ed78a3274d6368f18b726b021dece1f35fb0777bce39e958d5b

Download Submit
\Users\Admin\AppData\Local\Temp\{5E1508C9-6295-47A3-B242-1562DB178FF2}.dll

Filesize
15KB

MD5
7af5b8e3d689bc6b0ae9a6f5c8d65052

SHA1
271b01e74aafab5677dcd8704669330e879c7872

SHA256
8044e0b7259e0a1a5cf8897553c68abd5af2ac0f11de2b93468fdc463667b353

SHA512
1e722d6b97f9f5d782df446e05f1771c062b7b31d451da21acdd8ba6c0b7f840a59e94de57b12f17a215687cb3915627a27f659a88c722353f18668ffdc5d8e9

Download Submit
\Users\Admin\AppData\Local\Temp\{5E1508C9-6295-47A3-B242-1562DB178FF2}.dll

Filesize
17KB

MD5
9b27b7f6b2f3752169d8243e09e1a0e0

SHA1
8408d6cf46801c666230f98758a59988012dba43

SHA256
1b9d3b11c31bdb0d4ff941147a3f60b3a4d8f24a69b4aa3f26808ebd24833a49

SHA512
8d53b8e804a5d4fac4ba452ec1749c3141c505cc6d74b1c0bd1e224354a8f186c1b6fa704f9bd679bcfd00dfb05b180c1a379e205fcaf324238038c33670d238

Download Submit
\Users\Admin\AppData\Local\Temp\{5E1508C9-6295-47A3-B242-1562DB178FF2}.dll

Filesize
14KB

MD5
779fdb60ada096126c6c12d46a7889f3

SHA1
1f2c4f0121df422fdcad22e3070cea2dea1c31fa

SHA256
203af559c0a2c4b40342dca6c848831af6c5bb703d1d97d21e0e6dabf5457875

SHA512
ea7b4df749f2efb6a42bcff260db1a5cf5a033a1daee17d70d90aec1173693e345116ff53621116f403bf573ea9c18b6e1c0603f8751200b5b0d699c6d9d9953

Download Submit
\Users\Admin\AppData\Local\Temp\{5E1508C9-6295-47A3-B242-1562DB178FF2}.dll

Filesize
494B

MD5
eb1930f96f22a38fc79b38211cc393bb

SHA1
e94d263717fdba5630c6964cd3e35c69b1900bb2

SHA256
aa3bb5cc62306054e6376bf025d088bce208563b7c8de550afe9c72c7dfd0a1e

SHA512
f563411cea828588794c0b68d6e620c87bb7628620e99e085ab03c696112cbef708a17e69394a1b5acb2b5767431f8916562e6b97857297732fe58dc7bf4cb9a

Download Submit
\Users\Admin\AppData\Local\Temp\{5E1508C9-6295-47A3-B242-1562DB178FF2}.dll

Filesize
10KB

MD5
13737f495b5c21234b34ecf5690b379b

SHA1
1b5ea8f3dadddd70bc258f54b3ced582f109b095

SHA256
cb6b41a176c140f16dfe71f921b551a1e0a6de10100d21cee2eaace4e7d9d11f

SHA512
40dad3b26f790bca3c4b8e2eda8ceea1b90bf026b9fdae27e4db8953b38bc353288a86b835cbc6cb5d33f09b41c434bcc973bee09ac7dcaec2d3acebd221c4ba

Download Submit
\Users\Admin\AppData\Local\Temp\{5E1508C9-6295-47A3-B242-1562DB178FF2}.dll

Filesize
120KB

MD5
c9f333d1ff898672a34805f94a265329

SHA1
2deaac66698fb2e9b3868d23034c3211c508b739

SHA256
07e546811635574c77edfda126b0e5f5292b4ea13f35158eddedcfc3cbf74b6b

SHA512
048c71e48e2def0bfc69ebfb69b834d650a9377082782333f50728fdfd6675df8093d0c87e606022e55d09f81549d4ca3b640bcdd33b9ddc9aace03ee1466add

Download Submit
memory/908-76-0x00000000758C1000-0x00000000758C3000-memory.dmp

Filesize
8KB

Download
memory/908-60-0x0000000000400000-0x000000000061B000-memory.dmp

Filesize
2.1MB

Download
memory/908-95-0x0000000003890000-0x00000000038EB000-memory.dmp

Filesize
364KB

Download
memory/908-98-0x0000000003890000-0x00000000038EB000-memory.dmp

Filesize
364KB

Download
memory/908-99-0x0000000003890000-0x00000000038EB000-memory.dmp

Filesize
364KB

Download
memory/908-97-0x0000000003890000-0x00000000038EB000-memory.dmp

Filesize
364KB

Download
memory/908-96-0x0000000003890000-0x00000000038EB000-memory.dmp

Filesize
364KB

Download
memory/908-74-0x0000000000400000-0x000000000061B000-memory.dmp

Filesize
2.1MB

Download
memory/908-55-0x0000000000400000-0x000000000061B000-memory.dmp

Filesize
2.1MB

Download
memory/908-54-0x0000000000400000-0x000000000061B000-memory.dmp

Filesize
2.1MB

Download
memory/908-94-0x0000000003890000-0x00000000038EB000-memory.dmp

Filesize
364KB

Download
memory/908-75-0x0000000000400000-0x000000000061B000-memory.dmp

Filesize
2.1MB

Download
memory/908-73-0x0000000000617001-mapping.dmp

Download
memory/908-71-0x0000000000400000-0x000000000061B000-memory.dmp

Filesize
2.1MB

Download
memory/908-68-0x0000000000400000-0x000000000061B000-memory.dmp

Filesize
2.1MB

Download
memory/908-65-0x0000000000400000-0x000000000061B000-memory.dmp

Filesize
2.1MB

Download
memory/908-63-0x0000000000400000-0x000000000061B000-memory.dmp

Filesize
2.1MB

Download
memory/908-77-0x0000000000400000-0x000000000061B000-memory.dmp

Filesize
2.1MB

Download
memory/908-57-0x0000000000400000-0x000000000061B000-memory.dmp

Filesize
2.1MB

Download
memory/908-93-0x0000000003890000-0x00000000038EB000-memory.dmp

Filesize
364KB

Download