01eee304bc4cfc1717ebde11084ddbcc964fdd7339bc2fe84e3b8e138ca524bc

General

Target

01eee304bc4cfc1717ebde11084ddbcc964fdd7339bc2fe84e3b8e138ca524bc.exe
Size

325KB
MD5

84f10efa2b7e1b18460dc40214366594
SHA1

de9fc4dab6ea6aecf1165afd219b363e814262c2
SHA256

01eee304bc4cfc1717ebde11084ddbcc964fdd7339bc2fe84e3b8e138ca524bc
SHA512

cea1158884f05ba7a6ca4a9360103a84df3d70fbd0d8770f1d1466e9f1c72592993b2bf5bcdabdda3f85384667dd7f6ffd79d29d12c69a35f6f73914d492c814
SSDEEP

6144:/4J6lmIMLPkuWCgXmyaunfFnFFMDn3ouqUW66uh7WvHYr4LAilAeShjNaex:M6lmhLR6fFwDn3RqUr607WvipiqVNaex

Score

9^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x00140000000054ab-55.dat	acprotect
behavioral1/files/0x00140000000054ab-62.dat	acprotect
behavioral1/files/0x00140000000054ab-61.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
548	GLB3.tmp

Loads dropped DLL 5 IoCs

pid	Process
1048	01eee304bc4cfc1717ebde11084ddbcc964fdd7339bc2fe84e3b8e138ca524bc.exe
1048	01eee304bc4cfc1717ebde11084ddbcc964fdd7339bc2fe84e3b8e138ca524bc.exe
548	GLB3.tmp
548	GLB3.tmp
548	GLB3.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1048	01eee304bc4cfc1717ebde11084ddbcc964fdd7339bc2fe84e3b8e138ca524bc.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 548	1048	01eee304bc4cfc1717ebde11084ddbcc964fdd7339bc2fe84e3b8e138ca524bc.exe	27
PID 1048 wrote to memory of 548	1048	01eee304bc4cfc1717ebde11084ddbcc964fdd7339bc2fe84e3b8e138ca524bc.exe	27
PID 1048 wrote to memory of 548	1048	01eee304bc4cfc1717ebde11084ddbcc964fdd7339bc2fe84e3b8e138ca524bc.exe	27
PID 1048 wrote to memory of 548	1048	01eee304bc4cfc1717ebde11084ddbcc964fdd7339bc2fe84e3b8e138ca524bc.exe	27
PID 1048 wrote to memory of 548	1048	01eee304bc4cfc1717ebde11084ddbcc964fdd7339bc2fe84e3b8e138ca524bc.exe	27
PID 1048 wrote to memory of 548	1048	01eee304bc4cfc1717ebde11084ddbcc964fdd7339bc2fe84e3b8e138ca524bc.exe	27
PID 1048 wrote to memory of 548	1048	01eee304bc4cfc1717ebde11084ddbcc964fdd7339bc2fe84e3b8e138ca524bc.exe	27

C:\Users\Admin\AppData\Local\Temp\01eee304bc4cfc1717ebde11084ddbcc964fdd7339bc2fe84e3b8e138ca524bc.exe
"C:\Users\Admin\AppData\Local\Temp\01eee304bc4cfc1717ebde11084ddbcc964fdd7339bc2fe84e3b8e138ca524bc.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Users\Admin\AppData\Local\Temp\GLB3.tmp
  C:\Users\Admin\AppData\Local\Temp\GLB3.tmp 4736 C:\Users\Admin\AppData\Local\Temp\01EEE3~1.EXE
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\GLB3.tmp

Filesize
70KB

MD5
1c857a14cc4395886b66044c4be66206

SHA1
fb05bf25e6febcb835392e784b520b1a74f4ccad

SHA256
8787c1fe605d4510ae3b9193cdaa68a8755b85018d4cd450fef01864551664c4

SHA512
eac62d8a2b7f4fdd3ee237012bee504635c2faa5bc8b3c843369bfe26744595907e9bd98fa5da7c474f0fcb3c487341f5b4a92459ec1e6ab94a93c51218b9c9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLB3.tmp

Filesize
70KB

MD5
1c857a14cc4395886b66044c4be66206

SHA1
fb05bf25e6febcb835392e784b520b1a74f4ccad

SHA256
8787c1fe605d4510ae3b9193cdaa68a8755b85018d4cd450fef01864551664c4

SHA512
eac62d8a2b7f4fdd3ee237012bee504635c2faa5bc8b3c843369bfe26744595907e9bd98fa5da7c474f0fcb3c487341f5b4a92459ec1e6ab94a93c51218b9c9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\lzkFF85.tmp

Filesize
172KB

MD5
685f1cbd4af30a1d0c25f252d399a666

SHA1
6a1b978f5e6150b88c8634146f1406ed97d2f134

SHA256
0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

SHA512
6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

Download Submit
\Users\Admin\AppData\Local\Temp\GLB3.tmp

Filesize
70KB

MD5
1c857a14cc4395886b66044c4be66206

SHA1
fb05bf25e6febcb835392e784b520b1a74f4ccad

SHA256
8787c1fe605d4510ae3b9193cdaa68a8755b85018d4cd450fef01864551664c4

SHA512
eac62d8a2b7f4fdd3ee237012bee504635c2faa5bc8b3c843369bfe26744595907e9bd98fa5da7c474f0fcb3c487341f5b4a92459ec1e6ab94a93c51218b9c9a

Download Submit
\Users\Admin\AppData\Local\Temp\GLC281.tmp

Filesize
161KB

MD5
8c97d8bb1470c6498e47b12c5a03ce39

SHA1
15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7

SHA256
a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a

SHA512
7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f

Download Submit
\Users\Admin\AppData\Local\Temp\GLF121F.tmp

Filesize
10KB

MD5
3b2e23d259394c701050486e642d14fa

SHA1
4e9661c4ba84400146b80b905f46a0f7ef4d62eb

SHA256
166d7156142f3ee09fa69eb617dd22e4fd248aa80a1ac08767db6ad99a2705c1

SHA512
2b792296dffa4e43bc85295dc7691bd29762ce5d9d5eafaa74e199e6a8e5b24aa85d0a1b27776d4719a49b0d29abcf6f240746a209528e608b596b560e5a3b88

Download Submit
\Users\Admin\AppData\Local\Temp\lzkFF85.tmp

Filesize
172KB

MD5
685f1cbd4af30a1d0c25f252d399a666

SHA1
6a1b978f5e6150b88c8634146f1406ed97d2f134

SHA256
0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

SHA512
6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

Download Submit
\Users\Admin\AppData\Local\Temp\lzkFF85.tmp

Filesize
172KB

MD5
685f1cbd4af30a1d0c25f252d399a666

SHA1
6a1b978f5e6150b88c8634146f1406ed97d2f134

SHA256
0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

SHA512
6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

Download Submit
memory/548-68-0x0000000001EE0000-0x0000000001F53000-memory.dmp

Filesize
460KB

Download
memory/548-70-0x0000000001EE0000-0x0000000001F53000-memory.dmp

Filesize
460KB

Download
memory/1048-54-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download
memory/1048-64-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1048-65-0x00000000003D0000-0x00000000003FA000-memory.dmp

Filesize
168KB

Download
memory/1048-66-0x00000000003D0000-0x00000000003FA000-memory.dmp

Filesize
168KB

Download
memory/1048-67-0x00000000004B0000-0x0000000000523000-memory.dmp

Filesize
460KB

Download
memory/1048-71-0x00000000004B0000-0x0000000000523000-memory.dmp

Filesize
460KB

Download

Analysis

Sharing