707d6a3f6f5954dba807d0179e45f9cf2f713b90bcdc72ad2e02eb3ebe5840ca

Analysis

max time kernel
139s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 03:56

Target

707d6a3f6f5954dba807d0179e45f9cf2f713b90bcdc72ad2e02eb3ebe5840ca.exe
Size

31KB
MD5

202ce76b71a336472472e178d802e8cf
SHA1

53c9d16f7159be87f2c1e9f2dc5509e2baca2de0
SHA256

707d6a3f6f5954dba807d0179e45f9cf2f713b90bcdc72ad2e02eb3ebe5840ca
SHA512

1b91afef2f193f4e6599c12f6d6769cd38845dce240f4e7559951118fca0dca37e9fca14924d25004052d047500709bd15419ccd61d9de4d207c37631daa199a
SSDEEP

768:5Pha0rI1m5yZBzJCXOSAOzdoxe6FyHpeHwmQG1lC/izb8TH3A:tpj5kOF1zOewy49QElC/i23A

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000200000001e72a-132.dat	acprotect
behavioral2/files/0x000200000001e72a-133.dat	acprotect

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/files/0x000200000001e72a-132.dat	upx
behavioral2/files/0x000200000001e72a-133.dat	upx
behavioral2/memory/4652-134-0x0000000000400000-0x0000000000414000-memory.dmp	upx
behavioral2/memory/4652-135-0x0000000000590000-0x00000000005A1000-memory.dmp	upx

Loads dropped DLL 2 IoCs

pid	Process
4652	707d6a3f6f5954dba807d0179e45f9cf2f713b90bcdc72ad2e02eb3ebe5840ca.exe
4652	707d6a3f6f5954dba807d0179e45f9cf2f713b90bcdc72ad2e02eb3ebe5840ca.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSINFO\Ms_Info.Obj	707d6a3f6f5954dba807d0179e45f9cf2f713b90bcdc72ad2e02eb3ebe5840ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\Ms_Info.Obj	707d6a3f6f5954dba807d0179e45f9cf2f713b90bcdc72ad2e02eb3ebe5840ca.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08315C1A-9BA9-4B7C-A432-26885F78DF28}	707d6a3f6f5954dba807d0179e45f9cf2f713b90bcdc72ad2e02eb3ebe5840ca.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08315C1A-9BA9-4B7C-A432-26885F78DF28}\	707d6a3f6f5954dba807d0179e45f9cf2f713b90bcdc72ad2e02eb3ebe5840ca.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08315C1A-9BA9-4B7C-A432-26885F78DF28}\InProcServer32	707d6a3f6f5954dba807d0179e45f9cf2f713b90bcdc72ad2e02eb3ebe5840ca.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08315C1A-9BA9-4B7C-A432-26885F78DF28}\InProcServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\MSINFO\\Ms_Info.Obj"	707d6a3f6f5954dba807d0179e45f9cf2f713b90bcdc72ad2e02eb3ebe5840ca.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08315C1A-9BA9-4B7C-A432-26885F78DF28}\InProcServer32\ThreadingModel = "Apartment"	707d6a3f6f5954dba807d0179e45f9cf2f713b90bcdc72ad2e02eb3ebe5840ca.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4652	707d6a3f6f5954dba807d0179e45f9cf2f713b90bcdc72ad2e02eb3ebe5840ca.exe

C:\Program Files\Common Files\microsoft shared\MSInfo\Ms_Info.Obj

Filesize
17KB

MD5
84f0480e677beec04b032ce99c2027e5

SHA1
b1d8f61222c456956dd5af8cf7d938df9bdf79a9

SHA256
472d7371eab4a537ea6a888be6a4693b5861ab459341244887efbf8ae3c26a29

SHA512
c859c2c63e71cae832f2c5eae6f3d45b9c8aacbd88797f0c1dfc3b4a627c936cd0a8513f06918c9bfd3630d3b5ebd4541603cb0eabec6c3c7d1a596248ecb9fa

Download Submit
C:\Program Files\Common Files\microsoft shared\MSInfo\Ms_Info.Obj

Filesize
17KB

MD5
84f0480e677beec04b032ce99c2027e5

SHA1
b1d8f61222c456956dd5af8cf7d938df9bdf79a9

SHA256
472d7371eab4a537ea6a888be6a4693b5861ab459341244887efbf8ae3c26a29

SHA512
c859c2c63e71cae832f2c5eae6f3d45b9c8aacbd88797f0c1dfc3b4a627c936cd0a8513f06918c9bfd3630d3b5ebd4541603cb0eabec6c3c7d1a596248ecb9fa

Download Submit
memory/4652-134-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4652-135-0x0000000000590000-0x00000000005A1000-memory.dmp

Filesize
68KB

Download