Overview

overview

9

Static

static

c1246c3919...02.exe

windows7-x64

9

c1246c3919...02.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    201s
  • max time network
    208s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 10:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c1246c39193f6620a4d71e79da8920ad51870bc7b51d785d2db38880214d1702.exe

  • Size

    1.6MB

  • MD5

    227ba450212cc60f7716ed8107901a9e

  • SHA1

    ef136cf4fab24d6ca596806415b0c7036bd16392

  • SHA256

    c1246c39193f6620a4d71e79da8920ad51870bc7b51d785d2db38880214d1702

  • SHA512

    89c2398d808a4c905fd0a47a10eebc1dccb658324b80f4d11d465ebd1ed62205cd216627fa6fc1f5d6f7dffb892ba8247802481c6986aafe1f86d3593df6aabd

  • SSDEEP

    49152:HqLay+weLEEAey+rGdEwjZAVJIJ9yyGizx:Hq1+wKAey+GKwjZA+Gizx

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1246c39193f6620a4d71e79da8920ad51870bc7b51d785d2db38880214d1702.exe
    "C:\Users\Admin\AppData\Local\Temp\c1246c39193f6620a4d71e79da8920ad51870bc7b51d785d2db38880214d1702.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\jedata.dll
    Filesize

    86KB

    MD5

    114054313070472cd1a6d7d28f7c5002

    SHA1

    9a044986e6101df1a126035da7326a50c3fe9a23

    SHA256

    e15d9e1b772fed3db19e67b8d54533d1a2d46a37f8b12702a5892c6b886e9db1

    SHA512

    a2ff8481e89698dae4a1c83404105093472e384d7a3debbd7014e010543e08efc8ebb3f67c8a4ce09029e6b2a8fb7779bb402aae7c9987e61389cd8a72c73522

    Download Submit

  • memory/3288-132-0x00000000003A0000-0x000000000057D000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3288-133-0x0000000036320000-0x0000000036330000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3288-135-0x0000000010000000-0x000000001003E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3288-136-0x00000000003A0000-0x000000000057D000-memory.dmp

    Filesize

    1.9MB

    Download