Analysis

  • max time kernel
    205s
  • max time network
    215s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 21:18

General

  • Target

    4caf21fe53609cb3c227cb2f9597c78fb5019eb54e5cf057e5493336b3ee3aee.exe

  • Size

    4.7MB

  • MD5

    478ea75a4095c0f4f06771965243264e

  • SHA1

    36364438c5ed4591bd82c3514693fa0d8518773d

  • SHA256

    4caf21fe53609cb3c227cb2f9597c78fb5019eb54e5cf057e5493336b3ee3aee

  • SHA512

    f825a3f159d24d5e2cae33fa9b1633783960c16acdc2879138b346bb180af40b9b3e4ee2d7e5ba319db431d4fdb6acbeb30bd44aa649d5eb2de3c19224254cfc

  • SSDEEP

    98304:wPGIvSHVrmjImDGbCf5gS7Gx3I5egNqcJeOzuG1BjIyAl7:4GaQrcDGu5gSle9cJbzusyyY

Score
9/10

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4caf21fe53609cb3c227cb2f9597c78fb5019eb54e5cf057e5493336b3ee3aee.exe
    "C:\Users\Admin\AppData\Local\Temp\4caf21fe53609cb3c227cb2f9597c78fb5019eb54e5cf057e5493336b3ee3aee.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\mji6189.tmp

    Filesize

    172KB

    MD5

    fe763c2d71419352141c77c310e600d2

    SHA1

    6bb51ebcbde9fe5556a74319b49bea37d5542d5e

    SHA256

    7fdf10ca02d2238e22fda18dfbede9750da9f257221802c8b86c557c19c9bc7b

    SHA512

    147b3a525b1fef98ae46923dcbe25edfcf7b523f347857466eefa88f09ec053ba309dfbee5f1454ec64aba0518ee21986c4b6a506f8550efb1163c8f04d7482c

  • C:\Users\Admin\AppData\Local\Temp\mji6189.tmp

    Filesize

    172KB

    MD5

    fe763c2d71419352141c77c310e600d2

    SHA1

    6bb51ebcbde9fe5556a74319b49bea37d5542d5e

    SHA256

    7fdf10ca02d2238e22fda18dfbede9750da9f257221802c8b86c557c19c9bc7b

    SHA512

    147b3a525b1fef98ae46923dcbe25edfcf7b523f347857466eefa88f09ec053ba309dfbee5f1454ec64aba0518ee21986c4b6a506f8550efb1163c8f04d7482c

  • C:\Users\Admin\AppData\Local\Temp\nsb6323.tmp\InstallOptions.dll

    Filesize

    12KB

    MD5

    4c7d97d0786ff08b20d0e8315b5fc3cb

    SHA1

    bb6f475e867b2bf55e4cd214bd4ef68e26d70f6c

    SHA256

    75e20f4c5eb00e9e5cb610273023e9d2c36392fa3b664c264b736c7cc2d1ac84

    SHA512

    f37093fd5cdda74d8f7376c60a05b442f884e9d370347c7c39d84eca88f23fbea6221da2e57197acd78c817a74703c49fb28b89d41c3e34817cc9301b0b6485a

  • memory/2800-132-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

  • memory/2800-135-0x00000000021F0000-0x0000000002263000-memory.dmp

    Filesize

    460KB

  • memory/2800-137-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

  • memory/2800-138-0x00000000021F0000-0x0000000002263000-memory.dmp

    Filesize

    460KB