7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc

Analysis

max time kernel
145s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exe
Size

6.5MB
MD5

6f4a1a109f5d7af6fe5e0c607cc08f56
SHA1

2b02fedb1607a06ff65fa8791ddd2aa5017baa91
SHA256

7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc
SHA512

880e8cb804ad0916a65d11d03de26b0ef9b8b9bc08e72a38d939839d49e1de6bda687ec0d1e785f73c9120b0d2f5f188356ad6cb48194cf1a672da41386c0818
SSDEEP

98304:YOWlrb5X8juodooTUjGZ9gCfbZ8dSSj/B6DcdGvN0VZp/LPIclc6Qsya5nS9M33X:YB0juoiMUEDZG5oCrIcVwCXtJ

Score

9^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\aek3100.tmp	acprotect
C:\Users\Admin\AppData\Local\Temp\aek3100.tmp	acprotect
\Users\Admin\AppData\Local\Temp\aek3100.tmp	acprotect

Executes dropped EXE 1 IoCs

Processes:

install.exe

pid process

996 install.exe

pid	process
996	install.exe

Loads dropped DLL 5 IoCs

Processes:

7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exeinstall.exe

pid	process
1940	7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exe
1940	7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exe
996	install.exe
996	install.exe
996	install.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exe

pid process

1940 7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exe

description	pid	process	target process
PID 1940 wrote to memory of 996	1940	7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exe	install.exe
PID 1940 wrote to memory of 996	1940	7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exe	install.exe
PID 1940 wrote to memory of 996	1940	7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exe	install.exe
PID 1940 wrote to memory of 996	1940	7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exe	install.exe
PID 1940 wrote to memory of 996	1940	7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exe	install.exe
PID 1940 wrote to memory of 996	1940	7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exe	install.exe
PID 1940 wrote to memory of 996	1940	7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exe	install.exe

C:\Users\Admin\AppData\Local\Temp\7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exe
"C:\Users\Admin\AppData\Local\Temp\7689eba8872f9bdb9a2220080733aea8c43bb94d54c1a9097ed5958d2a06edfc.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1940

\??\c:\ffe3df8e41447a528be18af61744b5e0\install.exe
c:\ffe3df8e41447a528be18af61744b5e0\install.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aek3100.tmp

Filesize
172KB

MD5
685f1cbd4af30a1d0c25f252d399a666

SHA1
6a1b978f5e6150b88c8634146f1406ed97d2f134

SHA256
0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

SHA512
6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

Download Submit
C:\ffe3df8e41447a528be18af61744b5e0\install.exe

Filesize
196KB

MD5
a918216d1536eb6f6881b10c3f341921

SHA1
dbe1401386f602645f3017d6339345316c088e9d

SHA256
758834b434bd38a2cd0c3f15a031d8f0ce07a34a283764776994c3fc70d7a977

SHA512
d6445ed4942a11440ff7f44f2c8d685d59c05710d83479fa8c02bf2b2d81087a7484ad650edda47c20ef2e41dcd55f3458b3f079aa17f57e0ebf384970dbdc93

Download Submit
\??\c:\ffe3df8e41447a528be18af61744b5e0\install.exe

Filesize
196KB

MD5
a918216d1536eb6f6881b10c3f341921

SHA1
dbe1401386f602645f3017d6339345316c088e9d

SHA256
758834b434bd38a2cd0c3f15a031d8f0ce07a34a283764776994c3fc70d7a977

SHA512
d6445ed4942a11440ff7f44f2c8d685d59c05710d83479fa8c02bf2b2d81087a7484ad650edda47c20ef2e41dcd55f3458b3f079aa17f57e0ebf384970dbdc93

Download Submit
\??\c:\ffe3df8e41447a528be18af61744b5e0\install.res.dll

Filesize
347KB

MD5
6053137a6249698efbf3147f6f93642c

SHA1
3601381e439d3bc6d4355a41a9381da02e17d105

SHA256
4c1ffb5e4d8dd49eeece72e2a9d77d4b24a34b4e8acc628fbb7f4087a07d661a

SHA512
8a6c285fb47f45b0295137c2cef7b1b9eb6ae9e0e646887bb29e14083aaa16b244f7b0c25e383b6224062762ea995c12c6a34a6b3aacbe569230beba40210bff

Download Submit
\Users\Admin\AppData\Local\Temp\aek3100.tmp

Filesize
172KB

MD5
685f1cbd4af30a1d0c25f252d399a666

SHA1
6a1b978f5e6150b88c8634146f1406ed97d2f134

SHA256
0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

SHA512
6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

Download Submit
\Users\Admin\AppData\Local\Temp\aek3100.tmp

Filesize
172KB

MD5
685f1cbd4af30a1d0c25f252d399a666

SHA1
6a1b978f5e6150b88c8634146f1406ed97d2f134

SHA256
0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

SHA512
6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

Download Submit
\ffe3df8e41447a528be18af61744b5e0\install.exe

Filesize
196KB

MD5
a918216d1536eb6f6881b10c3f341921

SHA1
dbe1401386f602645f3017d6339345316c088e9d

SHA256
758834b434bd38a2cd0c3f15a031d8f0ce07a34a283764776994c3fc70d7a977

SHA512
d6445ed4942a11440ff7f44f2c8d685d59c05710d83479fa8c02bf2b2d81087a7484ad650edda47c20ef2e41dcd55f3458b3f079aa17f57e0ebf384970dbdc93

Download Submit
\ffe3df8e41447a528be18af61744b5e0\install.exe

Filesize
196KB

MD5
a918216d1536eb6f6881b10c3f341921

SHA1
dbe1401386f602645f3017d6339345316c088e9d

SHA256
758834b434bd38a2cd0c3f15a031d8f0ce07a34a283764776994c3fc70d7a977

SHA512
d6445ed4942a11440ff7f44f2c8d685d59c05710d83479fa8c02bf2b2d81087a7484ad650edda47c20ef2e41dcd55f3458b3f079aa17f57e0ebf384970dbdc93

Download Submit
\ffe3df8e41447a528be18af61744b5e0\install.res.dll

Filesize
347KB

MD5
6053137a6249698efbf3147f6f93642c

SHA1
3601381e439d3bc6d4355a41a9381da02e17d105

SHA256
4c1ffb5e4d8dd49eeece72e2a9d77d4b24a34b4e8acc628fbb7f4087a07d661a

SHA512
8a6c285fb47f45b0295137c2cef7b1b9eb6ae9e0e646887bb29e14083aaa16b244f7b0c25e383b6224062762ea995c12c6a34a6b3aacbe569230beba40210bff

Download Submit
memory/996-58-0x0000000000000000-mapping.dmp

Download
memory/996-69-0x0000000002210000-0x0000000002283000-memory.dmp

Filesize
460KB

Download
memory/1940-54-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download
memory/1940-65-0x0000000000020000-0x0000000000040000-memory.dmp

Filesize
128KB

Download
memory/1940-66-0x00000000008A0000-0x0000000000913000-memory.dmp

Filesize
460KB

Download
memory/1940-55-0x0000000001000000-0x0000000001020000-memory.dmp

Filesize
128KB

Download
memory/1940-70-0x0000000001000000-0x0000000001020000-memory.dmp

Filesize
128KB

Download
memory/1940-71-0x0000000000020000-0x0000000000040000-memory.dmp

Filesize
128KB

Download
memory/1940-72-0x00000000008A0000-0x0000000000913000-memory.dmp

Filesize
460KB

Download