adbf8b75bd682628eecc920eb41ce3ae335c127d0db025e0208f977e720e9d01

Analysis

max time kernel
139s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adbf8b75bd682628eecc920eb41ce3ae335c127d0db025e0208f977e720e9d01.exe
Size

6.8MB
MD5

5a8f1e9337bed342e2c72b1c51622d5e
SHA1

f4f1b8865cc2432ed1ce733efa0f51b5e1739e63
SHA256

adbf8b75bd682628eecc920eb41ce3ae335c127d0db025e0208f977e720e9d01
SHA512

a7dde64b9c0acd366b4e799be50111a8a778e47f824bf3e339f0801c37b6cf23d333bc5ec81a725b10d865311faf5720c36fa720760211980e9c9927e3539014
SSDEEP

196608:YUe2Emd1J0++xUFqZ4a0QeZY0Xx7WnsJ5F6EmO9IUWpmEiQ5:YUlE60hUq2AYY0UsX0fzZp15

Score

9^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\xli70EF.tmp	acprotect
C:\Users\Admin\AppData\Local\Temp\xli70EF.tmp	acprotect
C:\Users\Admin\AppData\Local\Temp\xli70EF.tmp	acprotect
C:\Users\Admin\AppData\Local\Temp\xli70EF.tmp	acprotect

Executes dropped EXE 1 IoCs

Processes:

install.exe

pid process

3612 install.exe

pid	process
3612	install.exe

Loads dropped DLL 5 IoCs

Processes:

adbf8b75bd682628eecc920eb41ce3ae335c127d0db025e0208f977e720e9d01.exeinstall.exe

pid	process
1088	adbf8b75bd682628eecc920eb41ce3ae335c127d0db025e0208f977e720e9d01.exe
1088	adbf8b75bd682628eecc920eb41ce3ae335c127d0db025e0208f977e720e9d01.exe
3612	install.exe
3612	install.exe
3612	install.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

adbf8b75bd682628eecc920eb41ce3ae335c127d0db025e0208f977e720e9d01.exe

pid process

1088 adbf8b75bd682628eecc920eb41ce3ae335c127d0db025e0208f977e720e9d01.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

adbf8b75bd682628eecc920eb41ce3ae335c127d0db025e0208f977e720e9d01.exe

description	pid	process	target process
PID 1088 wrote to memory of 3612	1088	adbf8b75bd682628eecc920eb41ce3ae335c127d0db025e0208f977e720e9d01.exe	install.exe
PID 1088 wrote to memory of 3612	1088	adbf8b75bd682628eecc920eb41ce3ae335c127d0db025e0208f977e720e9d01.exe	install.exe
PID 1088 wrote to memory of 3612	1088	adbf8b75bd682628eecc920eb41ce3ae335c127d0db025e0208f977e720e9d01.exe	install.exe

C:\Users\Admin\AppData\Local\Temp\adbf8b75bd682628eecc920eb41ce3ae335c127d0db025e0208f977e720e9d01.exe
"C:\Users\Admin\AppData\Local\Temp\adbf8b75bd682628eecc920eb41ce3ae335c127d0db025e0208f977e720e9d01.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1088

\??\c:\7e7a432a95df97e42e5b0da8bc1724\install.exe
c:\7e7a432a95df97e42e5b0da8bc1724\install.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\7e7a432a95df97e42e5b0da8bc1724\install.exe
Filesize
217KB

MD5
2f0b99f7b9b85abc82e4f26eb2ed95d5

SHA1
0a156c5da81c9a7ec35da1e441c016f8c01cefd0

SHA256
493586eed708fe42a72a3c13c3a8adcf01ef9f50fe85d34282c62745c9287b1c

SHA512
47838d0178e6da8021bcbad74d2be47d04f3cd853ba2b695efca655ce6d4365f987b0cd914691d39a88fd6acbdeb7379b24d880abb9d7c391b5eb731feef7823

Download Submit
C:\7e7a432a95df97e42e5b0da8bc1724\install.res.dll
Filesize
387KB

MD5
8beb73adaa52565534908846ad09ef02

SHA1
f56cb94248057fa4513aef07f07cf581ec5ce938

SHA256
3a8d0e162af7ee98e89a1df547e7582fe310bddbd0f7b68aab3102bf17fdf66f

SHA512
f788d085fe92851542f4a5f6fb93a28a273d6f682764de585fea6715ad50959ac6686e7931cda56c48a5fce3cf8228340d09d42614f823f854f67721bb5cfa35

Download Submit
C:\7e7a432a95df97e42e5b0da8bc1724\install.res.dll
Filesize
387KB

MD5
8beb73adaa52565534908846ad09ef02

SHA1
f56cb94248057fa4513aef07f07cf581ec5ce938

SHA256
3a8d0e162af7ee98e89a1df547e7582fe310bddbd0f7b68aab3102bf17fdf66f

SHA512
f788d085fe92851542f4a5f6fb93a28a273d6f682764de585fea6715ad50959ac6686e7931cda56c48a5fce3cf8228340d09d42614f823f854f67721bb5cfa35

Download Submit
C:\Users\Admin\AppData\Local\Temp\xli70EF.tmp
Filesize
172KB

MD5
4f407b29d53e9eb54e22d096fce82aa7

SHA1
a4ee25b066cac19ff679dd491f5791652bb71185

SHA256
cf0ecf30fc95800a34105acb9bcb484bb594a35b3ef26ace8f122af4f9f888dc

SHA512
325f7b599455195101e4c0dafd3654906d20ed2c1ce2a5f38784635e16ab545df6ee44a83bed6128239be2dee5be110552c7b246b7f52482ab31552e14b54183

Download Submit
C:\Users\Admin\AppData\Local\Temp\xli70EF.tmp
Filesize
172KB

MD5
4f407b29d53e9eb54e22d096fce82aa7

SHA1
a4ee25b066cac19ff679dd491f5791652bb71185

SHA256
cf0ecf30fc95800a34105acb9bcb484bb594a35b3ef26ace8f122af4f9f888dc

SHA512
325f7b599455195101e4c0dafd3654906d20ed2c1ce2a5f38784635e16ab545df6ee44a83bed6128239be2dee5be110552c7b246b7f52482ab31552e14b54183

Download Submit
C:\Users\Admin\AppData\Local\Temp\xli70EF.tmp
Filesize
172KB

MD5
4f407b29d53e9eb54e22d096fce82aa7

SHA1
a4ee25b066cac19ff679dd491f5791652bb71185

SHA256
cf0ecf30fc95800a34105acb9bcb484bb594a35b3ef26ace8f122af4f9f888dc

SHA512
325f7b599455195101e4c0dafd3654906d20ed2c1ce2a5f38784635e16ab545df6ee44a83bed6128239be2dee5be110552c7b246b7f52482ab31552e14b54183

Download Submit
C:\Users\Admin\AppData\Local\Temp\xli70EF.tmp
Filesize
172KB

MD5
4f407b29d53e9eb54e22d096fce82aa7

SHA1
a4ee25b066cac19ff679dd491f5791652bb71185

SHA256
cf0ecf30fc95800a34105acb9bcb484bb594a35b3ef26ace8f122af4f9f888dc

SHA512
325f7b599455195101e4c0dafd3654906d20ed2c1ce2a5f38784635e16ab545df6ee44a83bed6128239be2dee5be110552c7b246b7f52482ab31552e14b54183

Download Submit
\??\c:\7e7a432a95df97e42e5b0da8bc1724\install.exe
Filesize
217KB

MD5
2f0b99f7b9b85abc82e4f26eb2ed95d5

SHA1
0a156c5da81c9a7ec35da1e441c016f8c01cefd0

SHA256
493586eed708fe42a72a3c13c3a8adcf01ef9f50fe85d34282c62745c9287b1c

SHA512
47838d0178e6da8021bcbad74d2be47d04f3cd853ba2b695efca655ce6d4365f987b0cd914691d39a88fd6acbdeb7379b24d880abb9d7c391b5eb731feef7823

Download Submit
\??\c:\7e7a432a95df97e42e5b0da8bc1724\install.res.dll
Filesize
387KB

MD5
8beb73adaa52565534908846ad09ef02

SHA1
f56cb94248057fa4513aef07f07cf581ec5ce938

SHA256
3a8d0e162af7ee98e89a1df547e7582fe310bddbd0f7b68aab3102bf17fdf66f

SHA512
f788d085fe92851542f4a5f6fb93a28a273d6f682764de585fea6715ad50959ac6686e7931cda56c48a5fce3cf8228340d09d42614f823f854f67721bb5cfa35

Download Submit
memory/1088-135-0x00000000005C0000-0x0000000000634000-memory.dmp

Filesize
464KB

Download
memory/1088-134-0x0000000001000000-0x0000000001020000-memory.dmp

Filesize
128KB

Download
memory/1088-146-0x0000000001000000-0x0000000001020000-memory.dmp

Filesize
128KB

Download
memory/3612-136-0x0000000000000000-mapping.dmp

Download
memory/3612-144-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/3612-145-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download