Analysis
-
max time kernel
310s -
max time network
328s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 12:37
Static task
static1
Behavioral task
behavioral1
Sample
5f38443b74409afe1399cb1612952bcfb0c7949299df0eab623c04f905fabee5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5f38443b74409afe1399cb1612952bcfb0c7949299df0eab623c04f905fabee5.exe
Resource
win10v2004-20221111-en
General
-
Target
5f38443b74409afe1399cb1612952bcfb0c7949299df0eab623c04f905fabee5.exe
-
Size
684KB
-
MD5
6b2701145d373bf071e9ec0ee22872c3
-
SHA1
8164f70cdc93cb9a84613155b40fdb5c3c1463bb
-
SHA256
5f38443b74409afe1399cb1612952bcfb0c7949299df0eab623c04f905fabee5
-
SHA512
2f96d00ce873202290b3249ebe53a4742155a7c68750459e7547feb1c720749fbc9f63b13d68faccde749674ce9e032d898b3dc9070d875889ddc9a35761f24a
-
SSDEEP
12288:HcFpmo1qX+UDFlbsxiVri38WWsR5nWFpPoSC+:Hy4uUD7bsxsraWfbZ
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
Processes:
resource yara_rule C:\Windows\jedata.dll acprotect -
Processes:
resource yara_rule C:\Windows\jedata.dll upx behavioral2/memory/4772-133-0x0000000010000000-0x000000001003E000-memory.dmp upx -
Loads dropped DLL 1 IoCs
Processes:
5f38443b74409afe1399cb1612952bcfb0c7949299df0eab623c04f905fabee5.exepid process 4772 5f38443b74409afe1399cb1612952bcfb0c7949299df0eab623c04f905fabee5.exe -
Drops file in Windows directory 2 IoCs
Processes:
5f38443b74409afe1399cb1612952bcfb0c7949299df0eab623c04f905fabee5.exedescription ioc process File created C:\Windows\win8.she 5f38443b74409afe1399cb1612952bcfb0c7949299df0eab623c04f905fabee5.exe File created C:\Windows\jedata.dll 5f38443b74409afe1399cb1612952bcfb0c7949299df0eab623c04f905fabee5.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
5f38443b74409afe1399cb1612952bcfb0c7949299df0eab623c04f905fabee5.exepid process 4772 5f38443b74409afe1399cb1612952bcfb0c7949299df0eab623c04f905fabee5.exe 4772 5f38443b74409afe1399cb1612952bcfb0c7949299df0eab623c04f905fabee5.exe 4772 5f38443b74409afe1399cb1612952bcfb0c7949299df0eab623c04f905fabee5.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5f38443b74409afe1399cb1612952bcfb0c7949299df0eab623c04f905fabee5.exe"C:\Users\Admin\AppData\Local\Temp\5f38443b74409afe1399cb1612952bcfb0c7949299df0eab623c04f905fabee5.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4772
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\jedata.dllFilesize
86KB
MD5114054313070472cd1a6d7d28f7c5002
SHA19a044986e6101df1a126035da7326a50c3fe9a23
SHA256e15d9e1b772fed3db19e67b8d54533d1a2d46a37f8b12702a5892c6b886e9db1
SHA512a2ff8481e89698dae4a1c83404105093472e384d7a3debbd7014e010543e08efc8ebb3f67c8a4ce09029e6b2a8fb7779bb402aae7c9987e61389cd8a72c73522
-
memory/4772-133-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB