c9e1b7aef096d5012859b4245adcacb01812eaf75cfb0806da8f6bea18d5fcf3

Analysis

max time kernel
161s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9e1b7aef096d5012859b4245adcacb01812eaf75cfb0806da8f6bea18d5fcf3.exe
Size

840KB
MD5

5fc2f483e72c077cc103fa3e8f0c8d57
SHA1

4f681697811ce8407823013b541745c4ac0f2bda
SHA256

c9e1b7aef096d5012859b4245adcacb01812eaf75cfb0806da8f6bea18d5fcf3
SHA512

13d2d7dba8a8693237bc663e32c27c4dc1f62ae5c4623dd29baca6c7cdc0c0eb90facfa1533d237c302501c130ebd859f04e99e459db93fd2219be978c3b9d46
SSDEEP

12288:lqJPbyS9EqjiGxvEb5Q3+xnWsBDnhgpV/HYVvHDgfluiij5dyOeGnX:l+2QT5EG3+tWO8pH0Dgf0iE5Te0X

Score

9^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0007000000022e25-134.dat	acprotect
behavioral2/files/0x0007000000022e25-133.dat	acprotect

Loads dropped DLL 5 IoCs

pid	Process
4764	c9e1b7aef096d5012859b4245adcacb01812eaf75cfb0806da8f6bea18d5fcf3.exe
4764	c9e1b7aef096d5012859b4245adcacb01812eaf75cfb0806da8f6bea18d5fcf3.exe
4764	c9e1b7aef096d5012859b4245adcacb01812eaf75cfb0806da8f6bea18d5fcf3.exe
4764	c9e1b7aef096d5012859b4245adcacb01812eaf75cfb0806da8f6bea18d5fcf3.exe
4764	c9e1b7aef096d5012859b4245adcacb01812eaf75cfb0806da8f6bea18d5fcf3.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\GLBSINST.%$D	c9e1b7aef096d5012859b4245adcacb01812eaf75cfb0806da8f6bea18d5fcf3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4764	c9e1b7aef096d5012859b4245adcacb01812eaf75cfb0806da8f6bea18d5fcf3.exe

C:\Users\Admin\AppData\Local\Temp\c9e1b7aef096d5012859b4245adcacb01812eaf75cfb0806da8f6bea18d5fcf3.exe
"C:\Users\Admin\AppData\Local\Temp\c9e1b7aef096d5012859b4245adcacb01812eaf75cfb0806da8f6bea18d5fcf3.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:4764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\GLCE054.tmp

Filesize
157KB

MD5
fbd929bfc7b4a9e4fa4506655bab4c4a

SHA1
b4df84de80729a04ed90dc976a3e730a568f24f8

SHA256
adf8dea5d36b58cf621e2bb0c4549f94e0919308dd7cc1215d942417c45e54a4

SHA512
b310e79848dc2a3c6a4524e0b120e2e3dd73ecb6852c65a9eec368045f7bab0b141210726476dd3cb0c1d9008e1f34149f35c03a0156a9eef7d4a7fbc61ea1b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLKE1BD.tmp

Filesize
30KB

MD5
3df61e5730883b2d338addd7acbe4bc4

SHA1
03166e6230231e7e3583cf9c8944f4967aa1bf1b

SHA256
2efe9a54c8eb878711d9b6cd18f276838645aff52fe69d8a864376cb258ec616

SHA512
36e9d705d22dad3d952b4da578a990f2b63ec2f9fbf2734efdaea9ecbd4f07a8d7232792eb5bdd81c553354d51334993cb6103c377f3483a680eac9e41cd2087

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLKE1BD.tmp

Filesize
30KB

MD5
3df61e5730883b2d338addd7acbe4bc4

SHA1
03166e6230231e7e3583cf9c8944f4967aa1bf1b

SHA256
2efe9a54c8eb878711d9b6cd18f276838645aff52fe69d8a864376cb258ec616

SHA512
36e9d705d22dad3d952b4da578a990f2b63ec2f9fbf2734efdaea9ecbd4f07a8d7232792eb5bdd81c553354d51334993cb6103c377f3483a680eac9e41cd2087

Download Submit
C:\Users\Admin\AppData\Local\Temp\hviD94E.tmp

Filesize
172KB

MD5
fe763c2d71419352141c77c310e600d2

SHA1
6bb51ebcbde9fe5556a74319b49bea37d5542d5e

SHA256
7fdf10ca02d2238e22fda18dfbede9750da9f257221802c8b86c557c19c9bc7b

SHA512
147b3a525b1fef98ae46923dcbe25edfcf7b523f347857466eefa88f09ec053ba309dfbee5f1454ec64aba0518ee21986c4b6a506f8550efb1163c8f04d7482c

Download Submit
C:\Users\Admin\AppData\Local\Temp\hviD94E.tmp

Filesize
172KB

MD5
fe763c2d71419352141c77c310e600d2

SHA1
6bb51ebcbde9fe5556a74319b49bea37d5542d5e

SHA256
7fdf10ca02d2238e22fda18dfbede9750da9f257221802c8b86c557c19c9bc7b

SHA512
147b3a525b1fef98ae46923dcbe25edfcf7b523f347857466eefa88f09ec053ba309dfbee5f1454ec64aba0518ee21986c4b6a506f8550efb1163c8f04d7482c

Download Submit
memory/4764-132-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4764-135-0x0000000002160000-0x00000000021D3000-memory.dmp

Filesize
460KB

Download
memory/4764-139-0x00000000023F1000-0x00000000023F3000-memory.dmp

Filesize
8KB

Download
memory/4764-140-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4764-141-0x0000000002160000-0x00000000021D3000-memory.dmp

Filesize
460KB

Download