eae78c03780b37567441d12c66012c8ff75e63cfce5358efb264753d02aba7c6

Analysis

max time kernel
121s
max time network
168s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25/11/2022, 18:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eae78c03780b37567441d12c66012c8ff75e63cfce5358efb264753d02aba7c6.exe
Size

158KB
MD5

7478f210da6ee0a647437723d630a27d
SHA1

f7773e95c27c25d948484db30376b96394f034f6
SHA256

eae78c03780b37567441d12c66012c8ff75e63cfce5358efb264753d02aba7c6
SHA512

a4388d8d4a23acf12076f97526fbb504a8d28111ff52647337df16cc964a1218c8e19d2b826ecc3dbc0fd37a97c02632b07efc3843b0d65d0e8b9e3554810e98
SSDEEP

3072:PX7DItrfaocyTgfsqQOlJ2u4zzbMIoOFbHb6X2e/haXt+kB:PsaocyLC2u4znM8ud/uX

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000800000001232a-59.dat	acprotect
behavioral1/memory/1456-60-0x0000000074350000-0x0000000074359000-memory.dmp	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000800000001232a-59.dat	upx
behavioral1/memory/1456-60-0x0000000074350000-0x0000000074359000-memory.dmp	upx

Loads dropped DLL 6 IoCs

pid	Process
1456	eae78c03780b37567441d12c66012c8ff75e63cfce5358efb264753d02aba7c6.exe
1456	eae78c03780b37567441d12c66012c8ff75e63cfce5358efb264753d02aba7c6.exe
1456	eae78c03780b37567441d12c66012c8ff75e63cfce5358efb264753d02aba7c6.exe
1456	eae78c03780b37567441d12c66012c8ff75e63cfce5358efb264753d02aba7c6.exe
1456	eae78c03780b37567441d12c66012c8ff75e63cfce5358efb264753d02aba7c6.exe
1456	eae78c03780b37567441d12c66012c8ff75e63cfce5358efb264753d02aba7c6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\eae78c03780b37567441d12c66012c8ff75e63cfce5358efb264753d02aba7c6.exe
"C:\Users\Admin\AppData\Local\Temp\eae78c03780b37567441d12c66012c8ff75e63cfce5358efb264753d02aba7c6.exe"
1⤵
- Loads dropped DLL
PID:1456

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nstAF07.tmp\System.dll

Filesize
23KB

MD5
125aebb055446fb52aa5956cf99e8a9a

SHA1
6b58fd08a8ff2763219cc6b0dcdb875f9970f850

SHA256
2e1b11ee20e5061ea86dc6b01e3efc659e887540afcab7317cdfd6a8eff87ec3

SHA512
5f85e48bd3ae2fd2be0595b93cbf74674e0281210688dcc73691178b295a702e8d43898afb6e5d8b7e82de98b4ee28194c9838ddf8279cde85f7fe48d34dc8b7

Download Submit
\Users\Admin\AppData\Local\Temp\nstAF07.tmp\inetc.dll

Filesize
25KB

MD5
29e2dcdfb57ee3ab5e2bbc2fc3c42f02

SHA1
bd6cafcce5b70ee15311f9f53e9fd4aac819ccda

SHA256
2b7a69e98ed4975fd4eade513cff17099c43b3eebe7e7641696d1d20e8e14b2f

SHA512
f71c981b3b5308566b56156462d106ebf8e49a32e55b70891f9d70338941afd347cb4df374fe38b9b3d7309f63dd75a7c80ebe02bb8941d558cd638a6f8daf7a

Download Submit
\Users\Admin\AppData\Local\Temp\nstAF07.tmp\inetc.dll

Filesize
25KB

MD5
29e2dcdfb57ee3ab5e2bbc2fc3c42f02

SHA1
bd6cafcce5b70ee15311f9f53e9fd4aac819ccda

SHA256
2b7a69e98ed4975fd4eade513cff17099c43b3eebe7e7641696d1d20e8e14b2f

SHA512
f71c981b3b5308566b56156462d106ebf8e49a32e55b70891f9d70338941afd347cb4df374fe38b9b3d7309f63dd75a7c80ebe02bb8941d558cd638a6f8daf7a

Download Submit
\Users\Admin\AppData\Local\Temp\nstAF07.tmp\nsDialogs.dll

Filesize
11KB

MD5
790d227d847f7571c8d58a79057a469e

SHA1
75c347b1441383c61166b615dfd6e7e65b04629f

SHA256
37e99ab9db0045870e31db147438cf0c69b6fcdec4f3737a9743c447cbc0c3c0

SHA512
5821605bfb3e57ddfcc1a74829968814aae92b13cb713ef3628913d9112d493117e8aa9cc437770facdcd2d4bd1e53a271d491e6b4d3e4cff53bd027f4b07f4c

Download Submit
\Users\Admin\AppData\Local\Temp\nstAF07.tmp\nsRichEdit.dll

Filesize
5KB

MD5
02f1858b3131ffc3fc5e3a5391d3a489

SHA1
454a6d749cf55ff990bd9f57941aca9d1f1674f6

SHA256
f00bd6d3e7c7b8e8ad18b7dc6275fb80cc720fb164200a6506f50f6e66998b12

SHA512
8147fa8014a5065f4fed7de1fbb9c2ee2c1b94d63596f7bbcf6821ecd41a73d25ebdfa1e71ca74d7598cba063042b6dfcaf050a23d0c855a7b6fbc94147ab41b

Download Submit
\Users\Admin\AppData\Local\Temp\nstAF07.tmp\nxs.dll

Filesize
5KB

MD5
7259499597d08655801ecebcfd5f82d9

SHA1
2772b9b7ce9945eb896238ddea1558c48ce055c8

SHA256
09f7c4372e34fedb2c98c1f2cd73275a8ce5f2ce02581789d374513f1ff2fa34

SHA512
8e3c945a5d66d20ca388ed0aaf98548a4da46cd9480d2041c1215414072c3a21a42c8b5606165793457dc7ed5cf729d878c74608f2346d5eee627186ce2fd7d5

Download Submit
memory/1456-54-0x00000000757B1000-0x00000000757B3000-memory.dmp

Filesize
8KB

Download
memory/1456-60-0x0000000074350000-0x0000000074359000-memory.dmp

Filesize
36KB

Download