5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da

Analysis

max time kernel
169s
max time network
88s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
Size

4.2MB
MD5

e2da20c81ebf9ade750ecfd235f61539
SHA1

1429595c00ef118b928e1e8d7eef5dd941566f5e
SHA256

5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da
SHA512

0a13df34dfc7837b53aee4eef1a86ad8c739b7044838af549e3b48a97090def78eff060b861f355eea403615007428ad4d8ce9f2d914b801cfca2f8efeb059d1
SSDEEP

98304:LV59BWEKG4cyZz1agDvhKNaxWfpEjkaNOHgBJaJ9GVi+Y:x5vzKG2ZhS80ykaNOHLHGw+Y

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x00070000000132f2-70.dat	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00070000000132f2-70.dat	upx
behavioral1/memory/1648-71-0x0000000002760000-0x000000000279F000-memory.dmp	upx

Loads dropped DLL 9 IoCs

pid	Process
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
1648	5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe

C:\Users\Admin\AppData\Local\Temp\5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
"C:\Users\Admin\AppData\Local\Temp\5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\jcqksweir\EDataStructure.fne

Filesize
112KB

MD5
50b10397fb6caed2e4719747191c893d

SHA1
026666fad34ad9f939da9184d6e84a8f0194ab21

SHA256
2c235bf689a344c80b781c2d45c07af50d47508d430f2b27f75260277a9203f1

SHA512
085ee2f7bd36e7b927c426d33cd1ad38bc9d07803362471db590fbfb4996bc95722544a8f321d8542ddd24b74214755c84d0efd03d50794a62288cd55808b8af

Download Submit
\Users\Admin\AppData\Local\Temp\jcqksweir\EThread.fne

Filesize
60KB

MD5
206396257b97bd275a90ce6c2c0c37fd

SHA1
3cae4506a033cf7e97156d5261f2a247c6270f42

SHA256
64eef86745d7ae0168fec357099e2e952ce74ee19576d06cc8c8c65f210cc22c

SHA512
4c23e52b5b23b305c3172e01dd205e15fda8f20f8b60776ba59d080bf05bbbca456a0ed232f2e2a2bf01d32efb913063f89fb4928bc4d5d1c1eb4c4979803455

Download Submit
\Users\Admin\AppData\Local\Temp\jcqksweir\HtmlView.fne

Filesize
212KB

MD5
f9a994df4d407bc79f7c84886fe7a654

SHA1
c93e4be70794164b7b339218cc832ac94074d08e

SHA256
2e9769ace867c79d5fcdda0eb2660c52b5e062c69b36add42d22eb0dddc4b3ee

SHA512
41b1333ed08c10aaef3d766fec2d6b2fa4c79001d7ce18a06918c2aa8c4ade69018522882bfd4543add31efbef5e7bb450511f80dc9b580eb022cb7c406a820e

Download Submit
\Users\Admin\AppData\Local\Temp\jcqksweir\SkinH_EL.dll

Filesize
95KB

MD5
74643bfcb5506297fc0a08baa172db15

SHA1
d5b8d5a7b9ba10d346a28750f8bce0c5b9fa597b

SHA256
97988664ef4449da37eb18f1c3df31a44a7decd581ae7e35e8078768fc957d9a

SHA512
2a14130822ae0921885e03a4a10de39f9c40da71333036ec1b30747b93991c71d8ce65e6cdd29a77619d44b505489d2c231b498f660a1db0b392aa7f36717b4f

Download Submit
\Users\Admin\AppData\Local\Temp\jcqksweir\dp1.fne

Filesize
128KB

MD5
07201b1fd5f8925dd49a4556ac3b5bab

SHA1
a76afbb44376912f823f2b461507c28d2585a96c

SHA256
abebbb0981d3d51eb63abcfa68be98da0cae4e6e3b143dd431fc845d1457dbd2

SHA512
0cf673ce1b6cad38f0211231e876f00f6a8397a5f3e71680046f4a216bbe0f47f4541e5f5b49364310e41a04cce14703459725c3d9f052f9da13624e73753e12

Download Submit
\Users\Admin\AppData\Local\Temp\jcqksweir\iext.fnr

Filesize
204KB

MD5
856495a1605bfc7f62086d482b502c6f

SHA1
86ecc67a784bc69157d664850d489aab64f5f912

SHA256
8c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf

SHA512
35a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9

Download Submit
\Users\Admin\AppData\Local\Temp\jcqksweir\krnln.fnr

Filesize
1.2MB

MD5
213f02d147385e48f60e96988cf73c45

SHA1
6331082d42bc4e845c514380c40fa1dc35201e7e

SHA256
b0ccdc93d94eeebfb3166c9e8dba4d36e6151b7fe70032dd4feebfa28aabc7fa

SHA512
1619764b2a9fcdd67707553cedc128bd14ee2e01bf8fd379de6d0de58bd3e8b73c631c1334c06d82ca5cebe292d9dcd788b701a4d47d022e60502aafed05df6a

Download Submit
\Users\Admin\AppData\Local\Temp\jcqksweir\shell.fne

Filesize
60KB

MD5
98174c8c2995000efbda01e1b86a1d4d

SHA1
7e71a5a029a203e4ab0afc68eee18c39f4ab4097

SHA256
90284c2ead0598faa715cc90c1f53b83b916099c918ce7f816f0b4550ff55ac6

SHA512
a37059062a99cd2a9fae15850b49068752ccf0be9f1d86c3f812a689b7c4d024771ec2b66adf9ce950bc5b8b117d457aba87d586cf112a1a30239531bfc8cd06

Download Submit
\Users\Admin\AppData\Local\Temp\jcqksweir\spec.fne

Filesize
72KB

MD5
bd6eef5ea9a52a412a8f57490d8bd8e4

SHA1
ab61ad7f66c5f6dfb8d28eba1833591469951870

SHA256
0c9e6eb8648f4bf5c585d5344035e91c3249bb9686a302503b4681b7ba828dc0

SHA512
1c43e50270eed071c8ef35e1c4695a93b9f98e668d4aebb44eb3b620efd2624b381554d2daf2d017f764b485e060abd589216043adea19eac94028ce66cc2025

Download Submit
memory/1648-64-0x0000000002210000-0x0000000002251000-memory.dmp

Filesize
260KB

Download
memory/1648-54-0x0000000000400000-0x000000000078D000-memory.dmp

Filesize
3.6MB

Download
memory/1648-62-0x00000000002C0000-0x00000000002DD000-memory.dmp

Filesize
116KB

Download
memory/1648-67-0x0000000002260000-0x0000000002298000-memory.dmp

Filesize
224KB

Download
memory/1648-69-0x00000000029E0000-0x0000000002B0A000-memory.dmp

Filesize
1.2MB

Download
memory/1648-60-0x0000000000290000-0x00000000002BE000-memory.dmp

Filesize
184KB

Download
memory/1648-71-0x0000000002760000-0x000000000279F000-memory.dmp

Filesize
252KB

Download
memory/1648-58-0x00000000001F0000-0x0000000000205000-memory.dmp

Filesize
84KB

Download
memory/1648-73-0x0000000002070000-0x000000000208C000-memory.dmp

Filesize
112KB

Download
memory/1648-75-0x00000000022A0000-0x00000000022B7000-memory.dmp

Filesize
92KB

Download
memory/1648-56-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

Filesize
8KB

Download