Overview

overview

9

Static

static

5b8876a7cb...da.exe

windows7-x64

9

5b8876a7cb...da.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    169s
  • max time network
    88s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 14:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe

  • Size

    4.2MB

  • MD5

    e2da20c81ebf9ade750ecfd235f61539

  • SHA1

    1429595c00ef118b928e1e8d7eef5dd941566f5e

  • SHA256

    5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da

  • SHA512

    0a13df34dfc7837b53aee4eef1a86ad8c739b7044838af549e3b48a97090def78eff060b861f355eea403615007428ad4d8ce9f2d914b801cfca2f8efeb059d1

  • SSDEEP

    98304:LV59BWEKG4cyZz1agDvhKNaxWfpEjkaNOHgBJaJ9GVi+Y:x5vzKG2ZhS80ykaNOHLHGw+Y

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 9 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
    "C:\Users\Admin\AppData\Local\Temp\5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:1648

Network

  • flag-unknown
    DNS
    jar.syhjhq.com
    5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
    Remote address:
    8.8.8.8:53
    Request
    jar.syhjhq.com
    IN A
    Response
  • 10.127.0.50:18816
    5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
  • 10.127.0.50:18816
    5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
  • 10.127.0.50:18816
    5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
  • 10.127.0.50:18816
    5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
  • 8.8.8.8:53
    jar.syhjhq.com
    dns
    5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
    60 B
     133 B
     1
    1

    DNS Request

    jar.syhjhq.com

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\jcqksweir\EDataStructure.fne
    Filesize

    112KB

    MD5

    50b10397fb6caed2e4719747191c893d

    SHA1

    026666fad34ad9f939da9184d6e84a8f0194ab21

    SHA256

    2c235bf689a344c80b781c2d45c07af50d47508d430f2b27f75260277a9203f1

    SHA512

    085ee2f7bd36e7b927c426d33cd1ad38bc9d07803362471db590fbfb4996bc95722544a8f321d8542ddd24b74214755c84d0efd03d50794a62288cd55808b8af

    Download Submit

  • \Users\Admin\AppData\Local\Temp\jcqksweir\EThread.fne
    Filesize

    60KB

    MD5

    206396257b97bd275a90ce6c2c0c37fd

    SHA1

    3cae4506a033cf7e97156d5261f2a247c6270f42

    SHA256

    64eef86745d7ae0168fec357099e2e952ce74ee19576d06cc8c8c65f210cc22c

    SHA512

    4c23e52b5b23b305c3172e01dd205e15fda8f20f8b60776ba59d080bf05bbbca456a0ed232f2e2a2bf01d32efb913063f89fb4928bc4d5d1c1eb4c4979803455

    Download Submit

  • \Users\Admin\AppData\Local\Temp\jcqksweir\HtmlView.fne
    Filesize

    212KB

    MD5

    f9a994df4d407bc79f7c84886fe7a654

    SHA1

    c93e4be70794164b7b339218cc832ac94074d08e

    SHA256

    2e9769ace867c79d5fcdda0eb2660c52b5e062c69b36add42d22eb0dddc4b3ee

    SHA512

    41b1333ed08c10aaef3d766fec2d6b2fa4c79001d7ce18a06918c2aa8c4ade69018522882bfd4543add31efbef5e7bb450511f80dc9b580eb022cb7c406a820e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\jcqksweir\SkinH_EL.dll
    Filesize

    95KB

    MD5

    74643bfcb5506297fc0a08baa172db15

    SHA1

    d5b8d5a7b9ba10d346a28750f8bce0c5b9fa597b

    SHA256

    97988664ef4449da37eb18f1c3df31a44a7decd581ae7e35e8078768fc957d9a

    SHA512

    2a14130822ae0921885e03a4a10de39f9c40da71333036ec1b30747b93991c71d8ce65e6cdd29a77619d44b505489d2c231b498f660a1db0b392aa7f36717b4f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\jcqksweir\dp1.fne
    Filesize

    128KB

    MD5

    07201b1fd5f8925dd49a4556ac3b5bab

    SHA1

    a76afbb44376912f823f2b461507c28d2585a96c

    SHA256

    abebbb0981d3d51eb63abcfa68be98da0cae4e6e3b143dd431fc845d1457dbd2

    SHA512

    0cf673ce1b6cad38f0211231e876f00f6a8397a5f3e71680046f4a216bbe0f47f4541e5f5b49364310e41a04cce14703459725c3d9f052f9da13624e73753e12

    Download Submit

  • \Users\Admin\AppData\Local\Temp\jcqksweir\iext.fnr
    Filesize

    204KB

    MD5

    856495a1605bfc7f62086d482b502c6f

    SHA1

    86ecc67a784bc69157d664850d489aab64f5f912

    SHA256

    8c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf

    SHA512

    35a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\jcqksweir\krnln.fnr
    Filesize

    1.2MB

    MD5

    213f02d147385e48f60e96988cf73c45

    SHA1

    6331082d42bc4e845c514380c40fa1dc35201e7e

    SHA256

    b0ccdc93d94eeebfb3166c9e8dba4d36e6151b7fe70032dd4feebfa28aabc7fa

    SHA512

    1619764b2a9fcdd67707553cedc128bd14ee2e01bf8fd379de6d0de58bd3e8b73c631c1334c06d82ca5cebe292d9dcd788b701a4d47d022e60502aafed05df6a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\jcqksweir\shell.fne
    Filesize

    60KB

    MD5

    98174c8c2995000efbda01e1b86a1d4d

    SHA1

    7e71a5a029a203e4ab0afc68eee18c39f4ab4097

    SHA256

    90284c2ead0598faa715cc90c1f53b83b916099c918ce7f816f0b4550ff55ac6

    SHA512

    a37059062a99cd2a9fae15850b49068752ccf0be9f1d86c3f812a689b7c4d024771ec2b66adf9ce950bc5b8b117d457aba87d586cf112a1a30239531bfc8cd06

    Download Submit

  • \Users\Admin\AppData\Local\Temp\jcqksweir\spec.fne
    Filesize

    72KB

    MD5

    bd6eef5ea9a52a412a8f57490d8bd8e4

    SHA1

    ab61ad7f66c5f6dfb8d28eba1833591469951870

    SHA256

    0c9e6eb8648f4bf5c585d5344035e91c3249bb9686a302503b4681b7ba828dc0

    SHA512

    1c43e50270eed071c8ef35e1c4695a93b9f98e668d4aebb44eb3b620efd2624b381554d2daf2d017f764b485e060abd589216043adea19eac94028ce66cc2025

    Download Submit

  • memory/1648-64-0x0000000002210000-0x0000000002251000-memory.dmp

    Filesize

    260KB

    Download

  • memory/1648-54-0x0000000000400000-0x000000000078D000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/1648-62-0x00000000002C0000-0x00000000002DD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1648-67-0x0000000002260000-0x0000000002298000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1648-69-0x00000000029E0000-0x0000000002B0A000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1648-60-0x0000000000290000-0x00000000002BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1648-71-0x0000000002760000-0x000000000279F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1648-58-0x00000000001F0000-0x0000000000205000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1648-73-0x0000000002070000-0x000000000208C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1648-75-0x00000000022A0000-0x00000000022B7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1648-56-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.