Overview

overview

9

Static

static

5b8876a7cb...da.exe

windows7-x64

9

5b8876a7cb...da.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    152s
  • max time network
    197s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2022 14:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe

  • Size

    4.2MB

  • MD5

    e2da20c81ebf9ade750ecfd235f61539

  • SHA1

    1429595c00ef118b928e1e8d7eef5dd941566f5e

  • SHA256

    5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da

  • SHA512

    0a13df34dfc7837b53aee4eef1a86ad8c739b7044838af549e3b48a97090def78eff060b861f355eea403615007428ad4d8ce9f2d914b801cfca2f8efeb059d1

  • SSDEEP

    98304:LV59BWEKG4cyZz1agDvhKNaxWfpEjkaNOHgBJaJ9GVi+Y:x5vzKG2ZhS80ykaNOHLHGw+Y

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 17 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe
    "C:\Users\Admin\AppData\Local\Temp\5b8876a7cbdfa7683a4da6f3fd41d05478d74da9d4a3f3eb358c0c9783aeb0da.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\EDataStructure.fne
    Filesize

    112KB

    MD5

    50b10397fb6caed2e4719747191c893d

    SHA1

    026666fad34ad9f939da9184d6e84a8f0194ab21

    SHA256

    2c235bf689a344c80b781c2d45c07af50d47508d430f2b27f75260277a9203f1

    SHA512

    085ee2f7bd36e7b927c426d33cd1ad38bc9d07803362471db590fbfb4996bc95722544a8f321d8542ddd24b74214755c84d0efd03d50794a62288cd55808b8af

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\EDataStructure.fne
    Filesize

    112KB

    MD5

    50b10397fb6caed2e4719747191c893d

    SHA1

    026666fad34ad9f939da9184d6e84a8f0194ab21

    SHA256

    2c235bf689a344c80b781c2d45c07af50d47508d430f2b27f75260277a9203f1

    SHA512

    085ee2f7bd36e7b927c426d33cd1ad38bc9d07803362471db590fbfb4996bc95722544a8f321d8542ddd24b74214755c84d0efd03d50794a62288cd55808b8af

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\EThread.fne
    Filesize

    60KB

    MD5

    206396257b97bd275a90ce6c2c0c37fd

    SHA1

    3cae4506a033cf7e97156d5261f2a247c6270f42

    SHA256

    64eef86745d7ae0168fec357099e2e952ce74ee19576d06cc8c8c65f210cc22c

    SHA512

    4c23e52b5b23b305c3172e01dd205e15fda8f20f8b60776ba59d080bf05bbbca456a0ed232f2e2a2bf01d32efb913063f89fb4928bc4d5d1c1eb4c4979803455

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\EThread.fne
    Filesize

    60KB

    MD5

    206396257b97bd275a90ce6c2c0c37fd

    SHA1

    3cae4506a033cf7e97156d5261f2a247c6270f42

    SHA256

    64eef86745d7ae0168fec357099e2e952ce74ee19576d06cc8c8c65f210cc22c

    SHA512

    4c23e52b5b23b305c3172e01dd205e15fda8f20f8b60776ba59d080bf05bbbca456a0ed232f2e2a2bf01d32efb913063f89fb4928bc4d5d1c1eb4c4979803455

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\HtmlView.fne
    Filesize

    212KB

    MD5

    f9a994df4d407bc79f7c84886fe7a654

    SHA1

    c93e4be70794164b7b339218cc832ac94074d08e

    SHA256

    2e9769ace867c79d5fcdda0eb2660c52b5e062c69b36add42d22eb0dddc4b3ee

    SHA512

    41b1333ed08c10aaef3d766fec2d6b2fa4c79001d7ce18a06918c2aa8c4ade69018522882bfd4543add31efbef5e7bb450511f80dc9b580eb022cb7c406a820e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\HtmlView.fne
    Filesize

    212KB

    MD5

    f9a994df4d407bc79f7c84886fe7a654

    SHA1

    c93e4be70794164b7b339218cc832ac94074d08e

    SHA256

    2e9769ace867c79d5fcdda0eb2660c52b5e062c69b36add42d22eb0dddc4b3ee

    SHA512

    41b1333ed08c10aaef3d766fec2d6b2fa4c79001d7ce18a06918c2aa8c4ade69018522882bfd4543add31efbef5e7bb450511f80dc9b580eb022cb7c406a820e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\SkinH_EL.dll
    Filesize

    95KB

    MD5

    74643bfcb5506297fc0a08baa172db15

    SHA1

    d5b8d5a7b9ba10d346a28750f8bce0c5b9fa597b

    SHA256

    97988664ef4449da37eb18f1c3df31a44a7decd581ae7e35e8078768fc957d9a

    SHA512

    2a14130822ae0921885e03a4a10de39f9c40da71333036ec1b30747b93991c71d8ce65e6cdd29a77619d44b505489d2c231b498f660a1db0b392aa7f36717b4f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\SkinH_EL.dll
    Filesize

    95KB

    MD5

    74643bfcb5506297fc0a08baa172db15

    SHA1

    d5b8d5a7b9ba10d346a28750f8bce0c5b9fa597b

    SHA256

    97988664ef4449da37eb18f1c3df31a44a7decd581ae7e35e8078768fc957d9a

    SHA512

    2a14130822ae0921885e03a4a10de39f9c40da71333036ec1b30747b93991c71d8ce65e6cdd29a77619d44b505489d2c231b498f660a1db0b392aa7f36717b4f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\dp1.fne
    Filesize

    128KB

    MD5

    07201b1fd5f8925dd49a4556ac3b5bab

    SHA1

    a76afbb44376912f823f2b461507c28d2585a96c

    SHA256

    abebbb0981d3d51eb63abcfa68be98da0cae4e6e3b143dd431fc845d1457dbd2

    SHA512

    0cf673ce1b6cad38f0211231e876f00f6a8397a5f3e71680046f4a216bbe0f47f4541e5f5b49364310e41a04cce14703459725c3d9f052f9da13624e73753e12

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\dp1.fne
    Filesize

    128KB

    MD5

    07201b1fd5f8925dd49a4556ac3b5bab

    SHA1

    a76afbb44376912f823f2b461507c28d2585a96c

    SHA256

    abebbb0981d3d51eb63abcfa68be98da0cae4e6e3b143dd431fc845d1457dbd2

    SHA512

    0cf673ce1b6cad38f0211231e876f00f6a8397a5f3e71680046f4a216bbe0f47f4541e5f5b49364310e41a04cce14703459725c3d9f052f9da13624e73753e12

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\iext.fnr
    Filesize

    204KB

    MD5

    856495a1605bfc7f62086d482b502c6f

    SHA1

    86ecc67a784bc69157d664850d489aab64f5f912

    SHA256

    8c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf

    SHA512

    35a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\iext.fnr
    Filesize

    204KB

    MD5

    856495a1605bfc7f62086d482b502c6f

    SHA1

    86ecc67a784bc69157d664850d489aab64f5f912

    SHA256

    8c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf

    SHA512

    35a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\krnln.fnr
    Filesize

    1.2MB

    MD5

    213f02d147385e48f60e96988cf73c45

    SHA1

    6331082d42bc4e845c514380c40fa1dc35201e7e

    SHA256

    b0ccdc93d94eeebfb3166c9e8dba4d36e6151b7fe70032dd4feebfa28aabc7fa

    SHA512

    1619764b2a9fcdd67707553cedc128bd14ee2e01bf8fd379de6d0de58bd3e8b73c631c1334c06d82ca5cebe292d9dcd788b701a4d47d022e60502aafed05df6a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\shell.fne
    Filesize

    60KB

    MD5

    98174c8c2995000efbda01e1b86a1d4d

    SHA1

    7e71a5a029a203e4ab0afc68eee18c39f4ab4097

    SHA256

    90284c2ead0598faa715cc90c1f53b83b916099c918ce7f816f0b4550ff55ac6

    SHA512

    a37059062a99cd2a9fae15850b49068752ccf0be9f1d86c3f812a689b7c4d024771ec2b66adf9ce950bc5b8b117d457aba87d586cf112a1a30239531bfc8cd06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\shell.fne
    Filesize

    60KB

    MD5

    98174c8c2995000efbda01e1b86a1d4d

    SHA1

    7e71a5a029a203e4ab0afc68eee18c39f4ab4097

    SHA256

    90284c2ead0598faa715cc90c1f53b83b916099c918ce7f816f0b4550ff55ac6

    SHA512

    a37059062a99cd2a9fae15850b49068752ccf0be9f1d86c3f812a689b7c4d024771ec2b66adf9ce950bc5b8b117d457aba87d586cf112a1a30239531bfc8cd06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\spec.fne
    Filesize

    72KB

    MD5

    bd6eef5ea9a52a412a8f57490d8bd8e4

    SHA1

    ab61ad7f66c5f6dfb8d28eba1833591469951870

    SHA256

    0c9e6eb8648f4bf5c585d5344035e91c3249bb9686a302503b4681b7ba828dc0

    SHA512

    1c43e50270eed071c8ef35e1c4695a93b9f98e668d4aebb44eb3b620efd2624b381554d2daf2d017f764b485e060abd589216043adea19eac94028ce66cc2025

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\jcqksweir\spec.fne
    Filesize

    72KB

    MD5

    bd6eef5ea9a52a412a8f57490d8bd8e4

    SHA1

    ab61ad7f66c5f6dfb8d28eba1833591469951870

    SHA256

    0c9e6eb8648f4bf5c585d5344035e91c3249bb9686a302503b4681b7ba828dc0

    SHA512

    1c43e50270eed071c8ef35e1c4695a93b9f98e668d4aebb44eb3b620efd2624b381554d2daf2d017f764b485e060abd589216043adea19eac94028ce66cc2025

    Download Submit

  • memory/4628-139-0x0000000000400000-0x000000000078D000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/4628-138-0x00000000025B0000-0x00000000025DE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4628-154-0x0000000004C80000-0x0000000004CBF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4628-157-0x0000000004CC0000-0x0000000004CDC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4628-150-0x0000000003070000-0x00000000030A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/4628-135-0x0000000002580000-0x0000000002595000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4628-140-0x0000000002E40000-0x0000000002F6A000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4628-160-0x0000000005260000-0x0000000005277000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4628-143-0x00000000025F0000-0x000000000260D000-memory.dmp

    Filesize

    116KB

    Download