b3cb5f0bd4893f9136faa62146f1fdad4460c57641ed4656f68e1d6ce7b09265

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 07:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b3cb5f0bd4893f9136faa62146f1fdad4460c57641ed4656f68e1d6ce7b09265.exe
Size

2.4MB
MD5

0241773fb7f53c5dd01f6998331969eb
SHA1

cba6e9f794e53be12b11c79fc4f73a6db1243e54
SHA256

b3cb5f0bd4893f9136faa62146f1fdad4460c57641ed4656f68e1d6ce7b09265
SHA512

d265d76a06bdba21e560475e75a55145d8dd48146fdb47bb77ec182ac7dc4c48a4d03d7162713ba3b3ebf2fb56bf66883d7d638d52e391c564386007b8c209c4
SSDEEP

49152:PZ1niizCouK9TOi91khWPOmisL3XAGUTMTmx287qHuU:t98+XTd8C

Score

9^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0008000000022e1b-133.dat	acprotect
behavioral2/files/0x0008000000022e1b-134.dat	acprotect

Loads dropped DLL 2 IoCs

pid	Process
1088	b3cb5f0bd4893f9136faa62146f1fdad4460c57641ed4656f68e1d6ce7b09265.exe
1088	b3cb5f0bd4893f9136faa62146f1fdad4460c57641ed4656f68e1d6ce7b09265.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1088	b3cb5f0bd4893f9136faa62146f1fdad4460c57641ed4656f68e1d6ce7b09265.exe
1088	b3cb5f0bd4893f9136faa62146f1fdad4460c57641ed4656f68e1d6ce7b09265.exe
1088	b3cb5f0bd4893f9136faa62146f1fdad4460c57641ed4656f68e1d6ce7b09265.exe

C:\Users\Admin\AppData\Local\Temp\b3cb5f0bd4893f9136faa62146f1fdad4460c57641ed4656f68e1d6ce7b09265.exe
"C:\Users\Admin\AppData\Local\Temp\b3cb5f0bd4893f9136faa62146f1fdad4460c57641ed4656f68e1d6ce7b09265.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1088

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\xli7208.tmp

Filesize
172KB

MD5
4f407b29d53e9eb54e22d096fce82aa7

SHA1
a4ee25b066cac19ff679dd491f5791652bb71185

SHA256
cf0ecf30fc95800a34105acb9bcb484bb594a35b3ef26ace8f122af4f9f888dc

SHA512
325f7b599455195101e4c0dafd3654906d20ed2c1ce2a5f38784635e16ab545df6ee44a83bed6128239be2dee5be110552c7b246b7f52482ab31552e14b54183

Download Submit
C:\Users\Admin\AppData\Local\Temp\xli7208.tmp

Filesize
172KB

MD5
4f407b29d53e9eb54e22d096fce82aa7

SHA1
a4ee25b066cac19ff679dd491f5791652bb71185

SHA256
cf0ecf30fc95800a34105acb9bcb484bb594a35b3ef26ace8f122af4f9f888dc

SHA512
325f7b599455195101e4c0dafd3654906d20ed2c1ce2a5f38784635e16ab545df6ee44a83bed6128239be2dee5be110552c7b246b7f52482ab31552e14b54183

Download Submit
memory/1088-132-0x0000000000400000-0x0000000000666000-memory.dmp

Filesize
2.4MB

Download
memory/1088-135-0x0000000000C60000-0x0000000000CD4000-memory.dmp

Filesize
464KB

Download
memory/1088-136-0x0000000000400000-0x0000000000666000-memory.dmp

Filesize
2.4MB

Download
memory/1088-137-0x0000000000C60000-0x0000000000CD4000-memory.dmp

Filesize
464KB

Download