Overview

overview

9

Static

static

8

b564deeed1...2b.exe

windows7-x64

9

b564deeed1...2b.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    91s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2022 08:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b564deeed15f2679d317a24a28049b4c7232f631b8c0378ba3f415f29550b72b.exe

  • Size

    818KB

  • MD5

    60d2c3b4ce16c7494aab18c616bc4d5b

  • SHA1

    e77dc7e9e704d84e2a213845a20e2d2212dc5df4

  • SHA256

    b564deeed15f2679d317a24a28049b4c7232f631b8c0378ba3f415f29550b72b

  • SHA512

    ef73354145919bd97146ab31111e21f999aaa904e8ac375d28b226e410e6c134f8b68da0b9bcf09544630475779a7b920d424117aaa64698fbd422fef8e46cfe

  • SSDEEP

    24576:GJSmTB4NSWiEU4CW+qXqBZqRcWGPrGwqqS:JA44WitxBZlW/NH

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 3 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 3 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b564deeed15f2679d317a24a28049b4c7232f631b8c0378ba3f415f29550b72b.exe
    "C:\Users\Admin\AppData\Local\Temp\b564deeed15f2679d317a24a28049b4c7232f631b8c0378ba3f415f29550b72b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:4836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\WinIo.dll
    Filesize

    12KB

    MD5

    194062d46bbbb73aac4207507b330a35

    SHA1

    7dc3fbbacd4d66415b9b1b21860a3a9d0e31710b

    SHA256

    e2f3e20bbb6379bf04028d69c5d250d8d01d7c7714cbe6e24132a0ddd2db15c4

    SHA512

    3f6e58ef02f41245ffbc67196a981e6641a7629f1815c1137c6fe06a5f8a5aa26db6eee520921739700f8e4ba162c7aa555529e60bfaefb7b7c88c118c90b84b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\WinIo.dll
    Filesize

    12KB

    MD5

    194062d46bbbb73aac4207507b330a35

    SHA1

    7dc3fbbacd4d66415b9b1b21860a3a9d0e31710b

    SHA256

    e2f3e20bbb6379bf04028d69c5d250d8d01d7c7714cbe6e24132a0ddd2db15c4

    SHA512

    3f6e58ef02f41245ffbc67196a981e6641a7629f1815c1137c6fe06a5f8a5aa26db6eee520921739700f8e4ba162c7aa555529e60bfaefb7b7c88c118c90b84b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\helper.dll
    Filesize

    17KB

    MD5

    de2f747a18ec822c81133084bcdefa86

    SHA1

    2fada4c6673a8f323c0cc57b2eb6ee6b3f5f9a29

    SHA256

    fbd5cd683e31d1cc8db58bbcd449e582cdd02bb69cb4585cf4deec233afe2d43

    SHA512

    0f4ff2a85bcd207adfadd1b1f939a645fbec60f4546938be0e17477c71411599753d4325c5d28f3e7b5fb9b0adeb20c0988c654dcd788f348b3c1231d0933e26

    Download Submit

  • memory/4836-136-0x0000000000400000-0x00000000005B3000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4836-137-0x0000000010000000-0x000000001000E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4836-140-0x0000000002730000-0x000000000273C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4836-141-0x0000000000400000-0x00000000005B3000-memory.dmp

    Filesize

    1.7MB

    Download