0ccf0ae2788bc683e39ea3b5e404c97cd866decdf444dfb177eb8cef1a153f4d

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20-01-2023 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SkinPack Windows 11 Dark y Light Mode (Windows 7 8.1 y 10).exe
Size

54.0MB
MD5

26027b442df7212f436733b85e1a4aa2
SHA1

ada45868d8f9f70b7a80f6ea0fcb5b7f347499c9
SHA256

0ccf0ae2788bc683e39ea3b5e404c97cd866decdf444dfb177eb8cef1a153f4d
SHA512

36b706b8bcc863a0ebdf34b4a0ac4ffd9f1696beee8b80543a2c2656e65ad54e5ee7de652a2063fe545d9323ed013b5d6ccf7d5379011a0b8ccd27903c46d9a2
SSDEEP

1572864:A30jzjWCOwPvwmRZuivmuCKirHDX03Lf4+q25z:A3yyH8v7RcrDkz4+R5z

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\nsyE8F0.tmp\Aero.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\nsyE8F0.tmp\Aero.dll	upx
behavioral2/memory/4936-144-0x00000000749E0000-0x00000000749EA000-memory.dmp	upx

Loads dropped DLL 9 IoCs

Processes:

SkinPack Windows 11 Dark y Light Mode (Windows 7 8.1 y 10).exe

pid	process
4936	SkinPack Windows 11 Dark y Light Mode (Windows 7 8.1 y 10).exe
4936	SkinPack Windows 11 Dark y Light Mode (Windows 7 8.1 y 10).exe
4936	SkinPack Windows 11 Dark y Light Mode (Windows 7 8.1 y 10).exe
4936	SkinPack Windows 11 Dark y Light Mode (Windows 7 8.1 y 10).exe
4936	SkinPack Windows 11 Dark y Light Mode (Windows 7 8.1 y 10).exe
4936	SkinPack Windows 11 Dark y Light Mode (Windows 7 8.1 y 10).exe
4936	SkinPack Windows 11 Dark y Light Mode (Windows 7 8.1 y 10).exe
4936	SkinPack Windows 11 Dark y Light Mode (Windows 7 8.1 y 10).exe
4936	SkinPack Windows 11 Dark y Light Mode (Windows 7 8.1 y 10).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\SkinPack Windows 11 Dark y Light Mode (Windows 7 8.1 y 10).exe
"C:\Users\Admin\AppData\Local\Temp\SkinPack Windows 11 Dark y Light Mode (Windows 7 8.1 y 10).exe"
1⤵
- Loads dropped DLL
PID:4936

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsyE8F0.tmp\Aero.dll
Filesize
6KB

MD5
243bf44688b131c3171f2827a93e39dc

SHA1
07e9c7bd16ae47953e42c06ae2606de188386f35

SHA256
04a577df50431eb0ff6fb103566402bf66c50415bcc1f8a86b9c235053131455

SHA512
a1a8c21d38c54a43d1c6c394f481dfbddcb359c617e9928ecca8f84d47354616a78d20735a1fe7bebd21626c21cf96d0e1a69e3e98f6b35f2a774cc0244f9516

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyE8F0.tmp\Fusion.dll
Filesize
1.1MB

MD5
c4a685398fa237cac1c3134e2a6d637b

SHA1
819bc4d5072b033bfed5d76d621ebf645cfad5fd

SHA256
c2ba9c7361669f301b71a673652ffce56f60c70ae77635176d1c3dfc0feae390

SHA512
da06def48e1f030af7c432d34ec23c75da4c0fd5c094edbc03dcdc8094d5404f1d3bb3588d3fe45529262e382a2227ffc80a927378821e5dd097b5ac1ca79a31

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyE8F0.tmp\Fusion.dll
Filesize
1.1MB

MD5
c4a685398fa237cac1c3134e2a6d637b

SHA1
819bc4d5072b033bfed5d76d621ebf645cfad5fd

SHA256
c2ba9c7361669f301b71a673652ffce56f60c70ae77635176d1c3dfc0feae390

SHA512
da06def48e1f030af7c432d34ec23c75da4c0fd5c094edbc03dcdc8094d5404f1d3bb3588d3fe45529262e382a2227ffc80a927378821e5dd097b5ac1ca79a31

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyE8F0.tmp\Math.dll
Filesize
66KB

MD5
860fd51502250540960134e1b5b69aac

SHA1
5282c905a66afc6def1a91e38096cfa6847f32d1

SHA256
190ea3009f91969a1202ae42cd236abe2912709cd583661faeb7ca79087adf6c

SHA512
817340a25190f78731c0f208ea044114aa0ac6007ccfc6b74026440e84f0025e2c311b3e9acfcd4bd9c42e4a140a8b9bda1b7bc7afb50a9d92f71099f066073b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyE8F0.tmp\Math.dll
Filesize
66KB

MD5
860fd51502250540960134e1b5b69aac

SHA1
5282c905a66afc6def1a91e38096cfa6847f32d1

SHA256
190ea3009f91969a1202ae42cd236abe2912709cd583661faeb7ca79087adf6c

SHA512
817340a25190f78731c0f208ea044114aa0ac6007ccfc6b74026440e84f0025e2c311b3e9acfcd4bd9c42e4a140a8b9bda1b7bc7afb50a9d92f71099f066073b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyE8F0.tmp\System.dll
Filesize
11KB

MD5
3f176d1ee13b0d7d6bd92e1c7a0b9bae

SHA1
fe582246792774c2c9dd15639ffa0aca90d6fd0b

SHA256
fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

SHA512
0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyE8F0.tmp\advsplash.dll
Filesize
5KB

MD5
15d8eee287329e2030c34c6bb3e62c87

SHA1
1de23c0883f7a80a489e140c55b16970dd0264ab

SHA256
9bf33690090655e91389469beb5dbdd45942192f2e2486c9fa82fa6d74a0f88b

SHA512
6ee495dcefd131ca490d6f3077643f49598184c3a49f1f66ed7a6d1559ebb9266c8c87cf49c06cdde8a6cd0643fb46f83d13aa5f27ba0c90de4791cb8bad29c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyE8F0.tmp\nsDialogs.dll
Filesize
9KB

MD5
b3070cf20db659fdfb3cb2ed38130e8d

SHA1
aa234b0620bebddde1414ff6b0840d883890b413

SHA256
f2c1409faf2952c1c91f4b5495158ef5c7d1a1db6eea4a18f163574bd52fcad0

SHA512
4849a4cf24ea8a26cd04eb132d479cc093d4e204ed3866a77646d03778f4c128e20722a0c3cd62ea98a37deea4ce505fe632420158c71a10b0c8c5e32b38e3f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyE8F0.tmp\nsDialogs.dll
Filesize
9KB

MD5
b3070cf20db659fdfb3cb2ed38130e8d

SHA1
aa234b0620bebddde1414ff6b0840d883890b413

SHA256
f2c1409faf2952c1c91f4b5495158ef5c7d1a1db6eea4a18f163574bd52fcad0

SHA512
4849a4cf24ea8a26cd04eb132d479cc093d4e204ed3866a77646d03778f4c128e20722a0c3cd62ea98a37deea4ce505fe632420158c71a10b0c8c5e32b38e3f1

Download Submit
memory/4936-139-0x0000000006940000-0x000000000695A000-memory.dmp

Filesize
104KB

Download
memory/4936-136-0x0000000006820000-0x0000000006933000-memory.dmp

Filesize
1.1MB

Download
memory/4936-143-0x0000000006981000-0x0000000006983000-memory.dmp

Filesize
8KB

Download
memory/4936-144-0x00000000749E0000-0x00000000749EA000-memory.dmp

Filesize
40KB

Download