717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a

Analysis

max time kernel
27s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02-02-2023 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.exe
Size

5.4MB
MD5

44e7009e1d92b07c6891c48d2df04ea9
SHA1

882861ca206ef2c60020c625a1b79c9d5153d288
SHA256

717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a
SHA512

e088d91d5f09f64d9e78ef980a85e4f07e480a24e895576f60b1ce74253ef4717cad1a1fbb1192d583532318167b2f8927ed180411a7bb30e7440ec27b1070c1
SSDEEP

98304:LctnG6nIO01n3xUKSbe6TcOK2ifvXHwNudBYo3:AtGjT1x/EevOKXmYF

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0007000000013a02-63.dat	acprotect
behavioral1/files/0x0007000000013a1e-65.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
1096	717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.tmp

Loads dropped DLL 6 IoCs

pid	Process
1312	717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.exe
1096	717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.tmp
1096	717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.tmp
1096	717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.tmp
1096	717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.tmp
1096	717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.tmp

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000013a1e-65.dat	upx
behavioral1/memory/1096-74-0x0000000003CE0000-0x0000000003D8A000-memory.dmp	upx
behavioral1/memory/1096-313-0x0000000003CE0000-0x0000000003D8A000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1096	717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.tmp

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 1096	1312	717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.exe	28
PID 1312 wrote to memory of 1096	1312	717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.exe	28
PID 1312 wrote to memory of 1096	1312	717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.exe	28
PID 1312 wrote to memory of 1096	1312	717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.exe	28

C:\Users\Admin\AppData\Local\Temp\717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.exe
"C:\Users\Admin\AppData\Local\Temp\717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Users\Admin\AppData\Local\Temp\is-A8JUS.tmp\717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-A8JUS.tmp\717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.tmp" /SL5="$70124,5336921,171008,C:\Users\Admin\AppData\Local\Temp\717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-A8JUS.tmp\717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.tmp

Filesize
814KB

MD5
d3f54a81b5eaae8f734e4b63860bd8a1

SHA1
0b87f379d03307463f30d27b3e805e3103cabdf5

SHA256
837497688ed2168fce151fddc40193d9df639d094edf2ae8cf43ec41f8c6119a

SHA512
741820a719628edc1b2c73e63cc7d0510c1a9389a44a7a2849605e9240278b43b447b7159a4307783a688938abef0844ff661afab40b6e39756646e132550177

Download Submit
\Users\Admin\AppData\Local\Temp\is-A8JUS.tmp\717b16a18aed777fcc4cdf2ea6f40311dcf2f14092ac2c55421059d6b9720c2a.tmp

Filesize
814KB

MD5
d3f54a81b5eaae8f734e4b63860bd8a1

SHA1
0b87f379d03307463f30d27b3e805e3103cabdf5

SHA256
837497688ed2168fce151fddc40193d9df639d094edf2ae8cf43ec41f8c6119a

SHA512
741820a719628edc1b2c73e63cc7d0510c1a9389a44a7a2849605e9240278b43b447b7159a4307783a688938abef0844ff661afab40b6e39756646e132550177

Download Submit
\Users\Admin\AppData\Local\Temp\is-JBO16.tmp\ISSkinEx.dll

Filesize
379KB

MD5
a80a2c59aad01a5bd369d479f4f3cf3d

SHA1
c01b281cdaeba9f468c18185e6f01f78a0abf287

SHA256
282f40ed72cfc801ef88ab72a80c8824957aa554ece3b74842b48ecedfcf4755

SHA512
db67c30e07245e1e0ee5514faf35f6fdfd94a2884cdf82f7daba1eac571067448483b5564f758e273a57ae020941322c2174827ffef1915fc37a74f0fda2d39d

Download Submit
\Users\Admin\AppData\Local\Temp\is-JBO16.tmp\Plex Style (Media Center Edition).cjstyles

Filesize
112KB

MD5
5b1e5a0221a7e7ab846bf6344f34c887

SHA1
69268a072275b4f65863efd8451986ee183f39f4

SHA256
1dfe94161ba28aa79f89fe83f774ccd8bc4f96bd68816f6646b3115270e1b2f0

SHA512
6ac43eeeddbf2b04b1920261cfcc28b3bdda49bbb86b3b6554ece6476a5f51777338f2dd594aa7cbfa0f693d992e037be8fd30b851c9f6f1fd821fe3b93f3c76

Download Submit
\Users\Admin\AppData\Local\Temp\is-JBO16.tmp\WaterLib.dll

Filesize
123KB

MD5
b4ae1b26b68545a823f067738a6877f9

SHA1
a90a812cac906afb2fbe2a400746de67c845ecb0

SHA256
57ec9023fddd0e0dedffc93bae937442eebd648a4d14383b22fb1a787582cbbc

SHA512
64b6e3ac5eba6231dabe61b73feb8bbeb2015cf871858aa0163fbc84b41912f8453aa16d6939f4d82f235929dbe333c5534965ceb2c83c67720f5f336ca3ccef

Download Submit
\Users\Admin\AppData\Local\Temp\is-JBO16.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-JBO16.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
memory/1096-94-0x00000000749E0000-0x0000000074A12000-memory.dmp

Filesize
200KB

Download
memory/1096-76-0x0000000074AB0000-0x0000000074BCC000-memory.dmp

Filesize
1.1MB

Download
memory/1096-67-0x0000000076830000-0x00000000768D0000-memory.dmp

Filesize
640KB

Download
memory/1096-68-0x0000000076180000-0x000000007620F000-memory.dmp

Filesize
572KB

Download
memory/1096-69-0x00000000753A0000-0x00000000754FC000-memory.dmp

Filesize
1.4MB

Download
memory/1096-70-0x0000000076DA0000-0x0000000076DF7000-memory.dmp

Filesize
348KB

Download
memory/1096-313-0x0000000003CE0000-0x0000000003D8A000-memory.dmp

Filesize
680KB

Download
memory/1096-312-0x0000000001F40000-0x0000000001F97000-memory.dmp

Filesize
348KB

Download
memory/1096-132-0x0000000076180000-0x000000007620F000-memory.dmp

Filesize
572KB

Download
memory/1096-73-0x0000000001F40000-0x0000000001F97000-memory.dmp

Filesize
348KB

Download
memory/1096-74-0x0000000003CE0000-0x0000000003D8A000-memory.dmp

Filesize
680KB

Download
memory/1096-71-0x0000000075530000-0x000000007617A000-memory.dmp

Filesize
12.3MB

Download
memory/1096-75-0x0000000010000000-0x0000000010064000-memory.dmp

Filesize
400KB

Download
memory/1096-98-0x00000000747D0000-0x0000000074806000-memory.dmp

Filesize
216KB

Download
memory/1096-77-0x0000000074A20000-0x0000000074AAC000-memory.dmp

Filesize
560KB

Download
memory/1096-78-0x00000000749E0000-0x0000000074A12000-memory.dmp

Filesize
200KB

Download
memory/1096-79-0x0000000077170000-0x000000007719A000-memory.dmp

Filesize
168KB

Download
memory/1096-80-0x0000000074860000-0x0000000074955000-memory.dmp

Filesize
980KB

Download
memory/1096-81-0x0000000076B10000-0x0000000076CAD000-memory.dmp

Filesize
1.6MB

Download
memory/1096-82-0x0000000076830000-0x00000000768D0000-memory.dmp

Filesize
640KB

Download
memory/1096-83-0x0000000076180000-0x000000007620F000-memory.dmp

Filesize
572KB

Download
memory/1096-84-0x00000000753A0000-0x00000000754FC000-memory.dmp

Filesize
1.4MB

Download
memory/1096-85-0x0000000074BE0000-0x0000000074BE9000-memory.dmp

Filesize
36KB

Download
memory/1096-86-0x0000000074D00000-0x0000000074E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1096-99-0x00000000771A0000-0x000000007723D000-memory.dmp

Filesize
628KB

Download
memory/1096-88-0x0000000075530000-0x000000007617A000-memory.dmp

Filesize
12.3MB

Download
memory/1096-89-0x0000000076420000-0x000000007649B000-memory.dmp

Filesize
492KB

Download
memory/1096-92-0x0000000075300000-0x0000000075383000-memory.dmp

Filesize
524KB

Download
memory/1096-93-0x0000000010000000-0x0000000010064000-memory.dmp

Filesize
400KB

Download
memory/1096-58-0x0000000000000000-mapping.dmp

Download
memory/1096-95-0x0000000074960000-0x0000000074999000-memory.dmp

Filesize
228KB

Download
memory/1096-96-0x0000000074860000-0x0000000074955000-memory.dmp

Filesize
980KB

Download
memory/1096-105-0x0000000076420000-0x000000007649B000-memory.dmp

Filesize
492KB

Download
memory/1096-66-0x00000000771A0000-0x000000007723D000-memory.dmp

Filesize
628KB

Download
memory/1096-87-0x0000000076DA0000-0x0000000076DF7000-memory.dmp

Filesize
348KB

Download
memory/1096-100-0x0000000076830000-0x00000000768D0000-memory.dmp

Filesize
640KB

Download
memory/1096-102-0x0000000074BF0000-0x0000000074C02000-memory.dmp

Filesize
72KB

Download
memory/1096-103-0x0000000074D00000-0x0000000074E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1096-101-0x0000000076180000-0x000000007620F000-memory.dmp

Filesize
572KB

Download
memory/1096-104-0x0000000076DA0000-0x0000000076DF7000-memory.dmp

Filesize
348KB

Download
memory/1096-97-0x0000000076B10000-0x0000000076CAD000-memory.dmp

Filesize
1.6MB

Download
memory/1096-107-0x0000000074C60000-0x0000000074C73000-memory.dmp

Filesize
76KB

Download
memory/1096-108-0x0000000075300000-0x0000000075383000-memory.dmp

Filesize
524KB

Download
memory/1096-109-0x0000000010000000-0x0000000010064000-memory.dmp

Filesize
400KB

Download
memory/1096-111-0x00000000749E0000-0x0000000074A12000-memory.dmp

Filesize
200KB

Download
memory/1096-110-0x0000000074A20000-0x0000000074AAC000-memory.dmp

Filesize
560KB

Download
memory/1096-112-0x0000000074960000-0x0000000074999000-memory.dmp

Filesize
228KB

Download
memory/1096-113-0x0000000074860000-0x0000000074955000-memory.dmp

Filesize
980KB

Download
memory/1096-114-0x0000000076B10000-0x0000000076CAD000-memory.dmp

Filesize
1.6MB

Download
memory/1096-115-0x0000000076E00000-0x0000000076E27000-memory.dmp

Filesize
156KB

Download
memory/1096-116-0x0000000076830000-0x00000000768D0000-memory.dmp

Filesize
640KB

Download
memory/1096-117-0x0000000074BF0000-0x0000000074C02000-memory.dmp

Filesize
72KB

Download
memory/1096-118-0x0000000074BE0000-0x0000000074BE9000-memory.dmp

Filesize
36KB

Download
memory/1096-119-0x0000000074D00000-0x0000000074E9E000-memory.dmp

Filesize
1.6MB

Download
memory/1096-120-0x0000000076DA0000-0x0000000076DF7000-memory.dmp

Filesize
348KB

Download
memory/1096-122-0x0000000075300000-0x0000000075383000-memory.dmp

Filesize
524KB

Download
memory/1096-123-0x0000000010000000-0x0000000010064000-memory.dmp

Filesize
400KB

Download
memory/1096-124-0x0000000074A20000-0x0000000074AAC000-memory.dmp

Filesize
560KB

Download
memory/1096-125-0x00000000749E0000-0x0000000074A12000-memory.dmp

Filesize
200KB

Download
memory/1096-126-0x0000000074960000-0x0000000074999000-memory.dmp

Filesize
228KB

Download
memory/1096-127-0x0000000074860000-0x0000000074955000-memory.dmp

Filesize
980KB

Download
memory/1096-128-0x0000000076B10000-0x0000000076CAD000-memory.dmp

Filesize
1.6MB

Download
memory/1096-129-0x00000000747D0000-0x0000000074806000-memory.dmp

Filesize
216KB

Download
memory/1096-130-0x00000000771A0000-0x000000007723D000-memory.dmp

Filesize
628KB

Download
memory/1096-131-0x0000000076830000-0x00000000768D0000-memory.dmp

Filesize
640KB

Download
memory/1312-72-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1312-55-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1312-54-0x0000000075531000-0x0000000075533000-memory.dmp

Filesize
8KB

Download