Overview

overview

8

Static

static

7

d9f7f88e5a...63.exe

windows7-x64

8

d9f7f88e5a...63.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    88s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15-03-2023 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d9f7f88e5aba4e35f7cc1d789c52b397b011a85cd8a538b5e33013ab95479a63.exe

  • Size

    1.8MB

  • MD5

    f530f34385a0503f33b8045574cdb791

  • SHA1

    ffd0a6c8e939ab54a27c01d4dc26b004d528f280

  • SHA256

    d9f7f88e5aba4e35f7cc1d789c52b397b011a85cd8a538b5e33013ab95479a63

  • SHA512

    c55ec9879ec1671bb45cde26203e29be1b5c89fbb257c8a8c1618b468be4528a848a04e63a2832571af3bcaddfb2004097af8ca83183f7d7eee8322169c31114

  • SSDEEP

    24576:v3w+aesSr4NxtFgnvBnG192XBmPL8hoxTNuKl8Whgwl/VeTsYfXUTvR0MhyOVToX:z/4Nx0nZn7Y8GSKlEGeTsYfOJBW+z8b

Score
8/10
upx

Malware Config

Signatures

  • Downloads MZ/PE file
  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d9f7f88e5aba4e35f7cc1d789c52b397b011a85cd8a538b5e33013ab95479a63.exe
    "C:\Users\Admin\AppData\Local\Temp\d9f7f88e5aba4e35f7cc1d789c52b397b011a85cd8a538b5e33013ab95479a63.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1320

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Documents\QQÅ©ÄÁÖúÊÖ\user.dat.tmp
    Filesize

    36B

    MD5

    52337de4b2cc7953a5368726c3599e49

    SHA1

    46fdfb88b9715939584624e2a621ea453e0ca45c

    SHA256

    d9ee56f041e9f714da10c6cd585949baf0169d7b71298ca0c8ae79525525098c

    SHA512

    527d30a87a3cc7803c4d86112b1d5c581b855141de6ffde7503bd22a5da9500e805dd92d7449d9cea0bc41ee736ba44755e473c483a962a021422022afaf45da

    Download Submit
  • C:\Users\Admin\Documents\QQÅ©ÄÁÖúÊÖ\xml\NCaddon.xml
    Filesize

    20KB

    MD5

    a8116f70d9ab4f5eff658a2bb83b895b

    SHA1

    3af11c583aa0fce88a21a3802b662cccd5e6cfb8

    SHA256

    a2570fc9fbab44750f039fb093915e37f6fd27b151fe809f505377c5f4bb2c2c

    SHA512

    be5b17d5ec3ce09d6e6faababb49e97f839dbb3d9308e6e5af19982487dcddc9eb5730c84883c64e2f69803698ed67c79d3b3bc439a2c45996ceb4ccb2b8e913

    Download Submit
  • C:\Users\Admin\Documents\QQÅ©ÄÁÖúÊÖ\xml\NCload_main.xml
    Filesize

    2KB

    MD5

    811f9698afed38a3c45add85f6477a9b

    SHA1

    40a7b4765e2d118fbe0530491b27b3c92f55a21c

    SHA256

    b45700bb1957a69af27badcf54e06f517bceda0a44ee0e7473ed823f8738eef7

    SHA512

    275f8ba0ec223e615b4a374d84b794b61db516543182c12c77094a53a661559d766b6d0d134f67e39eb60270e4cca15a1d576b8cfdecad2016d452195db4593f

    Download Submit
  • C:\Users\Admin\Documents\QQÅ©ÄÁÖúÊÖ\xml\crop.xml
    Filesize

    2.5MB

    MD5

    e59a1bc1cd90fd0867ebd4344ce553ee

    SHA1

    aea2f2b18a611e9f911bb8406a7f3c9709627d31

    SHA256

    aeecb43355f0c1cace9abb776da17bf0db65a9557c08c886208e1cbb4b20e450

    SHA512

    8360a2ec7f15778515192d94ebba681087d5c7fc2dfa0b570438d9532c5dc27201ba39da12c931697d2848cf36ad866546acb4a3c306025858ee6d87bc3a6c62

    Download Submit
  • \Users\Admin\Documents\QQÅ©ÄÁÖúÊÖ\xml\libeay32.dll
    Filesize

    558KB

    MD5

    5f86d65a1686e6bb031048d04bb3fe04

    SHA1

    08052c7dda12c53971dd5600223cfb3a47283998

    SHA256

    39531152d763dd51da8ae6a50b206f296a07410602cdb399c991987e8a11f6b4

    SHA512

    970e9965236cfb827848e93de3ad0132cde0a57cbee38ad72441dc65fb824ea6c749e5993cd948231bb881d4cf6dfc735231b643d58b64de1f81caff91987e5b

    Download Submit
  • \Users\Admin\Documents\QQÅ©ÄÁÖúÊÖ\xml\ssleay32.dll
    Filesize

    140KB

    MD5

    e503921a6061251302cb45772cb75f42

    SHA1

    b84a9daf1250dd33962feb6faaa122273a0b29a2

    SHA256

    970bfe2045464dfda89a1cd262f09813ab9c9ceb3c7375f02bca8aeecdc4cfcb

    SHA512

    d52b471d3e71e255d5bc7c9f04e141e80e750482183b770fdc35c08c0cc696c66643bc7074ebbeb2f9d95b6b728666414ad0ae5908f16e9a6e21d159dce33c48

    Download Submit
  • memory/1320-116-0x0000000000400000-0x000000000095A000-memory.dmp
    Filesize

    5.4MB

    Download
  • memory/1320-130-0x0000000011000000-0x0000000011179000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/1320-79-0x0000000011000000-0x0000000011179000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/1320-80-0x0000000012000000-0x000000001205F000-memory.dmp
    Filesize

    380KB

    Download
  • memory/1320-69-0x0000000000400000-0x000000000095A000-memory.dmp
    Filesize

    5.4MB

    Download
  • memory/1320-67-0x0000000005B10000-0x0000000005B11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1320-101-0x0000000000400000-0x000000000095A000-memory.dmp
    Filesize

    5.4MB

    Download
  • memory/1320-103-0x0000000011000000-0x0000000011179000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/1320-56-0x00000000001C0000-0x00000000001C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1320-65-0x00000000059B0000-0x00000000059B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1320-129-0x0000000000400000-0x000000000095A000-memory.dmp
    Filesize

    5.4MB

    Download
  • memory/1320-78-0x00000000001C0000-0x00000000001C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1320-66-0x00000000059C0000-0x00000000059C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1320-136-0x0000000000400000-0x000000000095A000-memory.dmp
    Filesize

    5.4MB

    Download
  • memory/1320-139-0x0000000000400000-0x000000000095A000-memory.dmp
    Filesize

    5.4MB

    Download
  • memory/1320-150-0x0000000000400000-0x000000000095A000-memory.dmp
    Filesize

    5.4MB

    Download
  • memory/1320-153-0x0000000000400000-0x000000000095A000-memory.dmp
    Filesize

    5.4MB

    Download
  • memory/1320-154-0x0000000011000000-0x0000000011179000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/1320-155-0x0000000012000000-0x000000001205F000-memory.dmp
    Filesize

    380KB

    Download
  • memory/1320-156-0x0000000000400000-0x000000000095A000-memory.dmp
    Filesize

    5.4MB

    Download
  • memory/1320-159-0x0000000000400000-0x000000000095A000-memory.dmp
    Filesize

    5.4MB

    Download
  • memory/1320-162-0x0000000000400000-0x000000000095A000-memory.dmp
    Filesize

    5.4MB

    Download
  • memory/1320-165-0x0000000000400000-0x000000000095A000-memory.dmp
    Filesize

    5.4MB

    Download