Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
28/03/2023, 06:44
Behavioral task
behavioral1
Sample
ee3c04739abb72ea784d8a81e0e1b013.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ee3c04739abb72ea784d8a81e0e1b013.exe
Resource
win10v2004-20230220-en
General
-
Target
ee3c04739abb72ea784d8a81e0e1b013.exe
-
Size
7.2MB
-
MD5
ee3c04739abb72ea784d8a81e0e1b013
-
SHA1
e3446a5058e5bd4f66626b57fde6489d72447eed
-
SHA256
3a12baae8e80f718ad7caebe32bb296d3abef5b0da65a2e86847e85bcc90b8ad
-
SHA512
46df862c22eec54cae7b194d6c495fd829ca9896ef4624c52a621abf70331fb6a8b6ae5dc42811e7919431963fbdd8954057ef6757d9bd8f3991bf1d040968b0
-
SSDEEP
196608:SqftSqdLnW+g1pOGS3yUx0EHxLj7zJqOyHU1R:DVSqdLnWPiiUx02xPJqV
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 2 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral1/files/0x000500000001867e-173.dat acprotect behavioral1/files/0x000500000001867e-174.dat acprotect -
Loads dropped DLL 7 IoCs
pid Process 2032 ee3c04739abb72ea784d8a81e0e1b013.exe 2032 ee3c04739abb72ea784d8a81e0e1b013.exe 2032 ee3c04739abb72ea784d8a81e0e1b013.exe 2032 ee3c04739abb72ea784d8a81e0e1b013.exe 2032 ee3c04739abb72ea784d8a81e0e1b013.exe 2032 ee3c04739abb72ea784d8a81e0e1b013.exe 2032 ee3c04739abb72ea784d8a81e0e1b013.exe -
resource yara_rule behavioral1/files/0x000500000001867e-173.dat upx behavioral1/files/0x000500000001867e-174.dat upx -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1368 wrote to memory of 2032 1368 ee3c04739abb72ea784d8a81e0e1b013.exe 28 PID 1368 wrote to memory of 2032 1368 ee3c04739abb72ea784d8a81e0e1b013.exe 28 PID 1368 wrote to memory of 2032 1368 ee3c04739abb72ea784d8a81e0e1b013.exe 28 PID 1368 wrote to memory of 2032 1368 ee3c04739abb72ea784d8a81e0e1b013.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\ee3c04739abb72ea784d8a81e0e1b013.exe"C:\Users\Admin\AppData\Local\Temp\ee3c04739abb72ea784d8a81e0e1b013.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1368 -
C:\Users\Admin\AppData\Local\Temp\ee3c04739abb72ea784d8a81e0e1b013.exe"C:\Users\Admin\AppData\Local\Temp\ee3c04739abb72ea784d8a81e0e1b013.exe"2⤵
- Loads dropped DLL
PID:2032
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD5395d39f6ec3e09c5194899434150cdf7
SHA1abd262b486e1adc39b40dbfe012a551c732dfd69
SHA256ecc40b2c80300b94615b450d5a97ed15ce51aa929c73da22c906ab01856f8223
SHA5120f55725eb8609ae52c45ff7e255c3e23bff0b9e049f2f37cb4fc12841ad9f5ed8264307961cbd27031997c29ce04677b646f9c859fc629b25186ec52f735ba36
-
Filesize
18KB
MD5f2cd3227975bd33ae08e34221d223ca6
SHA126b19fd814ea86825244e7a7cf82e7eddc189895
SHA256f88209bb4993bfbcfc9727d101a4f1ecf84649ca5fd15b264faac11daf19ac7f
SHA512690408ba6d88ad97334a8f9012c5db5c4d46d70cd9519f1d8e9131d1044805dce992d89167ef12d0192f4e5ab079722b88700df9601c05674267fc4f8d5486e3
-
Filesize
21KB
MD5b178f49844a5168d29d5cce20a6303e3
SHA129dd5bd890addbba1d8a9aeacb68716f8208da73
SHA2569358400795afcc41f5e748e20b139cfbb1ac976b3e460597b0b21893d647276d
SHA512b65308d482342291069314e9f99964c3479ea41579db17d3cbe3888318bb7605ee67c11a40f14609665a419f44a61809513bddb8b3657b24a4bac16bb274664f
-
Filesize
19KB
MD5da1c671169dd183afca9ac76f46fd86e
SHA147a1bd0c45d5b87351870b8dd2122da30638ec83
SHA256e5c2478571ab260776b547579acd847bdecac9b4b9b4590d4ac7c80135c68930
SHA5125e6eb5525a77ac63bbae2288fecfd5712aff5c194e55d93239ae6171b8602de9d029ca725f15efb03890dff57a34c07435687e87a20839d614cc9c90fdf06f5d
-
Filesize
18KB
MD5c54a336fdc425291b1d972f6fbaca6c7
SHA1ea3872c198f3f41e41dcc42cf92aabbc6540579d
SHA2568d1f5410f8b4326876410b45fcdcabb96bea4941f71ea5b11cb6dae80e6bdd49
SHA512abe7694493ce2e367582be1155fb5100a7840e67eb1f646dbd5360a47b430ec03634a3f1a940a8a5f555d96da0fdab66a4a2de544b847234e38b588cf597e0e9
-
Filesize
1.2MB
MD5fe9b84b2a3c27c3e75c5b7e3e5f64095
SHA18a423a0520f2250fb4272ba252d7c425cd70112e
SHA256ddc492c11ebb683645f04190ad9fcfd209315610719c1140fbb812d9feccf6c7
SHA512eb69effe5040272fc3c39dfb933fa1a7e43861e3d2a4c94b6f51ade6c6b237ea6b3413cef99b2dbc0e46f2aedb001af679ff4127029fa24851d4eab7a8600202
-
Filesize
896KB
MD5f8dfced1990429772b98fb57a3809391
SHA1368084099c900c97ecaf410707cbb5ea7203397c
SHA256fd78770b8978684b8abc83a172f7e24a8b6df9e5f3844aa38717227581816280
SHA5122bd3be42e2a162c28109ed1d9ebc0a86f759c9c513d6e29b05ccd46e261b92d187074dd182bdbbe393eed3c91e81f685884fa343ea561233dfc7c03aa3e2bd50
-
Filesize
18KB
MD5395d39f6ec3e09c5194899434150cdf7
SHA1abd262b486e1adc39b40dbfe012a551c732dfd69
SHA256ecc40b2c80300b94615b450d5a97ed15ce51aa929c73da22c906ab01856f8223
SHA5120f55725eb8609ae52c45ff7e255c3e23bff0b9e049f2f37cb4fc12841ad9f5ed8264307961cbd27031997c29ce04677b646f9c859fc629b25186ec52f735ba36
-
Filesize
18KB
MD5f2cd3227975bd33ae08e34221d223ca6
SHA126b19fd814ea86825244e7a7cf82e7eddc189895
SHA256f88209bb4993bfbcfc9727d101a4f1ecf84649ca5fd15b264faac11daf19ac7f
SHA512690408ba6d88ad97334a8f9012c5db5c4d46d70cd9519f1d8e9131d1044805dce992d89167ef12d0192f4e5ab079722b88700df9601c05674267fc4f8d5486e3
-
Filesize
21KB
MD5b178f49844a5168d29d5cce20a6303e3
SHA129dd5bd890addbba1d8a9aeacb68716f8208da73
SHA2569358400795afcc41f5e748e20b139cfbb1ac976b3e460597b0b21893d647276d
SHA512b65308d482342291069314e9f99964c3479ea41579db17d3cbe3888318bb7605ee67c11a40f14609665a419f44a61809513bddb8b3657b24a4bac16bb274664f
-
Filesize
19KB
MD5da1c671169dd183afca9ac76f46fd86e
SHA147a1bd0c45d5b87351870b8dd2122da30638ec83
SHA256e5c2478571ab260776b547579acd847bdecac9b4b9b4590d4ac7c80135c68930
SHA5125e6eb5525a77ac63bbae2288fecfd5712aff5c194e55d93239ae6171b8602de9d029ca725f15efb03890dff57a34c07435687e87a20839d614cc9c90fdf06f5d
-
Filesize
18KB
MD5c54a336fdc425291b1d972f6fbaca6c7
SHA1ea3872c198f3f41e41dcc42cf92aabbc6540579d
SHA2568d1f5410f8b4326876410b45fcdcabb96bea4941f71ea5b11cb6dae80e6bdd49
SHA512abe7694493ce2e367582be1155fb5100a7840e67eb1f646dbd5360a47b430ec03634a3f1a940a8a5f555d96da0fdab66a4a2de544b847234e38b588cf597e0e9
-
Filesize
1.2MB
MD5fe9b84b2a3c27c3e75c5b7e3e5f64095
SHA18a423a0520f2250fb4272ba252d7c425cd70112e
SHA256ddc492c11ebb683645f04190ad9fcfd209315610719c1140fbb812d9feccf6c7
SHA512eb69effe5040272fc3c39dfb933fa1a7e43861e3d2a4c94b6f51ade6c6b237ea6b3413cef99b2dbc0e46f2aedb001af679ff4127029fa24851d4eab7a8600202
-
Filesize
896KB
MD5f8dfced1990429772b98fb57a3809391
SHA1368084099c900c97ecaf410707cbb5ea7203397c
SHA256fd78770b8978684b8abc83a172f7e24a8b6df9e5f3844aa38717227581816280
SHA5122bd3be42e2a162c28109ed1d9ebc0a86f759c9c513d6e29b05ccd46e261b92d187074dd182bdbbe393eed3c91e81f685884fa343ea561233dfc7c03aa3e2bd50