Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2023, 06:44

General

  • Target

    ee3c04739abb72ea784d8a81e0e1b013.exe

  • Size

    7.2MB

  • MD5

    ee3c04739abb72ea784d8a81e0e1b013

  • SHA1

    e3446a5058e5bd4f66626b57fde6489d72447eed

  • SHA256

    3a12baae8e80f718ad7caebe32bb296d3abef5b0da65a2e86847e85bcc90b8ad

  • SHA512

    46df862c22eec54cae7b194d6c495fd829ca9896ef4624c52a621abf70331fb6a8b6ae5dc42811e7919431963fbdd8954057ef6757d9bd8f3991bf1d040968b0

  • SSDEEP

    196608:SqftSqdLnW+g1pOGS3yUx0EHxLj7zJqOyHU1R:DVSqdLnWPiiUx02xPJqV

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 7 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee3c04739abb72ea784d8a81e0e1b013.exe
    "C:\Users\Admin\AppData\Local\Temp\ee3c04739abb72ea784d8a81e0e1b013.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Users\Admin\AppData\Local\Temp\ee3c04739abb72ea784d8a81e0e1b013.exe
      "C:\Users\Admin\AppData\Local\Temp\ee3c04739abb72ea784d8a81e0e1b013.exe"
      2⤵
      • Loads dropped DLL
      PID:2032

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI13682\api-ms-win-core-file-l1-2-0.dll

          Filesize

          18KB

          MD5

          395d39f6ec3e09c5194899434150cdf7

          SHA1

          abd262b486e1adc39b40dbfe012a551c732dfd69

          SHA256

          ecc40b2c80300b94615b450d5a97ed15ce51aa929c73da22c906ab01856f8223

          SHA512

          0f55725eb8609ae52c45ff7e255c3e23bff0b9e049f2f37cb4fc12841ad9f5ed8264307961cbd27031997c29ce04677b646f9c859fc629b25186ec52f735ba36

        • C:\Users\Admin\AppData\Local\Temp\_MEI13682\api-ms-win-core-file-l2-1-0.dll

          Filesize

          18KB

          MD5

          f2cd3227975bd33ae08e34221d223ca6

          SHA1

          26b19fd814ea86825244e7a7cf82e7eddc189895

          SHA256

          f88209bb4993bfbcfc9727d101a4f1ecf84649ca5fd15b264faac11daf19ac7f

          SHA512

          690408ba6d88ad97334a8f9012c5db5c4d46d70cd9519f1d8e9131d1044805dce992d89167ef12d0192f4e5ab079722b88700df9601c05674267fc4f8d5486e3

        • C:\Users\Admin\AppData\Local\Temp\_MEI13682\api-ms-win-core-localization-l1-2-0.dll

          Filesize

          21KB

          MD5

          b178f49844a5168d29d5cce20a6303e3

          SHA1

          29dd5bd890addbba1d8a9aeacb68716f8208da73

          SHA256

          9358400795afcc41f5e748e20b139cfbb1ac976b3e460597b0b21893d647276d

          SHA512

          b65308d482342291069314e9f99964c3479ea41579db17d3cbe3888318bb7605ee67c11a40f14609665a419f44a61809513bddb8b3657b24a4bac16bb274664f

        • C:\Users\Admin\AppData\Local\Temp\_MEI13682\api-ms-win-core-processthreads-l1-1-1.dll

          Filesize

          19KB

          MD5

          da1c671169dd183afca9ac76f46fd86e

          SHA1

          47a1bd0c45d5b87351870b8dd2122da30638ec83

          SHA256

          e5c2478571ab260776b547579acd847bdecac9b4b9b4590d4ac7c80135c68930

          SHA512

          5e6eb5525a77ac63bbae2288fecfd5712aff5c194e55d93239ae6171b8602de9d029ca725f15efb03890dff57a34c07435687e87a20839d614cc9c90fdf06f5d

        • C:\Users\Admin\AppData\Local\Temp\_MEI13682\api-ms-win-core-timezone-l1-1-0.dll

          Filesize

          18KB

          MD5

          c54a336fdc425291b1d972f6fbaca6c7

          SHA1

          ea3872c198f3f41e41dcc42cf92aabbc6540579d

          SHA256

          8d1f5410f8b4326876410b45fcdcabb96bea4941f71ea5b11cb6dae80e6bdd49

          SHA512

          abe7694493ce2e367582be1155fb5100a7840e67eb1f646dbd5360a47b430ec03634a3f1a940a8a5f555d96da0fdab66a4a2de544b847234e38b588cf597e0e9

        • C:\Users\Admin\AppData\Local\Temp\_MEI13682\python310.dll

          Filesize

          1.2MB

          MD5

          fe9b84b2a3c27c3e75c5b7e3e5f64095

          SHA1

          8a423a0520f2250fb4272ba252d7c425cd70112e

          SHA256

          ddc492c11ebb683645f04190ad9fcfd209315610719c1140fbb812d9feccf6c7

          SHA512

          eb69effe5040272fc3c39dfb933fa1a7e43861e3d2a4c94b6f51ade6c6b237ea6b3413cef99b2dbc0e46f2aedb001af679ff4127029fa24851d4eab7a8600202

        • C:\Users\Admin\AppData\Local\Temp\_MEI13682\ucrtbase.dll

          Filesize

          896KB

          MD5

          f8dfced1990429772b98fb57a3809391

          SHA1

          368084099c900c97ecaf410707cbb5ea7203397c

          SHA256

          fd78770b8978684b8abc83a172f7e24a8b6df9e5f3844aa38717227581816280

          SHA512

          2bd3be42e2a162c28109ed1d9ebc0a86f759c9c513d6e29b05ccd46e261b92d187074dd182bdbbe393eed3c91e81f685884fa343ea561233dfc7c03aa3e2bd50

        • \Users\Admin\AppData\Local\Temp\_MEI13682\api-ms-win-core-file-l1-2-0.dll

          Filesize

          18KB

          MD5

          395d39f6ec3e09c5194899434150cdf7

          SHA1

          abd262b486e1adc39b40dbfe012a551c732dfd69

          SHA256

          ecc40b2c80300b94615b450d5a97ed15ce51aa929c73da22c906ab01856f8223

          SHA512

          0f55725eb8609ae52c45ff7e255c3e23bff0b9e049f2f37cb4fc12841ad9f5ed8264307961cbd27031997c29ce04677b646f9c859fc629b25186ec52f735ba36

        • \Users\Admin\AppData\Local\Temp\_MEI13682\api-ms-win-core-file-l2-1-0.dll

          Filesize

          18KB

          MD5

          f2cd3227975bd33ae08e34221d223ca6

          SHA1

          26b19fd814ea86825244e7a7cf82e7eddc189895

          SHA256

          f88209bb4993bfbcfc9727d101a4f1ecf84649ca5fd15b264faac11daf19ac7f

          SHA512

          690408ba6d88ad97334a8f9012c5db5c4d46d70cd9519f1d8e9131d1044805dce992d89167ef12d0192f4e5ab079722b88700df9601c05674267fc4f8d5486e3

        • \Users\Admin\AppData\Local\Temp\_MEI13682\api-ms-win-core-localization-l1-2-0.dll

          Filesize

          21KB

          MD5

          b178f49844a5168d29d5cce20a6303e3

          SHA1

          29dd5bd890addbba1d8a9aeacb68716f8208da73

          SHA256

          9358400795afcc41f5e748e20b139cfbb1ac976b3e460597b0b21893d647276d

          SHA512

          b65308d482342291069314e9f99964c3479ea41579db17d3cbe3888318bb7605ee67c11a40f14609665a419f44a61809513bddb8b3657b24a4bac16bb274664f

        • \Users\Admin\AppData\Local\Temp\_MEI13682\api-ms-win-core-processthreads-l1-1-1.dll

          Filesize

          19KB

          MD5

          da1c671169dd183afca9ac76f46fd86e

          SHA1

          47a1bd0c45d5b87351870b8dd2122da30638ec83

          SHA256

          e5c2478571ab260776b547579acd847bdecac9b4b9b4590d4ac7c80135c68930

          SHA512

          5e6eb5525a77ac63bbae2288fecfd5712aff5c194e55d93239ae6171b8602de9d029ca725f15efb03890dff57a34c07435687e87a20839d614cc9c90fdf06f5d

        • \Users\Admin\AppData\Local\Temp\_MEI13682\api-ms-win-core-timezone-l1-1-0.dll

          Filesize

          18KB

          MD5

          c54a336fdc425291b1d972f6fbaca6c7

          SHA1

          ea3872c198f3f41e41dcc42cf92aabbc6540579d

          SHA256

          8d1f5410f8b4326876410b45fcdcabb96bea4941f71ea5b11cb6dae80e6bdd49

          SHA512

          abe7694493ce2e367582be1155fb5100a7840e67eb1f646dbd5360a47b430ec03634a3f1a940a8a5f555d96da0fdab66a4a2de544b847234e38b588cf597e0e9

        • \Users\Admin\AppData\Local\Temp\_MEI13682\python310.dll

          Filesize

          1.2MB

          MD5

          fe9b84b2a3c27c3e75c5b7e3e5f64095

          SHA1

          8a423a0520f2250fb4272ba252d7c425cd70112e

          SHA256

          ddc492c11ebb683645f04190ad9fcfd209315610719c1140fbb812d9feccf6c7

          SHA512

          eb69effe5040272fc3c39dfb933fa1a7e43861e3d2a4c94b6f51ade6c6b237ea6b3413cef99b2dbc0e46f2aedb001af679ff4127029fa24851d4eab7a8600202

        • \Users\Admin\AppData\Local\Temp\_MEI13682\ucrtbase.dll

          Filesize

          896KB

          MD5

          f8dfced1990429772b98fb57a3809391

          SHA1

          368084099c900c97ecaf410707cbb5ea7203397c

          SHA256

          fd78770b8978684b8abc83a172f7e24a8b6df9e5f3844aa38717227581816280

          SHA512

          2bd3be42e2a162c28109ed1d9ebc0a86f759c9c513d6e29b05ccd46e261b92d187074dd182bdbbe393eed3c91e81f685884fa343ea561233dfc7c03aa3e2bd50

        • memory/2032-175-0x00000000743C0000-0x0000000074801000-memory.dmp

          Filesize

          4.3MB