5c05f9c595ac4dc20ebd3a4efb0061f00491e220201dd71019c37a9912b0d4fb

Analysis

max time kernel
1595s
max time network
1601s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
09/06/2023, 16:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Connectify Hotspot PRO 7.1.29279 + Crack [ThumperDC]/ConnectifyInstaller.exe
Size

7.4MB
MD5

e67ead35efad0418b476aa8a0b2bb99b
SHA1

a532ef8ada4da7ce99b1eb180fe2a8e8c187020f
SHA256

71b6e6b27f6b1742acf06c70ebdc524f0dd6dc790898b5a6e44160bb2862065d
SHA512

ff9a5a3758cc0b5f31e588a7edd70e9dcf0a4ab7aab84c4bbee9a9e616c827c4a2019d5edc978c87b36011eb9f517f3833de4ec3730e522997c7fa301bb485b9
SSDEEP

196608:sLa4GkfhBmfduAi8DB0wN9euJih1HrznZio0K:sm5kfKzi8F04eAoHrzt0K

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral3/files/0x00070000000133cd-74.dat	acprotect
behavioral3/memory/1708-76-0x0000000002DD0000-0x0000000002DDA000-memory.dmp	acprotect

Executes dropped EXE 3 IoCs

pid	Process
1208	Analytics.exe
668	Analytics.exe
1948	Analytics.exe

Loads dropped DLL 11 IoCs

pid	Process
1708	ConnectifyInstaller.exe
1708	ConnectifyInstaller.exe
1708	ConnectifyInstaller.exe
1708	ConnectifyInstaller.exe
1708	ConnectifyInstaller.exe
1708	ConnectifyInstaller.exe
1208	Analytics.exe
1708	ConnectifyInstaller.exe
1708	ConnectifyInstaller.exe
668	Analytics.exe
1948	Analytics.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/files/0x00070000000133cd-74.dat	upx
behavioral3/memory/1708-76-0x0000000002DD0000-0x0000000002DDA000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1708	ConnectifyInstaller.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1948	Analytics.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1208	1708	ConnectifyInstaller.exe	27
PID 1708 wrote to memory of 1208	1708	ConnectifyInstaller.exe	27
PID 1708 wrote to memory of 1208	1708	ConnectifyInstaller.exe	27
PID 1708 wrote to memory of 1208	1708	ConnectifyInstaller.exe	27
PID 1708 wrote to memory of 668	1708	ConnectifyInstaller.exe	29
PID 1708 wrote to memory of 668	1708	ConnectifyInstaller.exe	29
PID 1708 wrote to memory of 668	1708	ConnectifyInstaller.exe	29
PID 1708 wrote to memory of 668	1708	ConnectifyInstaller.exe	29
PID 668 wrote to memory of 1948	668	Analytics.exe	31
PID 668 wrote to memory of 1948	668	Analytics.exe	31
PID 668 wrote to memory of 1948	668	Analytics.exe	31
PID 668 wrote to memory of 1948	668	Analytics.exe	31

C:\Users\Admin\AppData\Local\Temp\Connectify Hotspot PRO 7.1.29279 + Crack [ThumperDC]\ConnectifyInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\Connectify Hotspot PRO 7.1.29279 + Crack [ThumperDC]\ConnectifyInstaller.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Users\Admin\AppData\Local\Temp\Connectify\c\Analytics.exe
  "C:\Users\Admin\AppData\Local\Temp\Connectify\c\Analytics.exe" setSourceFromPath "C:\Users\Admin\AppData\Local\Temp\Connectify Hotspot PRO 7.1.29279 + Crack [ThumperDC]\ConnectifyInstaller.exe" dispatch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1208
- C:\Users\Admin\AppData\Local\Temp\Connectify\c\Analytics.exe
  "C:\Users\Admin\AppData\Local\Temp\Connectify\c\Analytics.exe" daemon navigation Installer Init 7.1.0.29279 None
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:668
- - C:\Users\Admin\AppData\Local\Temp\Connectify\c\Analytics.exe
    "C:\Users\Admin\AppData\Local\Temp\Connectify\c\Analytics.exe" navigation Installer Init 7.1.0.29279 None
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1948

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Connectify\c\Analytics.exe

Filesize
96KB

MD5
05712885ef39a6d6daad0eb884763946

SHA1
f70f3f3ff962899c6c38557a4cec1db873b9360f

SHA256
d88789c5d5c5855cec6eefe3bfdb948f1c6e1033c02c3f947b71ddf93fb181ac

SHA512
b34b652d3e13a6a087564f2d19cbaf03636a31031ab4dff3df5960fa0044d4a9d6a63cb6e2203cd2bbdd12b895852bba590b8d09d0bc073b81c82d4d13b51c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Connectify\c\Analytics.exe

Filesize
96KB

MD5
05712885ef39a6d6daad0eb884763946

SHA1
f70f3f3ff962899c6c38557a4cec1db873b9360f

SHA256
d88789c5d5c5855cec6eefe3bfdb948f1c6e1033c02c3f947b71ddf93fb181ac

SHA512
b34b652d3e13a6a087564f2d19cbaf03636a31031ab4dff3df5960fa0044d4a9d6a63cb6e2203cd2bbdd12b895852bba590b8d09d0bc073b81c82d4d13b51c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Connectify\c\Analytics.exe

Filesize
96KB

MD5
05712885ef39a6d6daad0eb884763946

SHA1
f70f3f3ff962899c6c38557a4cec1db873b9360f

SHA256
d88789c5d5c5855cec6eefe3bfdb948f1c6e1033c02c3f947b71ddf93fb181ac

SHA512
b34b652d3e13a6a087564f2d19cbaf03636a31031ab4dff3df5960fa0044d4a9d6a63cb6e2203cd2bbdd12b895852bba590b8d09d0bc073b81c82d4d13b51c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Connectify\c\Analytics.exe

Filesize
96KB

MD5
05712885ef39a6d6daad0eb884763946

SHA1
f70f3f3ff962899c6c38557a4cec1db873b9360f

SHA256
d88789c5d5c5855cec6eefe3bfdb948f1c6e1033c02c3f947b71ddf93fb181ac

SHA512
b34b652d3e13a6a087564f2d19cbaf03636a31031ab4dff3df5960fa0044d4a9d6a63cb6e2203cd2bbdd12b895852bba590b8d09d0bc073b81c82d4d13b51c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Connectify\c\NativeLibrary.dll

Filesize
367KB

MD5
0a1ec1c84c760261f6b2bd5c40f8ff8f

SHA1
fb65692534a0fc931c9e12d6ed848cca0455699c

SHA256
9d5dcf6ba576641c559687e57b1506f81e889ad7cbb4247511a7cdf8baea7291

SHA512
c7fd528418d8aad83fb6d5cb7d907c305bad7e6d81947146b6d8c8d738b6ee3933aa0c75394fc122faf4d624e3f1209f354682963b27cfa5acff4d2d86a10471

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4DD5.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4DD5.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\Connectify\c\Analytics.exe

Filesize
96KB

MD5
05712885ef39a6d6daad0eb884763946

SHA1
f70f3f3ff962899c6c38557a4cec1db873b9360f

SHA256
d88789c5d5c5855cec6eefe3bfdb948f1c6e1033c02c3f947b71ddf93fb181ac

SHA512
b34b652d3e13a6a087564f2d19cbaf03636a31031ab4dff3df5960fa0044d4a9d6a63cb6e2203cd2bbdd12b895852bba590b8d09d0bc073b81c82d4d13b51c20

Download Submit
\Users\Admin\AppData\Local\Temp\Connectify\c\Analytics.exe

Filesize
96KB

MD5
05712885ef39a6d6daad0eb884763946

SHA1
f70f3f3ff962899c6c38557a4cec1db873b9360f

SHA256
d88789c5d5c5855cec6eefe3bfdb948f1c6e1033c02c3f947b71ddf93fb181ac

SHA512
b34b652d3e13a6a087564f2d19cbaf03636a31031ab4dff3df5960fa0044d4a9d6a63cb6e2203cd2bbdd12b895852bba590b8d09d0bc073b81c82d4d13b51c20

Download Submit
\Users\Admin\AppData\Local\Temp\Connectify\c\Analytics.exe

Filesize
96KB

MD5
05712885ef39a6d6daad0eb884763946

SHA1
f70f3f3ff962899c6c38557a4cec1db873b9360f

SHA256
d88789c5d5c5855cec6eefe3bfdb948f1c6e1033c02c3f947b71ddf93fb181ac

SHA512
b34b652d3e13a6a087564f2d19cbaf03636a31031ab4dff3df5960fa0044d4a9d6a63cb6e2203cd2bbdd12b895852bba590b8d09d0bc073b81c82d4d13b51c20

Download Submit
\Users\Admin\AppData\Local\Temp\Connectify\c\NativeLibrary.dll

Filesize
367KB

MD5
0a1ec1c84c760261f6b2bd5c40f8ff8f

SHA1
fb65692534a0fc931c9e12d6ed848cca0455699c

SHA256
9d5dcf6ba576641c559687e57b1506f81e889ad7cbb4247511a7cdf8baea7291

SHA512
c7fd528418d8aad83fb6d5cb7d907c305bad7e6d81947146b6d8c8d738b6ee3933aa0c75394fc122faf4d624e3f1209f354682963b27cfa5acff4d2d86a10471

Download Submit
\Users\Admin\AppData\Local\Temp\Connectify\c\NativeLibrary.dll

Filesize
367KB

MD5
0a1ec1c84c760261f6b2bd5c40f8ff8f

SHA1
fb65692534a0fc931c9e12d6ed848cca0455699c

SHA256
9d5dcf6ba576641c559687e57b1506f81e889ad7cbb4247511a7cdf8baea7291

SHA512
c7fd528418d8aad83fb6d5cb7d907c305bad7e6d81947146b6d8c8d738b6ee3933aa0c75394fc122faf4d624e3f1209f354682963b27cfa5acff4d2d86a10471

Download Submit
\Users\Admin\AppData\Local\Temp\nst4DD5.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nst4DD5.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nst4DD5.tmp\UAC.dll

Filesize
13KB

MD5
7f56c0d6a8733dec142814ed5a58b0ee

SHA1
c119e66f179cfb758966f3cf878466057bea1840

SHA256
86445396775370aff5834f10bda25e505b6f89efc69a04fe1ce46f5d128be73f

SHA512
8b3b9bed985b3583b7be8b2197bb068e5d5508f8b5c4a7fc1278b2662dc8d9a53fd6df63f636e44bfc5aa37f030ac76b8d259d6b446bf87d5c72b74ff5b158f3

Download Submit
\Users\Admin\AppData\Local\Temp\nst4DD5.tmp\md5dll.dll

Filesize
6KB

MD5
7059f133ea2316b9e7e39094a52a8c34

SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802

SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f

SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51

Download Submit
\Users\Admin\AppData\Local\Temp\nst4DD5.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nst4DD5.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
memory/668-270-0x0000000000210000-0x0000000000224000-memory.dmp

Filesize
80KB

Download
memory/668-269-0x0000000000460000-0x00000000004A0000-memory.dmp

Filesize
256KB

Download
memory/668-268-0x0000000000250000-0x000000000026C000-memory.dmp

Filesize
112KB

Download
memory/1208-256-0x0000000000360000-0x000000000037C000-memory.dmp

Filesize
112KB

Download
memory/1208-259-0x0000000000580000-0x0000000000594000-memory.dmp

Filesize
80KB

Download
memory/1208-258-0x0000000000470000-0x000000000047A000-memory.dmp

Filesize
40KB

Download
memory/1208-257-0x00000000048E0000-0x0000000004920000-memory.dmp

Filesize
256KB

Download
memory/1708-76-0x0000000002DD0000-0x0000000002DDA000-memory.dmp

Filesize
40KB

Download
memory/1708-276-0x0000000002DD0000-0x0000000002DDA000-memory.dmp

Filesize
40KB

Download
memory/1948-273-0x0000000000360000-0x0000000000374000-memory.dmp

Filesize
80KB

Download
memory/1948-275-0x0000000004750000-0x0000000004790000-memory.dmp

Filesize
256KB

Download