8021944e3a8d8aac9b736ed0c5b9dfc0ceae9b435808a192431abef101f6c7aa

Analysis

max time kernel
141s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2023 07:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UnPackMe_shield.exe
Size

617KB
MD5

14ddfc3edb10583bec6038ca8fbc1120
SHA1

322c58a709ae5d593e1049012e4ccdcf688771fe
SHA256

8021944e3a8d8aac9b736ed0c5b9dfc0ceae9b435808a192431abef101f6c7aa
SHA512

7f29d492775bae9385648140bc9b08ceca13b889ad2e3b9f3807502baa5eb974abe1035d16f5d334ce584ad4644946e03065599a324f8c065c6f0274565d805f
SSDEEP

12288:U9EXmg9aTKh4Za+jdjaJENYUC3CHCAdShajtjWqgNaPJTivuwfu8Tm7LLt:4EXm18+pHYJCiTE51gNahGvuwfu0m/B

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x00030000000226e6-143.dat	acprotect

Loads dropped DLL 2 IoCs

pid	Process
4172	UnPackMe_shield.exe
4172	UnPackMe_shield.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00030000000226e6-143.dat	upx
behavioral2/memory/4172-149-0x00000000720D0000-0x000000007213C000-memory.dmp	upx
behavioral2/memory/4172-152-0x00000000720D0000-0x000000007213C000-memory.dmp	upx
behavioral2/memory/4172-157-0x00000000720D0000-0x000000007213C000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\UnPackMe_shield.exe
"C:\Users\Admin\AppData\Local\Temp\UnPackMe_shield.exe"
1⤵
- Loads dropped DLL
PID:4172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5bf373e0-ce2e-47fb-b649-f0a764f8221c.dll

Filesize
447KB

MD5
aa249c6e24bf386b1023825c1ccdc032

SHA1
c5749e0f5d36b90ea50c379ec1be32370da71dfe

SHA256
4f7e538c40e0ac757fa651a9c5d096c2a3ee9ad2da7a96dc46bc7ff935820215

SHA512
ba760aea41a7292f010d4fe5d3fce233aa85aa47ba89fada6b4bac4f5538b792bad163605dbfec93fd9d349a94dabcd25a622109f3b8efb292e10ba055860ca6

Download Submit
C:\Users\Admin\AppData\Local\Temp\c19c02559de34119a94b4affc44e40ea.dll

Filesize
254KB

MD5
6469a6a4fb0dc1c77ef41e3618f05e0b

SHA1
4e2ca38074b18b02b82338017d94a532c4920ece

SHA256
bcf34691fddb5db4b532fdc9a4da3e69bf6d41d75be61a77dafd6306546bcec4

SHA512
efadc188eba54a8e7b51bf5ed106f05014e2965d854ebad7b29f8e0e7bdbef4b76d35c657d376216c69b08822a9169ce935decf0c519e320848e39b9ca3bc69d

Download Submit
memory/4172-147-0x00000000053E0000-0x0000000005984000-memory.dmp

Filesize
5.6MB

Download
memory/4172-140-0x0000000004D50000-0x0000000004DC6000-memory.dmp

Filesize
472KB

Download
memory/4172-141-0x0000000004C80000-0x0000000004C9E000-memory.dmp

Filesize
120KB

Download
memory/4172-139-0x0000000004CC0000-0x0000000004CD0000-memory.dmp

Filesize
64KB

Download
memory/4172-133-0x00000000002D0000-0x0000000000370000-memory.dmp

Filesize
640KB

Download
memory/4172-148-0x0000000004ED0000-0x0000000004F62000-memory.dmp

Filesize
584KB

Download
memory/4172-149-0x00000000720D0000-0x000000007213C000-memory.dmp

Filesize
432KB

Download
memory/4172-150-0x0000000004EB0000-0x0000000004EBA000-memory.dmp

Filesize
40KB

Download
memory/4172-151-0x0000000004CC0000-0x0000000004CD0000-memory.dmp

Filesize
64KB

Download
memory/4172-152-0x00000000720D0000-0x000000007213C000-memory.dmp

Filesize
432KB

Download
memory/4172-153-0x0000000004CC0000-0x0000000004CD0000-memory.dmp

Filesize
64KB

Download
memory/4172-154-0x0000000004CC0000-0x0000000004CD0000-memory.dmp

Filesize
64KB

Download
memory/4172-157-0x00000000720D0000-0x000000007213C000-memory.dmp

Filesize
432KB

Download