02588ec693e7d5ae938888eef6de3e667b43df94df31f26fb4a888730690f655

Analysis

max time kernel
122s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2023, 01:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.exe
Size

63.2MB
MD5

eb3f681012b9858e3967f454cca9d83d
SHA1

3a02df20d1c602b178706a2162fcbb1de496837f
SHA256

02588ec693e7d5ae938888eef6de3e667b43df94df31f26fb4a888730690f655
SHA512

8a9d841d3fc74e273b9fe3a97aa686975d71510a7cbd9ace5d4d1b59da7e4f74b21a051b70806a2aa9e31bb9212607298cab3ce23ffe4a60318c82de09757fea
SSDEEP

1572864:BnepHLAOuTIcjrHVOY3sERYws0S/XGx6zczZJtjSbB3aWk3iWHwNLsWw:BeVLAOUjrH3stWx6mD9aaBiWQNLsl

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x00090000000231b8-212.dat	acprotect
behavioral2/files/0x00090000000231b8-210.dat	acprotect
behavioral2/files/0x00090000000231b8-226.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp

Loads dropped DLL 3 IoCs

pid	Process
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00090000000231b8-212.dat	upx
behavioral2/memory/2720-214-0x0000000004110000-0x0000000004230000-memory.dmp	upx
behavioral2/memory/2720-215-0x0000000004110000-0x0000000004230000-memory.dmp	upx
behavioral2/files/0x00090000000231b8-210.dat	upx
behavioral2/memory/2720-222-0x0000000004110000-0x0000000004230000-memory.dmp	upx
behavioral2/files/0x00090000000231b8-226.dat	upx

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1012	PING.EXE

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 2720	5096	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.exe	86
PID 5096 wrote to memory of 2720	5096	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.exe	86
PID 5096 wrote to memory of 2720	5096	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.exe	86
PID 2720 wrote to memory of 1252	2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp	98
PID 2720 wrote to memory of 1252	2720	Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp	98
PID 1252 wrote to memory of 1012	1252	cmd.exe	100
PID 1252 wrote to memory of 1012	1252	cmd.exe	100

C:\Users\Admin\AppData\Local\Temp\Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.exe
"C:\Users\Admin\AppData\Local\Temp\Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Users\Admin\AppData\Local\Temp\is-F7NLQ.tmp\Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-F7NLQ.tmp\Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp" /SL5="$A004A,65070171,263168,C:\Users\Admin\AppData\Local\Temp\Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe" /c ping -n 3 127.0.0.1 &RD /S /Q C:\Users\Admin\AppData\Local\Temp\is-B334I.tmp
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1252
  - - C:\Windows\system32\PING.EXE
      ping -n 3 127.0.0.1
      4⤵
      Runs ping.exe
      PID:1012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-B334I.tmp\ISHash.dll

Filesize
225KB

MD5
aa92ca701521381dda5ec7440095ea66

SHA1
cdd9cf34e163e01e84f3bc36954de846760c6a04

SHA256
7ee0424eb33bf9127a5b34205e094e63e62997fe6b4f2c363226f9d8d1b13d4e

SHA512
2078d1e6b3bd2b96c460f205158927563fd9d040b8a308b7b5d974e7e903e37bb35ac4743efdc4db22adadb65129282040b68cd69378f6e700dfa3feacd668a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B334I.tmp\ISHash.dll

Filesize
225KB

MD5
aa92ca701521381dda5ec7440095ea66

SHA1
cdd9cf34e163e01e84f3bc36954de846760c6a04

SHA256
7ee0424eb33bf9127a5b34205e094e63e62997fe6b4f2c363226f9d8d1b13d4e

SHA512
2078d1e6b3bd2b96c460f205158927563fd9d040b8a308b7b5d974e7e903e37bb35ac4743efdc4db22adadb65129282040b68cd69378f6e700dfa3feacd668a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B334I.tmp\ISHash.dll

Filesize
225KB

MD5
aa92ca701521381dda5ec7440095ea66

SHA1
cdd9cf34e163e01e84f3bc36954de846760c6a04

SHA256
7ee0424eb33bf9127a5b34205e094e63e62997fe6b4f2c363226f9d8d1b13d4e

SHA512
2078d1e6b3bd2b96c460f205158927563fd9d040b8a308b7b5d974e7e903e37bb35ac4743efdc4db22adadb65129282040b68cd69378f6e700dfa3feacd668a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B334I.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B334I.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B334I.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-F7NLQ.tmp\Malwarebytes.Premium.v4.5.33.RePack.by.xetrin_JC.tmp

Filesize
3.9MB

MD5
de4391e70fbea1c1454e39f088a7aa31

SHA1
df541d361956155e21b6acad0af8147d2e6908b5

SHA256
93957a488f1db87c154f1f0fec0e7a9e0b260cec98352470d80540913972529c

SHA512
61c27a4bcb5aef4b47c8eeed7a8340e834781ea992b214686a475be294dba4daa65be2bcdd2cb6d7cb664b5688a240cd4407ab92e582f23ad9ab4de85007db2c

Download Submit
memory/2720-173-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2720-179-0x0000000003410000-0x0000000003411000-memory.dmp

Filesize
4KB

Download
memory/2720-144-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-145-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-147-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-146-0x0000000003360000-0x0000000003361000-memory.dmp

Filesize
4KB

Download
memory/2720-148-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-150-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-176-0x0000000003400000-0x0000000003401000-memory.dmp

Filesize
4KB

Download
memory/2720-149-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2720-153-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-154-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-152-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2720-156-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-155-0x0000000003390000-0x0000000003391000-memory.dmp

Filesize
4KB

Download
memory/2720-157-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-158-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/2720-159-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-160-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-161-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2720-162-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-163-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-164-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2720-165-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-166-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-178-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-167-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/2720-169-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-170-0x00000000033E0000-0x00000000033E1000-memory.dmp

Filesize
4KB

Download
memory/2720-171-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-172-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-142-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-174-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-175-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-151-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-143-0x0000000003350000-0x0000000003351000-memory.dmp

Filesize
4KB

Download
memory/2720-168-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-177-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-180-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-181-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-183-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-184-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-185-0x0000000003430000-0x0000000003431000-memory.dmp

Filesize
4KB

Download
memory/2720-186-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-187-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-188-0x0000000003440000-0x0000000003441000-memory.dmp

Filesize
4KB

Download
memory/2720-189-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-190-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-191-0x0000000003450000-0x0000000003451000-memory.dmp

Filesize
4KB

Download
memory/2720-182-0x0000000003420000-0x0000000003421000-memory.dmp

Filesize
4KB

Download
memory/2720-192-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-194-0x0000000003460000-0x0000000003461000-memory.dmp

Filesize
4KB

Download
memory/2720-195-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-193-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-196-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-197-0x0000000003470000-0x0000000003471000-memory.dmp

Filesize
4KB

Download
memory/2720-198-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-199-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-200-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-202-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/2720-214-0x0000000004110000-0x0000000004230000-memory.dmp

Filesize
1.1MB

Download
memory/2720-215-0x0000000004110000-0x0000000004230000-memory.dmp

Filesize
1.1MB

Download
memory/2720-216-0x0000000000400000-0x0000000000806000-memory.dmp

Filesize
4.0MB

Download
memory/2720-218-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-221-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/2720-222-0x0000000004110000-0x0000000004230000-memory.dmp

Filesize
1.1MB

Download
memory/2720-139-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/2720-140-0x0000000003240000-0x0000000003241000-memory.dmp

Filesize
4KB

Download
memory/2720-141-0x0000000000DE0000-0x0000000000F20000-memory.dmp

Filesize
1.2MB

Download
memory/5096-225-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/5096-201-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/5096-134-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download