db8cea6eccd255f147fb32362503ff76401cfd112e2124a3797d56a45e746fa3

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
30/08/2023, 21:08

Target

db8cea6eccd255f147fb32362503ff76401cfd112e2124a3797d56a45e746fa3.exe
Size

1.9MB
MD5

5870478eb370a28d6720308419cb3947
SHA1

2b8bcd265f956f8e1880867f3b5f9bd59c443968
SHA256

db8cea6eccd255f147fb32362503ff76401cfd112e2124a3797d56a45e746fa3
SHA512

31ac08756f46682812a79a56fad468696d5d3739a3011efab8a496e2d0cea1eabe22b9a5e561452626d8a1b49f772f07c885e711c20793df417e3b4a10bcd965
SSDEEP

49152:VXIyls4BMEg9WCsVb6KUpZ+hDg1F2d6n4Od:u4s4BM15SbWf+YFCE4k

Score

7^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0009000000012024-1.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
1480	db8cea6eccd255f147fb32362503ff76401cfd112e2124a3797d56a45e746fa3.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0009000000012024-1.dat	upx
behavioral1/memory/1480-4-0x0000000003070000-0x00000000031E6000-memory.dmp	upx
behavioral1/memory/1480-8-0x0000000003070000-0x00000000031E6000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1480	db8cea6eccd255f147fb32362503ff76401cfd112e2124a3797d56a45e746fa3.exe
Token: SeIncBasePriorityPrivilege	1480	db8cea6eccd255f147fb32362503ff76401cfd112e2124a3797d56a45e746fa3.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1480	db8cea6eccd255f147fb32362503ff76401cfd112e2124a3797d56a45e746fa3.exe
1480	db8cea6eccd255f147fb32362503ff76401cfd112e2124a3797d56a45e746fa3.exe

\Users\Admin\AppData\Local\Temp\dm.dll

Filesize
804KB

MD5
c578b6820bda5689940560147c6e5ffc

SHA1
922e50d89c9c44bdc205ef17aa57212b64e58852

SHA256
3b6ddc32b800a18b21a819e842cbfdd57cb065fd92cc69545e0ef29b97cfd389

SHA512
9f2a1bb5788ad245242d12968bbf198af2694a87c6e2342f14672e8c14e8489dd3319434592fc9b20f620557d0fa58482903d19c7f5ba32456a1e4076dc1bb85

Download Submit
memory/1480-3-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download
memory/1480-4-0x0000000003070000-0x00000000031E6000-memory.dmp

Filesize
1.5MB

Download
memory/1480-6-0x00000000756C0000-0x000000007574F000-memory.dmp

Filesize
572KB

Download
memory/1480-7-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download
memory/1480-8-0x0000000003070000-0x00000000031E6000-memory.dmp

Filesize
1.5MB

Download