ac141d90b8c87e3abee8e33473744cae18761af96f4c47b26fd82626fb47bab6

Analysis

max time kernel
12s
max time network
45s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2023, 00:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

5.6MB
MD5

42d86fc1745372f3fa422c96f971f0d9
SHA1

a973dd4c101c7431db454a16089630107a20cddb
SHA256

c691db6fc4a9c15152cab44d50d2b7c708caff6235f31c5f43b4da991754607f
SHA512

14e33495532477a3b84b1460bef74a1d00c9725d4b022af2c72309c29003aa747a6c76d3136c6d66cf9290bc346a24978ccd70195efc2fcf35cb3a53f626e52f
SSDEEP

98304:lchosW9bfA8CL5k5p8t1wyyAn9/kLJiF7aAR4XzL+v1nmuGubCGfBFRHesU288:m6ZCL65p8n6S9/SCuXzL+pDTCEJT

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral4/files/0x0006000000023083-27.dat	acprotect
behavioral4/files/0x0006000000023083-29.dat	acprotect
behavioral4/files/0x0006000000023082-38.dat	acprotect
behavioral4/files/0x0006000000023082-40.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
4616	setup.tmp

Loads dropped DLL 7 IoCs

pid	Process
4616	setup.tmp
4616	setup.tmp
4616	setup.tmp
4616	setup.tmp
4616	setup.tmp
4616	setup.tmp
4616	setup.tmp

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral4/files/0x0006000000023083-27.dat	upx
behavioral4/memory/4616-32-0x0000000007330000-0x000000000733D000-memory.dmp	upx
behavioral4/files/0x0006000000023083-29.dat	upx
behavioral4/files/0x0006000000023082-38.dat	upx
behavioral4/files/0x0006000000023082-40.dat	upx
behavioral4/memory/4616-41-0x00000000097B0000-0x00000000097E1000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 4616	2024	setup.exe	87
PID 2024 wrote to memory of 4616	2024	setup.exe	87
PID 2024 wrote to memory of 4616	2024	setup.exe	87

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Users\Admin\AppData\Local\Temp\is-D50DV.tmp\setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-D50DV.tmp\setup.tmp" /SL5="$110042,5479705,342016,C:\Users\Admin\AppData\Local\Temp\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-D50DV.tmp\setup.tmp

Filesize
1.2MB

MD5
4d898b298268c7da3648a0ae31fa9226

SHA1
b52081c70c0165da6bf9284994269968f841bace

SHA256
cbbe81471d4a2bae96fdb7fd2e22001e72e1fd650e369fe779a03e7de61e5860

SHA512
a19b2daf6caf486f6e445b7491f3d0d658d106bc549612b3251e274fe8254d5cc468ebd225dc265658c47e62e7c30e5fa5e265fa1b8a91444c370c790084da28

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D50DV.tmp\setup.tmp

Filesize
1.2MB

MD5
4d898b298268c7da3648a0ae31fa9226

SHA1
b52081c70c0165da6bf9284994269968f841bace

SHA256
cbbe81471d4a2bae96fdb7fd2e22001e72e1fd650e369fe779a03e7de61e5860

SHA512
a19b2daf6caf486f6e445b7491f3d0d658d106bc549612b3251e274fe8254d5cc468ebd225dc265658c47e62e7c30e5fa5e265fa1b8a91444c370c790084da28

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-P6HHF.tmp\CallbackCtrl.dll

Filesize
4KB

MD5
f07e819ba2e46a897cfabf816d7557b2

SHA1
8d5fd0a741dd3fd84650e40dd3928ae1f15323cc

SHA256
68f42a7823ed7ee88a5c59020ac52d4bbcadf1036611e96e470d986c8faa172d

SHA512
7ed26d41ead2ace0b5379639474d319af9a3e4ed2dd9795c018f8c5b9b533fd36bfc1713a1f871789bf14884d186fd0559939de511dde24673b0515165d405af

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-P6HHF.tmp\ISDone.dll

Filesize
446KB

MD5
dce6d68da86f44ba0cb70fa7718e2e84

SHA1
58cd39196abfc70b5b9bcc964f41a21024a61480

SHA256
b9bdc4a0309aa47613a7b5a680c55839aa7ba28e28f96e6b9316d4d5fe1dbe9d

SHA512
bd2f559640b63a46e15a2af90719c10e53e1c30020685163ed6b3bb669197d20d5dd76c7fd1052cf0841e3e1fdbd5a365a4bdb519d2f8fcad9122e77d923e8d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-P6HHF.tmp\ISDone.dll

Filesize
446KB

MD5
dce6d68da86f44ba0cb70fa7718e2e84

SHA1
58cd39196abfc70b5b9bcc964f41a21024a61480

SHA256
b9bdc4a0309aa47613a7b5a680c55839aa7ba28e28f96e6b9316d4d5fe1dbe9d

SHA512
bd2f559640b63a46e15a2af90719c10e53e1c30020685163ed6b3bb669197d20d5dd76c7fd1052cf0841e3e1fdbd5a365a4bdb519d2f8fcad9122e77d923e8d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-P6HHF.tmp\Tools.dll

Filesize
11KB

MD5
b25e31e4d5a5fa0d99995f050f512b99

SHA1
9c34601cb7b75ec46041fb3fa9cd9f226f5132fd

SHA256
8d432f7a17752e1f9f7e9536e69dce06fce38a5c001ce61455f38de5f88614c9

SHA512
35b8b0f201e7d54d899b3f619363f3e23a6826ae16fe11cbf08f771ba8238772b23965195c75614ca912aaa423974787ef09138b9d0a6b01ac92720acc5dffaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-P6HHF.tmp\Tools.dll

Filesize
11KB

MD5
b25e31e4d5a5fa0d99995f050f512b99

SHA1
9c34601cb7b75ec46041fb3fa9cd9f226f5132fd

SHA256
8d432f7a17752e1f9f7e9536e69dce06fce38a5c001ce61455f38de5f88614c9

SHA512
35b8b0f201e7d54d899b3f619363f3e23a6826ae16fe11cbf08f771ba8238772b23965195c75614ca912aaa423974787ef09138b9d0a6b01ac92720acc5dffaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-P6HHF.tmp\isgsg.dll

Filesize
34KB

MD5
09974eaff6defadde38b1328754dbe09

SHA1
001cfb5514444188e455b97acc369f037079ca9d

SHA256
9eeef28d82fc4db7d1269dfbc0ea282768ce5e2e4e4bdc867d80d6847468dca7

SHA512
da29b01ebebb454c004420c6b29bb8dca9fb50554a7a5db30035a5ec458d766049bf5502f708bf7eb210a4f9cbdb308cc0c8dcdad9f745b01a9e4f1455bbc846

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-P6HHF.tmp\isgsg.dll

Filesize
34KB

MD5
09974eaff6defadde38b1328754dbe09

SHA1
001cfb5514444188e455b97acc369f037079ca9d

SHA256
9eeef28d82fc4db7d1269dfbc0ea282768ce5e2e4e4bdc867d80d6847468dca7

SHA512
da29b01ebebb454c004420c6b29bb8dca9fb50554a7a5db30035a5ec458d766049bf5502f708bf7eb210a4f9cbdb308cc0c8dcdad9f745b01a9e4f1455bbc846

Download Submit
memory/2024-1-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2024-43-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4616-7-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/4616-32-0x0000000007330000-0x000000000733D000-memory.dmp

Filesize
52KB

Download
memory/4616-41-0x00000000097B0000-0x00000000097E1000-memory.dmp

Filesize
196KB

Download
memory/4616-21-0x00000000072B0000-0x0000000007326000-memory.dmp

Filesize
472KB

Download