95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1.exe
Size

4.9MB
MD5

e6c3ff3ba0781711e06dc7ccbb325ef1
SHA1

86184178e649b82b436835d2c3f2dee676fdff25
SHA256

95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1
SHA512

fa38d9e461a83a9a5ce5a1b0ecf8bcac8c8045210937643f915a8f4d9a926ac595f876d6d5f0065e92d19d252e43d48279fa783432fdd475e34e685d3c0e9f7e
SSDEEP

98304:UBoaodDjleYqdwkLcHH6g0xZLZ4QowKGs8UU7p:U8DjYjARwxZUU7p

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0006000000016614-41.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
2412	95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1.exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2412-0-0x0000000010000000-0x000000001001E000-memory.dmp	upx
behavioral1/memory/2412-1-0x0000000010000000-0x000000001001E000-memory.dmp	upx
behavioral1/memory/2412-2-0x0000000000260000-0x000000000026B000-memory.dmp	upx
behavioral1/memory/2412-3-0x0000000000260000-0x000000000026B000-memory.dmp	upx
behavioral1/files/0x0006000000016614-41.dat	upx
behavioral1/memory/2412-43-0x00000000034E0000-0x000000000351D000-memory.dmp	upx
behavioral1/memory/2412-46-0x00000000034E0000-0x000000000351D000-memory.dmp	upx
behavioral1/memory/2412-45-0x00000000034E0000-0x000000000351D000-memory.dmp	upx
behavioral1/memory/2412-47-0x00000000034E0000-0x000000000351D000-memory.dmp	upx
behavioral1/memory/2412-48-0x00000000034E0000-0x000000000351D000-memory.dmp	upx
behavioral1/memory/2412-49-0x0000000010000000-0x000000001001E000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\sj.ini	95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2412	95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2412	95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1.exe
2412	95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2412	95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1.exe
2412	95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2412	95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1.exe
2412	95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1.exe
2412	95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1.exe
2412	95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1.exe

C:\Users\Admin\AppData\Local\Temp\95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1.exe
"C:\Users\Admin\AppData\Local\Temp\95aefa0439789bd82fb3dccc837950959b8ebaeff7afe61bfe1eeb5f919bf1d1.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Documents\Meng_Pro_Tool\sz.ini

Filesize
230B

MD5
2c4b67eee6760416c07a71c903bb4180

SHA1
6595f6f2960d9787bdabcb719102d1a206821f8c

SHA256
c73dd88b39b9481df145a5195838e73fe73bd7df665020ccbb7668833c1ffa8b

SHA512
36a14d5aebf2d44dc43044003e8ef933a8e4974c9bf6faae0eba5653ab4d314b51aac6686936ba89c7f899025e99332178c5ecef69a392661895227d96adb47a

Download Submit
\Users\Admin\AppData\Local\Temp\SkinH_EL.dll

Filesize
86KB

MD5
147127382e001f495d1842ee7a9e7912

SHA1
92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

SHA256
edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

SHA512
97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

Download Submit
memory/2412-0-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/2412-1-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/2412-2-0x0000000000260000-0x000000000026B000-memory.dmp

Filesize
44KB

Download
memory/2412-3-0x0000000000260000-0x000000000026B000-memory.dmp

Filesize
44KB

Download
memory/2412-43-0x00000000034E0000-0x000000000351D000-memory.dmp

Filesize
244KB

Download
memory/2412-46-0x00000000034E0000-0x000000000351D000-memory.dmp

Filesize
244KB

Download
memory/2412-45-0x00000000034E0000-0x000000000351D000-memory.dmp

Filesize
244KB

Download
memory/2412-47-0x00000000034E0000-0x000000000351D000-memory.dmp

Filesize
244KB

Download
memory/2412-48-0x00000000034E0000-0x000000000351D000-memory.dmp

Filesize
244KB

Download
memory/2412-49-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download