168a2f285947d3c653a29ac89907f7b5aa4658bb72bdc0db5d72a4bf8368a119

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

108c0d520d6c8112acb5994f275e29b7.exe
Size

216KB
MD5

108c0d520d6c8112acb5994f275e29b7
SHA1

f6fef13c3a2ab54888839a5644038eb54eff5087
SHA256

168a2f285947d3c653a29ac89907f7b5aa4658bb72bdc0db5d72a4bf8368a119
SHA512

78ecb4b3ae452136b1a23698899868356bcb6124281df09f55380dc0b8647c3be605e842b27250fa7b32688a3cdc89f30affd985f14b7ca19a2d17e784fcb3e0
SSDEEP

6144:ILFWzBHT23oxyLSP8HZoWlzNL5Nzs7dnNmToQivTxXD7dWso:+wzNT2LG0H+Wd3O7dnNmT03dfo

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000600000001e5df-4.dat	acprotect
behavioral2/files/0x000600000001e5df-2.dat	acprotect
behavioral2/files/0x000600000001e5df-10.dat	acprotect

Loads dropped DLL 4 IoCs

pid	Process
4424	108c0d520d6c8112acb5994f275e29b7.exe
4424	108c0d520d6c8112acb5994f275e29b7.exe
1432	WerFault.exe
1432	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1432	4424	WerFault.exe	19

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4424	108c0d520d6c8112acb5994f275e29b7.exe

C:\Users\Admin\AppData\Local\Temp\108c0d520d6c8112acb5994f275e29b7.exe
"C:\Users\Admin\AppData\Local\Temp\108c0d520d6c8112acb5994f275e29b7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4424
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 796
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:1432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4424 -ip 4424
1⤵
PID:1400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\oii5294.tmp

Filesize
172KB

MD5
fe763c2d71419352141c77c310e600d2

SHA1
6bb51ebcbde9fe5556a74319b49bea37d5542d5e

SHA256
7fdf10ca02d2238e22fda18dfbede9750da9f257221802c8b86c557c19c9bc7b

SHA512
147b3a525b1fef98ae46923dcbe25edfcf7b523f347857466eefa88f09ec053ba309dfbee5f1454ec64aba0518ee21986c4b6a506f8550efb1163c8f04d7482c

Download Submit
C:\Users\Admin\AppData\Local\Temp\oii5294.tmp

Filesize
101KB

MD5
184120f618bc8ab2e3018734af70aee4

SHA1
c92012e444733132aa45576771701a8cfbbdc88a

SHA256
5f4983a122295ac726ff11411456fb0cad6b91d17ad645a2c2ce84eb5ffaadb5

SHA512
bc2b1fbfe22f1e9de0f89985b047fc366efd870d3013feed1375cceac140bd8a839858715ed819302e8b5ecb04441070eec97cbf0a307eebcb677d4b28c72fdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\oii5294.tmp

Filesize
116KB

MD5
be5d850fe8f8825e43d341557f0ab3c6

SHA1
dde8bc2ea11383632d0d85e34fd938fec920008d

SHA256
103560eb678d9e494971eda35f9f0f255cec5b0bf6e4b584e92636a2edea6bfc

SHA512
0ed5372f11c5a20e31f56c30ec036a91c4c99a837a2d0ae1f6e32174d9a67c2a1523baf37ca02e70d651dc2820070e72afc4d70308af76f30e0e274db1a97f50

Download Submit
memory/4424-0-0x0000000030000000-0x000000003000C000-memory.dmp

Filesize
48KB

Download
memory/4424-8-0x00000000009A0000-0x0000000000A13000-memory.dmp

Filesize
460KB

Download
memory/4424-7-0x00000000009A0000-0x0000000000A13000-memory.dmp

Filesize
460KB

Download
memory/4424-12-0x0000000030000000-0x000000003000C000-memory.dmp

Filesize
48KB

Download
memory/4424-11-0x00000000009A0000-0x0000000000A13000-memory.dmp

Filesize
460KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads