beb837e8832f27dacfd3719cf617310f1b9e74badbfca8705ecafce3ed5e6a33

Analysis

max time kernel
158s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

888 RAT 1.0.9.exe
Size

22.0MB
MD5

32004e656640aad1672f0ee98434bc3c
SHA1

d665b4e03e9d75f87079d65cff791147b7ee6e4f
SHA256

beb837e8832f27dacfd3719cf617310f1b9e74badbfca8705ecafce3ed5e6a33
SHA512

1cd55008d6352469a937f168d6d72cfd202d81c24a6be4c6256a4c73c576577aefe8da912c5cb09e12f12a58e46f99381fa9834b58bc356e0c530908b236785f
SSDEEP

393216:TufwMCigvYFChWbRT5OV7lAUl+9o0okMLeDuq3+QAk5ubWWBwBvJ5wV:aXZgvYYhQDOVPl+9l2+OZuhQwR/

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\autBC6F.tmp	acprotect
C:\Users\Admin\AppData\Local\Temp\skin.dll	acprotect

Loads dropped DLL 3 IoCs

Processes:

888 RAT 1.0.9.exe

pid process

1144 888 RAT 1.0.9.exe
1144 888 RAT 1.0.9.exe
1144 888 RAT 1.0.9.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\autBC6F.tmp	upx
C:\Users\Admin\AppData\Local\Temp\skin.dll	upx
behavioral2/memory/1144-37-0x0000000010000000-0x00000000100BB000-memory.dmp	upx
behavioral2/memory/1144-57-0x0000000010000000-0x00000000100BB000-memory.dmp	upx
behavioral2/memory/1144-130-0x0000000010000000-0x00000000100BB000-memory.dmp	upx

AutoIT Executable 10 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
behavioral2/memory/1144-43-0x0000000000F90000-0x0000000002597000-memory.dmp	autoit_exe
behavioral2/memory/1144-45-0x0000000000F90000-0x0000000002597000-memory.dmp	autoit_exe
behavioral2/memory/1144-48-0x0000000000F90000-0x0000000002597000-memory.dmp	autoit_exe
behavioral2/memory/1144-51-0x0000000000F90000-0x0000000002597000-memory.dmp	autoit_exe
behavioral2/memory/1144-54-0x0000000000F90000-0x0000000002597000-memory.dmp	autoit_exe
behavioral2/memory/1144-62-0x0000000000F90000-0x0000000002597000-memory.dmp	autoit_exe
behavioral2/memory/1144-70-0x0000000000F90000-0x0000000002597000-memory.dmp	autoit_exe
behavioral2/memory/1144-81-0x0000000000F90000-0x0000000002597000-memory.dmp	autoit_exe
behavioral2/memory/1144-87-0x0000000000F90000-0x0000000002597000-memory.dmp	autoit_exe
behavioral2/memory/1144-95-0x0000000000F90000-0x0000000002597000-memory.dmp	autoit_exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

888 RAT 1.0.9.exe

pid process

1144 888 RAT 1.0.9.exe
1144 888 RAT 1.0.9.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

888 RAT 1.0.9.exe

pid process

1144 888 RAT 1.0.9.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

888 RAT 1.0.9.exe

pid	process
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

888 RAT 1.0.9.exe

pid	process
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe
1144	888 RAT 1.0.9.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

888 RAT 1.0.9.exe

pid process

1144 888 RAT 1.0.9.exe

C:\Users\Admin\AppData\Local\Temp\888 RAT 1.0.9.exe
"C:\Users\Admin\AppData\Local\Temp\888 RAT 1.0.9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\autBC6F.tmp
Filesize
143KB

MD5
65698140a9ee0eae6866f5cbfc7875a5

SHA1
1b28a0fa3a76554d5e51d3969c9635e273eca846

SHA256
f9b2aeb3739dbaf71810906cbfec64610198f8daff8ebe11f0bce02921ae4d1d

SHA512
afe38fe139d3399d0a6909fa81bd3287b8f3e8b4efee383b76e63fc18719dc0d983741402c18bfc986d81f4754157fd58d7947fb0dfec9794635a7fc486aa8e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\skin.888ww.msstyles
Filesize
1.4MB

MD5
ce691d60d3d0ba3735bde01e861be8db

SHA1
7f15e7354524e332c2d5a2b200ba73bd38798ce0

SHA256
830cfabaeef2915c0d75f0061456f7345ab3786345cf7d6b7bd34f807e1614de

SHA512
e2e59e830fafcee8072325693ee95d5dc618c88092bb7b6ed65e671f3d78e41790354d9b5fd3a23df1e6b70aa19b7a28464a83fafb4c68ad54b0b83ac27b83e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\skin.888ww.msstyles
Filesize
1017KB

MD5
3bdcfdfc49edcfd7a044f184a643bb62

SHA1
6a0b422543cd4cd40a65dc111cb8b21b3b13ef27

SHA256
f34b150309d9b6eb5c3047328d88e37dba25c2affae52054a7b8a1cefc7fe8ec

SHA512
e523331595504805961c631d61571e7b8c4c10a998427be5944ece008c749dbd62c0ba26c46c6722865f0b4c4d8340800d2073e9a10e00db50d0a00cb652a02b

Download Submit
C:\Users\Admin\AppData\Local\Temp\skin.dll
Filesize
239KB

MD5
bc8a6f4d28474d90a687ed00a9b5b60f

SHA1
c8a4c0816e2fc3d728f1a715ac6190b66f027e3a

SHA256
b78c160c882d08f98bc209dd2722b4f01290dd46a19e0be70d21473dae1c8ff2

SHA512
b90c9bcbfb08b1d63cd6066869896bbb13cfef15a6f30483e31868aca5b3c29150e71984ba3d07ba91da81d47a9d2dd29917851ec5bb04f8f463df113502078f

Download Submit
memory/1144-37-0x0000000010000000-0x00000000100BB000-memory.dmp

Filesize
748KB

Download
memory/1144-43-0x0000000000F90000-0x0000000002597000-memory.dmp

Filesize
22.0MB

Download
memory/1144-44-0x0000000076390000-0x000000007640A000-memory.dmp

Filesize
488KB

Download
memory/1144-45-0x0000000000F90000-0x0000000002597000-memory.dmp

Filesize
22.0MB

Download
memory/1144-46-0x0000000076390000-0x000000007640A000-memory.dmp

Filesize
488KB

Download
memory/1144-47-0x0000000076390000-0x000000007640A000-memory.dmp

Filesize
488KB

Download
memory/1144-48-0x0000000000F90000-0x0000000002597000-memory.dmp

Filesize
22.0MB

Download
memory/1144-49-0x0000000076390000-0x000000007640A000-memory.dmp

Filesize
488KB

Download
memory/1144-50-0x0000000076E10000-0x0000000076E35000-memory.dmp

Filesize
148KB

Download
memory/1144-51-0x0000000000F90000-0x0000000002597000-memory.dmp

Filesize
22.0MB

Download
memory/1144-52-0x0000000076390000-0x000000007640A000-memory.dmp

Filesize
488KB

Download
memory/1144-53-0x0000000076E10000-0x0000000076E35000-memory.dmp

Filesize
148KB

Download
memory/1144-54-0x0000000000F90000-0x0000000002597000-memory.dmp

Filesize
22.0MB

Download
memory/1144-55-0x0000000076E10000-0x0000000076E35000-memory.dmp

Filesize
148KB

Download
memory/1144-57-0x0000000010000000-0x00000000100BB000-memory.dmp

Filesize
748KB

Download
memory/1144-56-0x0000000076410000-0x00000000764BF000-memory.dmp

Filesize
700KB

Download
memory/1144-58-0x0000000075620000-0x0000000075BD3000-memory.dmp

Filesize
5.7MB

Download
memory/1144-60-0x0000000075310000-0x0000000075520000-memory.dmp

Filesize
2.1MB

Download
memory/1144-61-0x0000000076690000-0x0000000076773000-memory.dmp

Filesize
908KB

Download
memory/1144-62-0x0000000000F90000-0x0000000002597000-memory.dmp

Filesize
22.0MB

Download
memory/1144-63-0x00000000762B0000-0x000000007638C000-memory.dmp

Filesize
880KB

Download
memory/1144-64-0x0000000076410000-0x00000000764BF000-memory.dmp

Filesize
700KB

Download
memory/1144-65-0x0000000075620000-0x0000000075BD3000-memory.dmp

Filesize
5.7MB

Download
memory/1144-69-0x00000000771B0000-0x0000000077283000-memory.dmp

Filesize
844KB

Download
memory/1144-68-0x0000000074DB0000-0x0000000074E24000-memory.dmp

Filesize
464KB

Download
memory/1144-67-0x0000000076690000-0x0000000076773000-memory.dmp

Filesize
908KB

Download
memory/1144-66-0x0000000075310000-0x0000000075520000-memory.dmp

Filesize
2.1MB

Download
memory/1144-71-0x0000000076410000-0x00000000764BF000-memory.dmp

Filesize
700KB

Download
memory/1144-70-0x0000000000F90000-0x0000000002597000-memory.dmp

Filesize
22.0MB

Download
memory/1144-72-0x0000000075620000-0x0000000075BD3000-memory.dmp

Filesize
5.7MB

Download
memory/1144-74-0x0000000074DB0000-0x0000000074E24000-memory.dmp

Filesize
464KB

Download
memory/1144-73-0x0000000075310000-0x0000000075520000-memory.dmp

Filesize
2.1MB

Download
memory/1144-75-0x0000000076410000-0x00000000764BF000-memory.dmp

Filesize
700KB

Download
memory/1144-76-0x0000000075620000-0x0000000075BD3000-memory.dmp

Filesize
5.7MB

Download
memory/1144-77-0x0000000075310000-0x0000000075520000-memory.dmp

Filesize
2.1MB

Download
memory/1144-78-0x0000000074DB0000-0x0000000074E24000-memory.dmp

Filesize
464KB

Download
memory/1144-79-0x0000000076E10000-0x0000000076E35000-memory.dmp

Filesize
148KB

Download
memory/1144-80-0x00000000771B0000-0x0000000077283000-memory.dmp

Filesize
844KB

Download
memory/1144-81-0x0000000000F90000-0x0000000002597000-memory.dmp

Filesize
22.0MB

Download
memory/1144-82-0x0000000076410000-0x00000000764BF000-memory.dmp

Filesize
700KB

Download
memory/1144-84-0x0000000075310000-0x0000000075520000-memory.dmp

Filesize
2.1MB

Download
memory/1144-83-0x0000000075620000-0x0000000075BD3000-memory.dmp

Filesize
5.7MB

Download
memory/1144-85-0x0000000074DB0000-0x0000000074E24000-memory.dmp

Filesize
464KB

Download
memory/1144-86-0x00000000771B0000-0x0000000077283000-memory.dmp

Filesize
844KB

Download
memory/1144-88-0x00000000762B0000-0x000000007638C000-memory.dmp

Filesize
880KB

Download
memory/1144-90-0x0000000075620000-0x0000000075BD3000-memory.dmp

Filesize
5.7MB

Download
memory/1144-92-0x0000000076690000-0x0000000076773000-memory.dmp

Filesize
908KB

Download
memory/1144-94-0x00000000771B0000-0x0000000077283000-memory.dmp

Filesize
844KB

Download
memory/1144-93-0x0000000074DB0000-0x0000000074E24000-memory.dmp

Filesize
464KB

Download
memory/1144-91-0x0000000075310000-0x0000000075520000-memory.dmp

Filesize
2.1MB

Download
memory/1144-89-0x0000000076410000-0x00000000764BF000-memory.dmp

Filesize
700KB

Download
memory/1144-87-0x0000000000F90000-0x0000000002597000-memory.dmp

Filesize
22.0MB

Download
memory/1144-95-0x0000000000F90000-0x0000000002597000-memory.dmp

Filesize
22.0MB

Download
memory/1144-97-0x0000000075310000-0x0000000075520000-memory.dmp

Filesize
2.1MB

Download
memory/1144-96-0x0000000075620000-0x0000000075BD3000-memory.dmp

Filesize
5.7MB

Download
memory/1144-99-0x0000000075310000-0x0000000075520000-memory.dmp

Filesize
2.1MB

Download
memory/1144-101-0x0000000075310000-0x0000000075520000-memory.dmp

Filesize
2.1MB

Download
memory/1144-102-0x0000000075620000-0x0000000075BD3000-memory.dmp

Filesize
5.7MB

Download
memory/1144-100-0x0000000075620000-0x0000000075BD3000-memory.dmp

Filesize
5.7MB

Download
memory/1144-103-0x0000000075310000-0x0000000075520000-memory.dmp

Filesize
2.1MB

Download
memory/1144-104-0x0000000075310000-0x0000000075520000-memory.dmp

Filesize
2.1MB

Download
memory/1144-98-0x0000000075620000-0x0000000075BD3000-memory.dmp

Filesize
5.7MB

Download
memory/1144-106-0x0000000074DB0000-0x0000000074E24000-memory.dmp

Filesize
464KB

Download
memory/1144-105-0x0000000075620000-0x0000000075BD3000-memory.dmp

Filesize
5.7MB

Download
memory/1144-130-0x0000000010000000-0x00000000100BB000-memory.dmp

Filesize
748KB

Download