210208179e5b58d849558ed55409a45dbc276935a4da1b5e53ec4745c7eb831c

General

Target

11b33f7d609534d8b66f5a0822e4de3e.exe
Size

347KB
MD5

11b33f7d609534d8b66f5a0822e4de3e
SHA1

54cc7edad01925b04322dac8098c6dda87cefa06
SHA256

210208179e5b58d849558ed55409a45dbc276935a4da1b5e53ec4745c7eb831c
SHA512

5bcc15d139987691f797fc51e59bb7749ac605247137a56ed351404b01b07c34a4b7b09554a62485bd1194c13376c7442138f64fd33f1fd2d72806dda3100067
SSDEEP

3072:94URpNUUX6z/DBXJfo/wGP2z5hS9u5rO+IpemPQ+Qir+2v:94SUjhto00HemPJrv

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x00060000000231f1-17.dat	acprotect
behavioral2/memory/1692-252-0x0000000074460000-0x0000000074469000-memory.dmp	acprotect
behavioral2/memory/1692-32-0x0000000074460000-0x0000000074469000-memory.dmp	acprotect

Loads dropped DLL 16 IoCs

pid	Process
1692	11b33f7d609534d8b66f5a0822e4de3e.exe
1692	11b33f7d609534d8b66f5a0822e4de3e.exe
1692	11b33f7d609534d8b66f5a0822e4de3e.exe
1692	11b33f7d609534d8b66f5a0822e4de3e.exe
1692	11b33f7d609534d8b66f5a0822e4de3e.exe
1692	11b33f7d609534d8b66f5a0822e4de3e.exe
1692	11b33f7d609534d8b66f5a0822e4de3e.exe
1692	11b33f7d609534d8b66f5a0822e4de3e.exe
1692	11b33f7d609534d8b66f5a0822e4de3e.exe
1692	11b33f7d609534d8b66f5a0822e4de3e.exe
1692	11b33f7d609534d8b66f5a0822e4de3e.exe
1692	11b33f7d609534d8b66f5a0822e4de3e.exe
1692	11b33f7d609534d8b66f5a0822e4de3e.exe
1692	11b33f7d609534d8b66f5a0822e4de3e.exe
1692	11b33f7d609534d8b66f5a0822e4de3e.exe
1692	11b33f7d609534d8b66f5a0822e4de3e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00060000000231f1-17.dat	upx
behavioral2/memory/1692-252-0x0000000074460000-0x0000000074469000-memory.dmp	upx
behavioral2/memory/1692-32-0x0000000074460000-0x0000000074469000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\11b33f7d609534d8b66f5a0822e4de3e.exe
"C:\Users\Admin\AppData\Local\Temp\11b33f7d609534d8b66f5a0822e4de3e.exe"
1⤵
- Loads dropped DLL
PID:1692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsi41BD.tmp\InstallOptions.dll

Filesize
14KB

MD5
34466cab38abcbc09ffac768d526f896

SHA1
2684f5f6c2b005cba812fc8cc1157777554fa3a3

SHA256
8b4a1e7bf076c20240eb0a46cbdc8b835cfd89265fb78a3c1c5339ab820d2c1c

SHA512
5c6ae996a81f0fd9d3efe4e61c8683eb833cb203a476772c06eadb48e10e34d05a8fc2c837cf663dcc3a37713bd86694c8eb251868aa5bb42c4b21ba8c8e8fc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi41BD.tmp\c03lbdler.ini

Filesize
2KB

MD5
fa4f2b67eea58ecdb9987be32153c55b

SHA1
c23e409bd651673d0ec8cf279e37969e26332b30

SHA256
0b73011116b1a4b221067c92e3ad3a7947ce8d2f80dc557c5bd873a6eac9763a

SHA512
bf220e2bc0895e335ac098aef6a0947c9e97e5c1b8892dbed8732bb1caf99fd486d92597b7157552da476d4cb878a9fa199ceedde7339421f6fcf42d4dad1c30

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi41BD.tmp\c03lbdler.ini

Filesize
2KB

MD5
4c559c6008c9fb28c1336ad5e0ef524a

SHA1
39362af532c55342393e8a3d513bf64f5339ca3f

SHA256
52c210bdda8e3872ccd5a4e30eb4eb28cb280ad566da7944d43518ded0743716

SHA512
a0b1f002c032b82306d66896602ba0f37f42c94a9588ba8c0ad6149bd46b106d4ef768cc03817f284f22f916ef7d32fab4af9f078f0e0d8954d6b5f3dd2d2382

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi41BD.tmp\nsResize.dll

Filesize
4KB

MD5
aa849e7407cf349021812f62c001e097

SHA1
4cbb55b1d1dd95dcb7a36b5a44121ad4934539af

SHA256
29b0e5792679756a79d501e3a9b317971b08e876fac1c2476180d0ae83b77ba5

SHA512
4556baa49e8182d72e29e8d809635312142eb127039f5803ca0bf011b4359f0b584a670a3bd26a9969165a332cfa14a39abeaeae0b4d90519f91fdea755c54de

Download Submit
memory/1692-77-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-262-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-260-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-259-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-258-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-257-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-256-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-253-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-252-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-251-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-254-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-32-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-255-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-261-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-265-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-273-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-274-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-272-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-271-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-269-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-270-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-268-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-267-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-266-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-264-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-263-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download
memory/1692-275-0x0000000074460000-0x0000000074469000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing