15b419fb5e65e9af292edd0a28573ba3b80397d5cbba50b7d3e336d9dcdd51fd

Analysis

max time kernel
146s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00b055896c1b802c7abcccc1943e6eeb.exe
Size

20.0MB
MD5

00b055896c1b802c7abcccc1943e6eeb
SHA1

ed34da1c176016659b0d850a58608c52d7b67ddf
SHA256

15b419fb5e65e9af292edd0a28573ba3b80397d5cbba50b7d3e336d9dcdd51fd
SHA512

5c5d3eda6f02562de5844b4d4077407425a5ff9e284aeb92dd188d688c927bc179611e12f364d31c8468c4f0f1684feba60989bd4c4d697ecea1081b46736de8
SSDEEP

393216:simdhqnnXKWKobG/XHA4bw87GAsx7Y07NeDohVn9fJiHrlJ7mqQsv:simdhqnrjy3/bw87G97goB8HrlMq1v

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0032000000015609-25.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
2260	00b055896c1b802c7abcccc1943e6eeb.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2260-30-0x00000000039D0000-0x0000000003A2B000-memory.dmp	upx
behavioral1/files/0x0032000000015609-25.dat	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2088 set thread context of 2260	2088	00b055896c1b802c7abcccc1943e6eeb.exe	28

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	00b055896c1b802c7abcccc1943e6eeb.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2260	00b055896c1b802c7abcccc1943e6eeb.exe
2260	00b055896c1b802c7abcccc1943e6eeb.exe
2260	00b055896c1b802c7abcccc1943e6eeb.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2260	2088	00b055896c1b802c7abcccc1943e6eeb.exe	28
PID 2088 wrote to memory of 2260	2088	00b055896c1b802c7abcccc1943e6eeb.exe	28
PID 2088 wrote to memory of 2260	2088	00b055896c1b802c7abcccc1943e6eeb.exe	28
PID 2088 wrote to memory of 2260	2088	00b055896c1b802c7abcccc1943e6eeb.exe	28
PID 2088 wrote to memory of 2260	2088	00b055896c1b802c7abcccc1943e6eeb.exe	28
PID 2088 wrote to memory of 2260	2088	00b055896c1b802c7abcccc1943e6eeb.exe	28
PID 2088 wrote to memory of 2260	2088	00b055896c1b802c7abcccc1943e6eeb.exe	28
PID 2088 wrote to memory of 2260	2088	00b055896c1b802c7abcccc1943e6eeb.exe	28
PID 2088 wrote to memory of 2260	2088	00b055896c1b802c7abcccc1943e6eeb.exe	28
PID 2088 wrote to memory of 2260	2088	00b055896c1b802c7abcccc1943e6eeb.exe	28
PID 2088 wrote to memory of 2260	2088	00b055896c1b802c7abcccc1943e6eeb.exe	28
PID 2088 wrote to memory of 2260	2088	00b055896c1b802c7abcccc1943e6eeb.exe	28

C:\Users\Admin\AppData\Local\Temp\00b055896c1b802c7abcccc1943e6eeb.exe
"C:\Users\Admin\AppData\Local\Temp\00b055896c1b802c7abcccc1943e6eeb.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Users\Admin\AppData\Local\Temp\00b055896c1b802c7abcccc1943e6eeb.exe
  start
  2⤵
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\css\style.css

Filesize
3KB

MD5
9a969031c1e96727c8650fef37a53cdb

SHA1
671a7f5d3e8237baaab292815c79586c71e15651

SHA256
5d683af7489a872c1e287c866ec7cda1121c9b883747b5b154cf81d611a64282

SHA512
d4e5d8733dfd9ecce5431c2f28f508d38451b25392ecc019be308aa2287a0cc4c0d69914a6f6b9c1b0d1445c83925135bddc041bfa2913cf89106f57c6ef0a17

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\images\bg.jpg

Filesize
26KB

MD5
902fdc00184228d21be617cb7b1682f9

SHA1
05f4d46a77a1d7e297ce54e740a9a36ebb56b5ee

SHA256
69eea331645ba99d309ec0de124e84a30d16fae6025e1d83ce758fd80a5fe57c

SHA512
e72e729f2f77c4133806a8a138662dc7aff0936e5b4c5fd683e4813718d06555d0bcd9cebdf48d410c7a641d5f92f56b4d1e41fb0ea8da5f3726fb6d3c8fbb59

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\images\btn_agree.jpg

Filesize
1KB

MD5
3e5745a6ae5131b5e581911ddd8f16b1

SHA1
cc5c59db13912371a84ef258fd856f02395cfaf7

SHA256
1a4ab196bdf0fdea67d8dc4b76bcd3e4a70c883671a7338389e552eb2d7fb3db

SHA512
4094ad59350c334070ba1c446883d54a1c6c63535b565317082c7c90163986868a21e4e92257b43e436b4fef52652a04c04b6691a2b384135aacf544f92615af

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\images\btn_cancel.jpg

Filesize
1KB

MD5
d8935c7b2302e56405a0dab12657141c

SHA1
8c08cc8c1d0e4500a9ce8d8a4741f793f0aec2a8

SHA256
0d6e29f46ebdfa9980994050947d3db1e001fae7079fd50e303c9962daccc6bc

SHA512
0e5aabad921a854e0a3ecd9da8c0d6d21f1ba033ad5a556d6190242bd09776db0a7532a797810e99f372285627462d62f81226f1b63ed185635867b7a50476ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\images\btn_no.gif

Filesize
1KB

MD5
5fcafaa7cb0fa03dba0da06cb02c582e

SHA1
b07dd6ac0d46b12903c6fdb6c4309c14091dd15a

SHA256
b5fa8d837f4890ee0f462f49ad9b5d2e98e16252fd78e7b592e39c6469578fe1

SHA512
697c56c17beeca333669bb2dbaf6154988b893cf4af8c0c74a9d669450821a1ba638f50d17f8688507076a226171665a07bfd681e360b2316baa0779f00a835c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\images\btn_yes.gif

Filesize
1KB

MD5
9c33d509d22ed902025292bf64cca135

SHA1
c4fc13d60dd0a8d8627372e73eedc46cb26c15a6

SHA256
4b76606172180ef9a22882c09fbd6ce1cecba79b089ada5b014f522e899841de

SHA512
06230b8a548b55834174feb907190831b370f2733beecebf07e173c0c04bcc833730f55a2633c9e9818a6b5a60861615dc23e3e64e6903a846d85c509be8f6db

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\images\close_box.jpg

Filesize
4KB

MD5
58c2a7f0aebbc44875f9e63a48d2755b

SHA1
2011818d76a7a7a6495a0c09db6806ab9a25f439

SHA256
a65b3703e3166b24c18fe2e77decd7d7ab01941df5bc91d82f733bc2360690d9

SHA512
9b6190f8ab990c19c6c1797c788843c8d84d275d4091453117d55798cc1866d1c2da5cede9c5bf155b1ca51165f8694d4cfb38a4efaf751c356c3de9fd1faf45

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\images\hd_welcome_1.gif

Filesize
5KB

MD5
9998e9a9f1d8ac1c0dca117b97ac6528

SHA1
cb4e2e75f5e7aeaa9b0011190e85a79545c050e6

SHA256
31fc342ed08077a7acec6998c8d0173bd5c3b9f3de8c3049b1b0a712189bc1a3

SHA512
7b21e1ab9b2d9fc387211342c3012862a1562a91860400e48569d2b9fd544029c28789b9e019ff015722e7822fa1d38f383d4ce5f0d2155801dfd76b0649eaf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\images\hd_welcome_2.gif

Filesize
2KB

MD5
64b02ae21c99465aa715ec2fe0e3a622

SHA1
8e68aa97d15ac7def625a0a3da798dac5385d337

SHA256
d4b11e03d4bc6a692fdf8a84dc0c2ef8bcffde9cbe9cd77927492469f406eb8d

SHA512
c3f9b6b0e2401214357c5165ccd0345cd4c0b5163ea0eb0a0a1cbc5b548e872732d39933ea742887cdc99b8eb1761ca42a1c39c42c6f88b3d451589a53db07af

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\images\pb_empty.gif

Filesize
108B

MD5
b9fe1b9787bf90705e3a65ccbcb76225

SHA1
9ff3c5214988f671cfc555eac04cfebf36c1a783

SHA256
d0dccd5edd4dca9cfa1f342fd1e503f00233d77c8d8effe8666eafbbf696ea46

SHA512
2fab452c208cf9bbb37696e6c3ccc585a6017b6fb1edb417cde35afcbc9f8cf984c798bde4b2250c70af711e639f6ad9c07efd7dc377f148374094572f880209

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\images\pb_empty_left.gif

Filesize
649B

MD5
f96734075956cbecd7e6a4eea0346111

SHA1
8396569a3d108ecc418d2ce59027d091972451ea

SHA256
cbfc26c94142dc2358b526297bec8a6a23bc07577a834f0125094c5b094ac0c3

SHA512
16fe60d428c9ac0bf0c2915965b23d7378090c90782dfa24c56ede40dbd8f71e3cf9a5ac5bcabaf7485472d82a53c50ca256a326df49c20db4b3b90ca6c97992

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\images\pb_empty_right.gif

Filesize
654B

MD5
e745a1720c00f252036adb261504cdb3

SHA1
c63ebea349b18aab0f8ed2846a982e378001d01a

SHA256
b0608db726509cb656996a7fbeda8a9d40695258143a0f2ef74c79606c6cfeee

SHA512
541f7d6adaceac0b01d5238c60a694a81d67718ebabce53003213d7dffb58f4276e49d8f5eb61cdb518c3d493af861fc813d6b981b8213341003f0f702b4b2a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\images\pb_fill.gif

Filesize
107B

MD5
8ac2fe234a23cd9fa69f9e616eff5444

SHA1
986149735adf362a453242b62aad468cb1a075bc

SHA256
d3b38a34d30af14c45f59748e49a1f9c175bfacb7947acc103ee1228fcced300

SHA512
cb675702fcbc1e189b440ec73ecf23ed090bd43bd5c79437802f62bc9f1dd0629431572ae7eb5c088be3ae0274ee6266a49a489c29fbf274e90e0b50840ff0a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\images\pb_fill_left.gif

Filesize
764B

MD5
758e51004b82bb29c7d086113ed2ac6a

SHA1
9290a10d03bc5171b87ac12e16254453ba1e2321

SHA256
6b9d9517c0b1f4695c2a4526bc01f2c834d7bf367d719a57f4e3874635a3744b

SHA512
7cc83865ae261fc52e837fabda001b48c2944d7b8e262039f9aa5b5ac544a6f2a969abd1801c4aa24c71dd13864b0f63955bde26023b5e24356ee57e8f08bb75

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\images\pb_fill_right.gif

Filesize
764B

MD5
15411de89fedd57429f2198b4169c0a9

SHA1
df145c5df1f8c8d22f57eaafb907c697602a604d

SHA256
67c091b74fc2ef3d904b8f0f81c1dfe65407b7e9de3ad584c88ac9b7123bbb37

SHA512
efd4a62a713310ef1b717b11f28d80979f3891f497fbf564873ffcf65595257d349e9c882f814a51ea17194f32213b5a7e27f9620c99448045cdd93c68b5d4a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\jquery.min.js

Filesize
86KB

MD5
27a81fb3dd0c420a2ac38fd600349ca3

SHA1
a2696f26dff68c602a93e5340fde360d7063d95d

SHA256
c540d01c83b80ec800c0bcb2c7e95bcf8e45adf7dc38db6d834a0ae35f6123d9

SHA512
da107fdaf05e5d1caede11e5af265078959f8959ce2175a47f9660a1b74225a47e2c2ec8c2f3f864c993b9e3967f1972956b03078e56805bd1033ed12cb09bef

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\page.html

Filesize
2KB

MD5
01f34c5c65ee9df6849088894a464378

SHA1
d235c7406728b7b94322f8e9626999d2625b1911

SHA256
6341233bccdbbab7b7003e93da2533e486bbb7acb0dfd91bfca7a7361a5f298c

SHA512
70535309dadb3ee232c04bb62702db6f3cc48bdf02652449d7e1798a8db6d9a158a5c960d0ddb76ad99e59074bc1cc9dfd143462024561ecf9f34a5129b7fc88

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{25F2209A-4ACC-48CA-9DED-F26007C13946}\page2.html

Filesize
40KB

MD5
3c1d8f314be9dd1d3629ecb383eda95e

SHA1
09309cdd3758f081fb7aefa138745729eb16c025

SHA256
c4e83295fd5ee255f4506540bf08ec9b2b97b3792c5f619116a67b2aa708f182

SHA512
986563483e503e73e5206d62f9cedec894421149cc300ed258d789028bae325bf89f45bbb00d4981b63e068a0f8b7b1d82a81911ed897deb97f21a5afb6706d3

Download Submit
\Users\Admin\AppData\Local\Temp\{1D5D198A-DF93-490C-823D-1448C457450F}.dll

Filesize
33KB

MD5
bad29f39b0d9785453e4b44927c864df

SHA1
9cc280683dbe28648b020de28a952503db35b174

SHA256
ad11c6fba6045c61a3d9f0813997c977ade3c2647f76728a8f45ca75c9ae52c2

SHA512
9ec5159e3805916dfbaa8720611696ffef11e48009cbcaaa22c655cf78e1b094b25fd113b9ba1a40cd85f66b05e4e06e62a412041644089bff34e6f3e50c15e7

Download Submit
memory/2260-4-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2260-16-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2260-30-0x00000000039D0000-0x0000000003A2B000-memory.dmp

Filesize
364KB

Download
memory/2260-8-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2260-10-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2260-250-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2260-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2260-0-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2260-21-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2260-2-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2260-17-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2260-19-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2260-265-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2260-268-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2260-273-0x00000000039D0000-0x0000000003A2B000-memory.dmp

Filesize
364KB

Download
memory/2260-20-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2260-18-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2260-12-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2260-6-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2260-291-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download