ab529056ead592c959980a6943f0fe0808c61aad92a761d9c12511d25b6aefb0

Analysis

max time kernel
146s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 03:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02800d3e78cb4791d954ef94a504a191.exe
Size

4.8MB
MD5

02800d3e78cb4791d954ef94a504a191
SHA1

d9bbe0ce4c36ca79724d69c5d2a9d611c46c290a
SHA256

ab529056ead592c959980a6943f0fe0808c61aad92a761d9c12511d25b6aefb0
SHA512

b5a73a3178f8331807ed0da62c238bbe764030b97f3bab42b09344d670654524013b707d7b216068662c8f09cec5d6c4d0e6e0fd9cae4eb238ea01c11292ad23
SSDEEP

98304:t/3v9M08NUMdQ4U9Aeh7iwaU6MjS4W4ApjcmefLC:lUUM0+ehpaFMjlAJcNfLC

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0008000000023226-9.dat	acprotect
behavioral2/files/0x0008000000023226-7.dat	acprotect

Loads dropped DLL 2 IoCs

pid	Process
5036	02800d3e78cb4791d954ef94a504a191.exe
5036	02800d3e78cb4791d954ef94a504a191.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0008000000023226-9.dat	upx
behavioral2/memory/5036-93-0x0000000005580000-0x00000000055DB000-memory.dmp	upx
behavioral2/memory/5036-27-0x0000000005580000-0x00000000055DB000-memory.dmp	upx
behavioral2/files/0x0008000000023226-7.dat	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5036	02800d3e78cb4791d954ef94a504a191.exe
5036	02800d3e78cb4791d954ef94a504a191.exe
5036	02800d3e78cb4791d954ef94a504a191.exe

C:\Users\Admin\AppData\Local\Temp\02800d3e78cb4791d954ef94a504a191.exe
"C:\Users\Admin\AppData\Local\Temp\02800d3e78cb4791d954ef94a504a191.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{EC22A2F3-BEC8-45AC-A4D3-91B951CFBF9E}.dll

Filesize
92KB

MD5
3aca299ad0695a0ea81819d177b63530

SHA1
19a4e4c5eace080968d0b6ed937596a6db5ed7c5

SHA256
fddb915e46ff5284b8c55ef6dba97ca5f75ca6afb424f75c1b456cb148b79dd0

SHA512
fbc0eefa554a6b6f60b61731f5119bdd68ce4347c4843cd8ece9d02e747f5cf98861e6a28a4849d24bed19c70ecaa5a93ea419127af733e4e103a5611d9e917a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EC22A2F3-BEC8-45AC-A4D3-91B951CFBF9E}.dll

Filesize
120KB

MD5
c9f333d1ff898672a34805f94a265329

SHA1
2deaac66698fb2e9b3868d23034c3211c508b739

SHA256
07e546811635574c77edfda126b0e5f5292b4ea13f35158eddedcfc3cbf74b6b

SHA512
048c71e48e2def0bfc69ebfb69b834d650a9377082782333f50728fdfd6675df8093d0c87e606022e55d09f81549d4ca3b640bcdd33b9ddc9aace03ee1466add

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{C3F30578-3319-43F3-93B8-4B460A4A7765}\images\6.jpg

Filesize
26KB

MD5
abf2aa7c86cdd4d469b043a035f4744d

SHA1
cf47f6f9d8ad4856b601e295cd52fb9f469f6bfe

SHA256
af150bfbd872c9b21c69e26c698194081285680162d1ef8ef5cf58a9ef6a0861

SHA512
43a083df24a82661c52ed381ec0af9096171fe86a809e0a16cb21e1af3a5aa7b038f8481e8f475cdc1f1243252484757eff9f5c5e1d256d2fb1fb683183a65a7

Download Submit
memory/5036-1-0x0000000000EC0000-0x0000000000EC1000-memory.dmp

Filesize
4KB

Download
memory/5036-3-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/5036-2-0x0000000000400000-0x0000000000771000-memory.dmp

Filesize
3.4MB

Download
memory/5036-0-0x0000000000400000-0x0000000000771000-memory.dmp

Filesize
3.4MB

Download
memory/5036-93-0x0000000005580000-0x00000000055DB000-memory.dmp

Filesize
364KB

Download
memory/5036-27-0x0000000005580000-0x00000000055DB000-memory.dmp

Filesize
364KB

Download
memory/5036-107-0x0000000000400000-0x0000000000771000-memory.dmp

Filesize
3.4MB

Download
memory/5036-109-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/5036-110-0x0000000005580000-0x00000000055DB000-memory.dmp

Filesize
364KB

Download