10fc116869c2574bab76a189ce79e6c0fda91e2a20f70f2ab1050221ddebaab6

General

Target

0b721647e4bd5c9bce28de0f76ac3dfc.exe
Size

3.6MB
MD5

0b721647e4bd5c9bce28de0f76ac3dfc
SHA1

ec3c3c1a23d84d5cb993c44fe2b33076539d169a
SHA256

10fc116869c2574bab76a189ce79e6c0fda91e2a20f70f2ab1050221ddebaab6
SHA512

62ec06ec86fe77926933f47ef39ae8396e6599121376854489ebd70d9a8421dbb1691968d47a3e5351569239dc9d43ce0557e8a6b3399308aa59bec3f26f377e
SSDEEP

49152:wIuU4fxBGUxnT388Oug9BovxHH0hhJvTxaxEhldfAyT/fve4DT:ru17GUpzpGnhX9axEhZTnW43

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x002600000001539d-7.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
2432	0b721647e4bd5c9bce28de0f76ac3dfc.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x002600000001539d-7.dat	upx
behavioral1/memory/2432-15-0x0000000003BB0000-0x0000000003C0B000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	0b721647e4bd5c9bce28de0f76ac3dfc.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2432	0b721647e4bd5c9bce28de0f76ac3dfc.exe
2432	0b721647e4bd5c9bce28de0f76ac3dfc.exe
2432	0b721647e4bd5c9bce28de0f76ac3dfc.exe

C:\Users\Admin\AppData\Local\Temp\0b721647e4bd5c9bce28de0f76ac3dfc.exe
"C:\Users\Admin\AppData\Local\Temp\0b721647e4bd5c9bce28de0f76ac3dfc.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~zm_{4AFA8D1F-B35F-4043-A4BE-990D7C89C885}\css\style.css

Filesize
1KB

MD5
5b988eba5206504a7a9ef9567a71d576

SHA1
016139e5b3e8dbe79c0d8df6c94329f1f51dd8b8

SHA256
7eb7963147385f4dc813c02fc0109e9fc5525b4021eb6cf2f1402bdf4c0f4b31

SHA512
8154a5101f4360686c405a636037c724b55affcc31e3ff6f3a78c24e77c2816732ef1732c565cf34a41fa78523a4c3738d06c11e3454b21986126630f5c9dd47

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{4AFA8D1F-B35F-4043-A4BE-990D7C89C885}\index.html

Filesize
1KB

MD5
3bbdeefc0d42f1da5cd87ae152b7ee38

SHA1
d429c8c5b8db8421173c6705dfd3953f6b16dc45

SHA256
9bb98e075b3acca2b599e8120369e5b1c8c9c7e7420d9ad44daaa9a9ff99927b

SHA512
ce9e2fe926a34cc4b0378e6e90838dca27dc18212db1f78e5f5253b24bc0295eb5bbb6fb41fc9cbc90eb45a86173dd77e5b656201b7b8c91038ebe408b5edd1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{4AFA8D1F-B35F-4043-A4BE-990D7C89C885}\js\common.js

Filesize
102B

MD5
fd7b0ad90e04f867f0caf572d03b6d1c

SHA1
f54f16fcb066d29d280276dd280b7ee7c83a1573

SHA256
c9c9589c41594137ef6f54b394d3495910601e8f0d77f4ba0866b513e84a24e6

SHA512
0215bd6562e26025c3dd0e6d9696a930368a146bd6d9eab8b0b30149ceeb03a8d0f7b8511203f27e3adcfc5affb9ef7ca040659eb670fead4289c233910f553c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{4AFA8D1F-B35F-4043-A4BE-990D7C89C885}\js\lang.js

Filesize
632B

MD5
f3ca8504fe38798d402ada65acc0923e

SHA1
8f9930721e2a559be8e4379cb6e9dc9ffd71ef52

SHA256
f4b4d8d4bb78d970a3fcf6dc8ee0353776801ef373b54d839cd8853c1481a378

SHA512
ab1324ec6f5dcd034efadb6eef3224244de5eb328a4c28e4646a7a182d6af2ec60dad50f52b1e8aedbe18e3eb6a03a4705949763746952492e9abb0f9e01bec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{4AFA8D1F-B35F-4043-A4BE-990D7C89C885}\js\unitpngfix.js

Filesize
959B

MD5
997b4c4553a419650ec27b7f53cd94ef

SHA1
13a577fe4669412ef3d54bd761ff7878876079c1

SHA256
a044dffe80c9ce80d2364681836b7835fdc1c49f30ba83192231e5089973c9a4

SHA512
5f423448c03f1f79b4cc326125e27e60a57bf54c9c834c6be6b848712a814c71376a2def86bb5bbe20c4856798ee88560222f9ff60a9e81a5ece1110d7ef76c7

Download Submit
\Users\Admin\AppData\Local\Temp\{FC9A5AEF-2737-40A2-87A5-7849FE2DC0D6}.dll

Filesize
120KB

MD5
c9f333d1ff898672a34805f94a265329

SHA1
2deaac66698fb2e9b3868d23034c3211c508b739

SHA256
07e546811635574c77edfda126b0e5f5292b4ea13f35158eddedcfc3cbf74b6b

SHA512
048c71e48e2def0bfc69ebfb69b834d650a9377082782333f50728fdfd6675df8093d0c87e606022e55d09f81549d4ca3b640bcdd33b9ddc9aace03ee1466add

Download Submit
memory/2432-15-0x0000000003BB0000-0x0000000003C0B000-memory.dmp

Filesize
364KB

Download
memory/2432-3-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2432-2-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/2432-0-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/2432-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2432-119-0x0000000000400000-0x000000000072B000-memory.dmp

Filesize
3.2MB

Download
memory/2432-121-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2432-122-0x0000000003BB0000-0x0000000003C0B000-memory.dmp

Filesize
364KB

Download

Analysis

Sharing