62eb43d6ec0bdc48a92fcd121cb0366b2640df0d44bea58d1dae397115df3ccb

Analysis

max time kernel
141s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 07:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1057f18f2c73b64d0f2ad8d11ef0faed.exe
Size

295KB
MD5

1057f18f2c73b64d0f2ad8d11ef0faed
SHA1

748e4fcc3764417e4555807139311e4b51f533a3
SHA256

62eb43d6ec0bdc48a92fcd121cb0366b2640df0d44bea58d1dae397115df3ccb
SHA512

1e7b5a12c00d0611070f66631395cb0314aed0eb003800ba9011339b81aa6e48296b9239d18483bf8e936511e99a1640c84d33e110e3074e20dc9d9233640311
SSDEEP

3072:qxFM5spM4P/NEkxhJsF6g1q5+GFiNk5F29wpHuTvnX1lBQ6LO2XoTWCjpDLQyob7:bAJmYYUFF2kaMHujX1UV5Qvn3OUuXp2

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000700000002322b-2.dat	acprotect
behavioral2/files/0x0006000000023231-62.dat	acprotect

Loads dropped DLL 16 IoCs

pid	Process
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe
428	1057f18f2c73b64d0f2ad8d11ef0faed.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000700000002322b-2.dat	upx
behavioral2/memory/428-7-0x0000000075250000-0x000000007525A000-memory.dmp	upx
behavioral2/files/0x0006000000023231-62.dat	upx
behavioral2/memory/428-66-0x0000000073B30000-0x0000000073B39000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\1057f18f2c73b64d0f2ad8d11ef0faed.exe
"C:\Users\Admin\AppData\Local\Temp\1057f18f2c73b64d0f2ad8d11ef0faed.exe"
1⤵
- Loads dropped DLL
PID:428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsw573A.tmp\UAC.dll

Filesize
13KB

MD5
431e5b960aa15af5d153bae6ba6b7e87

SHA1
e090c90be02e0bafe5f3d884c0525d8f87b3db40

SHA256
a6d956f28c32e8aa2ab2df13ef52637e23113fab41225031e7a3d47390a6cf13

SHA512
f1526c7e4d0fce8ab378e43e89aafb1d7e9d57ef5324501e804091e99331dd2544912181d6d4a07d30416fe17c892867c593aee623834935e11c7bb385c6a0a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw573A.tmp\inetc.dll

Filesize
25KB

MD5
29e2dcdfb57ee3ab5e2bbc2fc3c42f02

SHA1
bd6cafcce5b70ee15311f9f53e9fd4aac819ccda

SHA256
2b7a69e98ed4975fd4eade513cff17099c43b3eebe7e7641696d1d20e8e14b2f

SHA512
f71c981b3b5308566b56156462d106ebf8e49a32e55b70891f9d70338941afd347cb4df374fe38b9b3d7309f63dd75a7c80ebe02bb8941d558cd638a6f8daf7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw573A.tmp\nsDialogs.dll

Filesize
11KB

MD5
66cfc94903c8cfa492fdab42bde2026d

SHA1
d07194419d914eae5dc54a480ebddb0a8cb32f25

SHA256
82e21860521feea4d15ff7f30538b9d0ed1860747c98549ec85217178a6db632

SHA512
ecbc2c9361bef9332fe8e1675d11884c344b26f437eee9db3ec0b5999bf20e16b1d863c192e2091375a870cf8f4674deec16875ba56757b88cc859288305eeb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw573A.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw573A.tmp\nsRichEdit.dll

Filesize
5KB

MD5
02f1858b3131ffc3fc5e3a5391d3a489

SHA1
454a6d749cf55ff990bd9f57941aca9d1f1674f6

SHA256
f00bd6d3e7c7b8e8ad18b7dc6275fb80cc720fb164200a6506f50f6e66998b12

SHA512
8147fa8014a5065f4fed7de1fbb9c2ee2c1b94d63596f7bbcf6821ecd41a73d25ebdfa1e71ca74d7598cba063042b6dfcaf050a23d0c855a7b6fbc94147ab41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\stats.txt

Filesize
35B

MD5
28d6814f309ea289f847c69cf91194c6

SHA1
0f4e929dd5bb2564f7ab9c76338e04e292a42ace

SHA256
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

SHA512
1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c

Download Submit
memory/428-7-0x0000000075250000-0x000000007525A000-memory.dmp

Filesize
40KB

Download
memory/428-66-0x0000000073B30000-0x0000000073B39000-memory.dmp

Filesize
36KB

Download
memory/428-69-0x000000006EB40000-0x000000006EB4A000-memory.dmp

Filesize
40KB

Download
memory/428-67-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/428-73-0x0000000073B30000-0x0000000073B39000-memory.dmp

Filesize
36KB

Download