Overview

overview

7

Static

static

3

21a2347c83...86.exe

windows7-x64

7

21a2347c83...86.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21a2347c8349eb94e758073b01f24486.exe

  • Size

    769KB

  • MD5

    21a2347c8349eb94e758073b01f24486

  • SHA1

    cb06b9f3e49ec0d36ea9262d2838e41b6e2abeb1

  • SHA256

    051dae9b11fe60c3d6bdd2203808cd30d49bc6ff50680e29047216f81c3f9ef1

  • SHA512

    5ce6f083caa254d25535b98c71a24af714c10085262c6227d8211291fc32d9d588448f12fa0ad52a6d20469b1066c20094a00462caa1603fbe9b6ea0e9478fa1

  • SSDEEP

    12288:G6iYNDsam14R0ncYv7TM3MkQge+Y5nsfBWMc7vfILb/4nXLXzkO5s:GZwV9R0cMHt+Y+fPc74fwnMss

Score
7/10

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21a2347c8349eb94e758073b01f24486.exe
    "C:\Users\Admin\AppData\Local\Temp\21a2347c8349eb94e758073b01f24486.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\gblF3D.tmp
    Filesize

    98KB

    MD5

    c78056ac4ebfc9ec3ec7032a2d8c2bfc

    SHA1

    01a66479cef728b03c2e5710183db1b156a99fb4

    SHA256

    957e295225520bffa564720c6b9e5c526d91fbe3ff589793ada309497ab07cdf

    SHA512

    c0ecd3ae6b32b7c081332441b0e578825525a744c3ded0653642afac3fd2b275cb67eeb4b6e4b2acb8fb11538ae303229872000c926dea93780e777768d6b4f3

    Download Submit

  • memory/2116-4-0x0000000001CD0000-0x0000000001D43000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2116-6-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2116-5-0x0000000001CD0000-0x0000000001D43000-memory.dmp

    Filesize

    460KB

    Download

  • memory/2116-1-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download