Analysis
-
max time kernel
145s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25/12/2023, 19:09
General
-
Target
36dc8ff07e4101fd729b5ee605b1cada.exe
-
Size
1.1MB
-
MD5
36dc8ff07e4101fd729b5ee605b1cada
-
SHA1
2782e22b1e686dd5dfe949604f07a43fd30a0709
-
SHA256
23d4ef79cb7a0dc60087b708116ec4a629ecb41ae503a3b64a2ffa30a99f3997
-
SHA512
f7e11eab04d2d07d5dd7a233ac7aa32454e2fca79dd3f7df35c60fea9722ab5deb3723bc5ddd5a9c66ce33c6a5f73514cf0a585f972d2ed907abe3960372bd3b
-
SSDEEP
24576:+9WC988bu6CocrIn8Ez82LEeb1wk/h48Ocb/B/w3248ULF:+B88TCoyEz821BVlA
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 2 IoCs
Detects file using ACProtect software.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 14 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\36dc8ff07e4101fd729b5ee605b1cada.exe"C:\Users\Admin\AppData\Local\Temp\36dc8ff07e4101fd729b5ee605b1cada.exe"1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\temp\cb8dInstaller.exe"C:\Users\Admin\AppData\Local\temp\cb8dInstaller.exe" /KEYWORD=cb8d "/PATHFILES=C:\Users\Admin\AppData\Local\temp\"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
93KB
MD5470052118ac7d6c56b59ad65b96fa9ad
SHA126c41c472b295d33c63377f58e04f1863a1e4aee
SHA2566c83c46bc5b3f853deb1653488ebd3c6851facd4efd67518111cf64178eb387d
SHA512f990a8a97b0ab629e30f7deb5bb80ab67d4152eec93f656bc28098e02d8cafe67f19a59494984ef5daf1cf52969307231f38304b5b8f26ac58ab5e0e5c01ecbb
-
Filesize
92KB
MD57dd6fc3534cb6eeb4556c9780bdfc304
SHA1bce75b0f9227bc5f49faf5002ab05b5c9dea7e2f
SHA25693371dce75d7bcdf96af35065b8695678d801e495d7e991cf8f75cc190d0ee2d
SHA512da8245d8e49856fe84072d718a5810a717844c67038dd4b38bb12d2268dbcfc5d729fb1efe2280c6bc04c0621d075274c157292403f8821cbfa4b86d50db3994
-
Filesize
451B
MD56fbf86076ae704f2339cf7dff1116567
SHA1133f768a06db7e016b9e2a666086c908bb36e149
SHA2569d373e183daa209f9d72743fcb2be680a2a468a16004f47e45a4d92458a03cef
SHA512e19c3bfad09186080362337486cad1f6f730b266fecd8425277a274f8b0d1ab9eba4de093df3a57cb146336dd440226a1fecc79ff5c5b443ff34e4ae36aa8ceb
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
40KB
-
Filesize
48KB
-
Filesize
24KB
-
Filesize
4KB
-
Filesize
40KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
48KB