282b086e2eebc15b03f0fc4f315ca9e5d12bb3cf1b33a81aab587589c91c0d6f

Analysis

max time kernel
142s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 16:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7cb28b895571b4502c67e24b6dc406f8.exe
Size

3.6MB
MD5

7cb28b895571b4502c67e24b6dc406f8
SHA1

1936c038b80b56fae797a025a79a8ccc3bcd67d0
SHA256

282b086e2eebc15b03f0fc4f315ca9e5d12bb3cf1b33a81aab587589c91c0d6f
SHA512

876fdfb52c66a60cc9524f20bc6453d2988d1ce3c3a725bc80ac42a58bd07a88eb3cb468d68d631133abb3cdd72ef99270940678a86ae7e50ee521bda64a994f
SSDEEP

49152:hIy/vJ2BudM9TMFrV+TUJF0h77ya9EzzFZoK3W6J9BL0zhnIsve4DB:hICx2Bm+TMdgTsqxEz5nn1iBbW4F

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x00090000000142cc-7.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
2860	7cb28b895571b4502c67e24b6dc406f8.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2860-17-0x0000000004310000-0x000000000436B000-memory.dmp	upx
behavioral1/files/0x00090000000142cc-7.dat	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	7cb28b895571b4502c67e24b6dc406f8.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2860	7cb28b895571b4502c67e24b6dc406f8.exe
2860	7cb28b895571b4502c67e24b6dc406f8.exe
2860	7cb28b895571b4502c67e24b6dc406f8.exe

C:\Users\Admin\AppData\Local\Temp\7cb28b895571b4502c67e24b6dc406f8.exe
"C:\Users\Admin\AppData\Local\Temp\7cb28b895571b4502c67e24b6dc406f8.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~zm_{55A4AD48-155E-4EFB-9401-CFEEEFEDEAF1}\css\style.css

Filesize
1KB

MD5
5b988eba5206504a7a9ef9567a71d576

SHA1
016139e5b3e8dbe79c0d8df6c94329f1f51dd8b8

SHA256
7eb7963147385f4dc813c02fc0109e9fc5525b4021eb6cf2f1402bdf4c0f4b31

SHA512
8154a5101f4360686c405a636037c724b55affcc31e3ff6f3a78c24e77c2816732ef1732c565cf34a41fa78523a4c3738d06c11e3454b21986126630f5c9dd47

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{55A4AD48-155E-4EFB-9401-CFEEEFEDEAF1}\images\footline.bmp

Filesize
252B

MD5
c90416e8e3fa0a5e90aabe2396f71642

SHA1
cdbb4735cd23e2edf490e6629130861cfdb6440a

SHA256
5f0149dec39b3bd5ea3f3f5bd677f849f255e852dff60eab18cf07f69788fca1

SHA512
49ba10290a13b4a20e669f334c7f6053f73612ab4855ff0b9485cb07da5a4c32b06315a1a1e0b5c9d2e788645e789ddc574788a009b3b43dbf882ba2df228a6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{55A4AD48-155E-4EFB-9401-CFEEEFEDEAF1}\images\headline.bmp

Filesize
296B

MD5
4c8564e315dd5e60b1949ce6311ac35c

SHA1
5cd243aae69385a1e8d16e9b1cf893e944530a35

SHA256
5f8cf2e7f0dd3aa7d76806a95559dec446c79a75c08614ae520cb1c22751ead9

SHA512
08f0a24fa0f10964c9269e9abdda1663656d651af49cad380d77e98f1f1b7eb6ffe44abe4ab178ce63e4137ca0ee83e46db1f3140240ebcf106fc4e7a21f4773

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{55A4AD48-155E-4EFB-9401-CFEEEFEDEAF1}\images\logo.bmp

Filesize
5KB

MD5
0cd312082b4d77d7597a56aa0d8b6478

SHA1
1d88f50204ae7e3507bf8910d3243c494b79bc1d

SHA256
788e8177b354d51a07cbaf07cf6b6ab99dcaebbc5910630bb24bfb387d0d7230

SHA512
fb8e9977a243305803e862c8f63147b570bc1e5fc825091424d5718f72bfcceae6816887976c52372b6b14ef3799717c01adfe277d2be56acafc6db5836c9c89

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{55A4AD48-155E-4EFB-9401-CFEEEFEDEAF1}\index_en.html

Filesize
2KB

MD5
e9e4a4f85b96dc5b11c2d7da1b437874

SHA1
fe38bb132a233f2416592024876b478b043ebf1e

SHA256
37e86e94c53bcf801f519583db9ebc6574affea2faa1a5b2e457172f5e05d9dc

SHA512
27e2f474f57e98b5581c3c317a07711b175d16cfc3f3575900dea9880c4505cddcca1257d4db9e2a69248d293cf349b620d2b7a5f713ae25f9f7edc483e19831

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{55A4AD48-155E-4EFB-9401-CFEEEFEDEAF1}\js\common.js

Filesize
102B

MD5
fd7b0ad90e04f867f0caf572d03b6d1c

SHA1
f54f16fcb066d29d280276dd280b7ee7c83a1573

SHA256
c9c9589c41594137ef6f54b394d3495910601e8f0d77f4ba0866b513e84a24e6

SHA512
0215bd6562e26025c3dd0e6d9696a930368a146bd6d9eab8b0b30149ceeb03a8d0f7b8511203f27e3adcfc5affb9ef7ca040659eb670fead4289c233910f553c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{55A4AD48-155E-4EFB-9401-CFEEEFEDEAF1}\js\lang.js

Filesize
632B

MD5
f3ca8504fe38798d402ada65acc0923e

SHA1
8f9930721e2a559be8e4379cb6e9dc9ffd71ef52

SHA256
f4b4d8d4bb78d970a3fcf6dc8ee0353776801ef373b54d839cd8853c1481a378

SHA512
ab1324ec6f5dcd034efadb6eef3224244de5eb328a4c28e4646a7a182d6af2ec60dad50f52b1e8aedbe18e3eb6a03a4705949763746952492e9abb0f9e01bec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{55A4AD48-155E-4EFB-9401-CFEEEFEDEAF1}\js\unitpngfix.js

Filesize
959B

MD5
997b4c4553a419650ec27b7f53cd94ef

SHA1
13a577fe4669412ef3d54bd761ff7878876079c1

SHA256
a044dffe80c9ce80d2364681836b7835fdc1c49f30ba83192231e5089973c9a4

SHA512
5f423448c03f1f79b4cc326125e27e60a57bf54c9c834c6be6b848712a814c71376a2def86bb5bbe20c4856798ee88560222f9ff60a9e81a5ece1110d7ef76c7

Download Submit
\Users\Admin\AppData\Local\Temp\{BE59A3EC-0524-45BD-B61E-0AC593E5BE37}.dll

Filesize
120KB

MD5
c9f333d1ff898672a34805f94a265329

SHA1
2deaac66698fb2e9b3868d23034c3211c508b739

SHA256
07e546811635574c77edfda126b0e5f5292b4ea13f35158eddedcfc3cbf74b6b

SHA512
048c71e48e2def0bfc69ebfb69b834d650a9377082782333f50728fdfd6675df8093d0c87e606022e55d09f81549d4ca3b640bcdd33b9ddc9aace03ee1466add

Download Submit
memory/2860-2-0x0000000000400000-0x000000000072C000-memory.dmp

Filesize
3.2MB

Download
memory/2860-3-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2860-17-0x0000000004310000-0x000000000436B000-memory.dmp

Filesize
364KB

Download
memory/2860-0-0x0000000000400000-0x000000000072C000-memory.dmp

Filesize
3.2MB

Download
memory/2860-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2860-130-0x0000000000400000-0x000000000072C000-memory.dmp

Filesize
3.2MB

Download
memory/2860-132-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2860-133-0x0000000004310000-0x000000000436B000-memory.dmp

Filesize
364KB

Download