Overview

overview

7

Static

static

3

ACreedOrig...NG.exe

windows7-x64

7

ACreedOrig...NG.exe

windows10-2004-x64

7

ACreedOrig...ws.url

windows7-x64

1

ACreedOrig...ws.url

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 06:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ACreedOrigins+20Tr_LNG/ACreedOrigins+20Tr_LNG.exe

  • Size

    5.9MB

  • MD5

    b4ac3c9b8d0c100f22e98fbc5bbfa9d6

  • SHA1

    c0db3207981894becc6613731a90680c047119cd

  • SHA256

    24efc407fc2f4d6e3a5b8ee84ace5862c0bbc6ea02630d9b6f417de6242f3139

  • SHA512

    9318c9b2080141d82ea0629df6db9f9bec87ba3b45e26085dd5b4777fbad231da03fa0397944f7803014532a170c05c98c3ea478a8945279bf5632b0cf9bad80

  • SSDEEP

    98304:H/3K0XguJyEiog94IhS1eMXmWkvLoYGQlAkxpP2vrXG6g+nC:HvK0XguJyEiogXS1eMXmzvBGIAkxpuva

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ACreedOrigins+20Tr_LNG\ACreedOrigins+20Tr_LNG.exe
    "C:\Users\Admin\AppData\Local\Temp\ACreedOrigins+20Tr_LNG\ACreedOrigins+20Tr_LNG.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\SkinSoft\VisualStyler\2.3.5.0\x64\ssapihook.dll
    Filesize

    66KB

    MD5

    c74d260d388f5ac3d95d8c1c3a27c989

    SHA1

    5da009086036004a7c670d608d5e1e923aead568

    SHA256

    dc1bebb8ce88d59e4b3130c1ff2c4b7f5df2701c7a71b476b8a6f2ed541db628

    SHA512

    6460db8f73806017d267c0e4e112902956a3bc53853c6a893cff66fe44772305b2c158ef8b58e993806d713aceaddcf2efa7ccf625063678444d3fd20b10546a

    Download Submit

  • memory/2040-38-0x0000000021200000-0x0000000021258000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2040-7-0x000000001B760000-0x000000001B7E0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2040-32-0x0000000021150000-0x00000000211F2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2040-6-0x000000001B760000-0x000000001B7E0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2040-21-0x0000000000D60000-0x0000000000D61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-8-0x0000000020910000-0x0000000020A08000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2040-24-0x0000000002780000-0x0000000002781000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-28-0x000007FE7B460000-0x000007FE7B461000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-27-0x000007FE7B450000-0x000007FE7B451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-26-0x000007FE7B420000-0x000007FE7B421000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-25-0x0000000002790000-0x0000000002791000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-20-0x0000000000990000-0x0000000000991000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-22-0x0000000000D70000-0x0000000000D71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-0-0x00000000001B0000-0x00000000007A6000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2040-5-0x00000000026A0000-0x00000000026F8000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2040-2-0x000000001B760000-0x000000001B7E0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2040-23-0x0000000000F90000-0x0000000000F91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-19-0x0000000000980000-0x0000000000981000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-18-0x0000000000970000-0x0000000000971000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-17-0x0000000000920000-0x0000000000921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-16-0x0000000000910000-0x0000000000911000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-15-0x0000000000900000-0x0000000000901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-14-0x00000000007E0000-0x00000000007E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-13-0x00000000007D0000-0x00000000007D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2040-1-0x000007FEF5160000-0x000007FEF5B4C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2040-44-0x000007FEF5160000-0x000007FEF5B4C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2040-45-0x000000001B760000-0x000000001B7E0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2040-46-0x000000001B760000-0x000000001B7E0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2040-47-0x000000001B760000-0x000000001B7E0000-memory.dmp

    Filesize

    512KB

    Download