fabed020a1738bfd688115afa14988c452a3e778f688eca2e9c53d4b7914a77e

General

Target

13dd6357cdfbce65b74225fa6fa8f549.exe
Size

1.6MB
MD5

13dd6357cdfbce65b74225fa6fa8f549
SHA1

52b3d8be99aa29feef563f90a0e73a3f6504b282
SHA256

fabed020a1738bfd688115afa14988c452a3e778f688eca2e9c53d4b7914a77e
SHA512

7d7cd7a09ac30dd8cb7c3b443344201d32ddc3c6b88285028d735986b7d5d2e9d080884fff4a08bcfec6543d6bd5da02449f722295c85f5fcc8058eb4fbff66c
SSDEEP

24576:xtmRgSWthQHWKaOvDH7moUtu27AyrMVEe3Nb4ZLkopK6siA6v7i/8NOEdo77Nrn:xNnhSWiHxOu2YVnd4Z3p3sh6v7uNL

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0006000000016d7b-33.dat	acprotect
behavioral1/files/0x0007000000016fde-47.dat	acprotect
behavioral1/memory/2364-49-0x0000000074520000-0x0000000074529000-memory.dmp	acprotect
behavioral1/memory/2364-111-0x0000000074510000-0x0000000074519000-memory.dmp	acprotect

Loads dropped DLL 22 IoCs

pid	Process
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe
2364	13dd6357cdfbce65b74225fa6fa8f549.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000016d7b-33.dat	upx
behavioral1/files/0x0007000000016fde-47.dat	upx
behavioral1/memory/2364-49-0x0000000074520000-0x0000000074529000-memory.dmp	upx
behavioral1/memory/2364-111-0x0000000074510000-0x0000000074519000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\13dd6357cdfbce65b74225fa6fa8f549.exe
"C:\Users\Admin\AppData\Local\Temp\13dd6357cdfbce65b74225fa6fa8f549.exe"
1⤵
- Loads dropped DLL
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\extra_nsy2060.tmp\SoftInstallerHelper.dll

Filesize
206KB

MD5
79320f8b7ae03e3bfda302219e0b4e63

SHA1
aed74bd82171c549400cc1c06f2c63b420ca63ea

SHA256
a0f21a0430af00f2b16be6a004b2c787198476d569c76be4cd018975366afa6a

SHA512
e7b84d0677ab039b48f254526750f39091e0df1771539accc7b97a1b3fe26dac2c7378303f03c9ef9224b49115285400c025b002205b7decba5cf57a9d355ce6

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1ED8.tmp\System.dll

Filesize
23KB

MD5
125aebb055446fb52aa5956cf99e8a9a

SHA1
6b58fd08a8ff2763219cc6b0dcdb875f9970f850

SHA256
2e1b11ee20e5061ea86dc6b01e3efc659e887540afcab7317cdfd6a8eff87ec3

SHA512
5f85e48bd3ae2fd2be0595b93cbf74674e0281210688dcc73691178b295a702e8d43898afb6e5d8b7e82de98b4ee28194c9838ddf8279cde85f7fe48d34dc8b7

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1ED8.tmp\UserInfo.dll

Filesize
6KB

MD5
7f780de67db61a924bebc0cafaded3ad

SHA1
3ac359dce08ceff16e4214fe45d83fdc8e3f2e1a

SHA256
9931a2f8bb44b92ff26062b99cbb6e41ed1cfad65079dec5d6d9c006223bd121

SHA512
8378f04b6f5085e887ed46874414e5681f0ecb6889dbaa25eb78f75112d4be603aef8dec6a2a81857a19978f6ccf07d65d566ff3f0943da809de22599ffdd8f2

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1ED8.tmp\inetc.dll

Filesize
28KB

MD5
67728532d0325c6f3bc85827a9594286

SHA1
f9809396ab27f263b30a9a5585174ffb71c256cb

SHA256
02c008237e8c61ea7ea4e46c9bb47475ae218cf74d2f497fef746909ace19da6

SHA512
318f18c574bd79610f77138b0e79bd958f1cd248e6bccf9d24da9169be6298688aa11dc63a6ab1a9ae5bc3b3ef880a97a36a289447f45fb5f9b940eac652f661

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1ED8.tmp\md5dll.dll

Filesize
14KB

MD5
4ef97f2cfcb80fd9a8781fd80e38abaf

SHA1
932322e90414818bd8b23d62cfc72ca17e324b5a

SHA256
6c24f2149bb5076d933bbaf551081d674f3bc6ea2c3d6368f72886a155c8d41e

SHA512
16e7bcbfe1c6250f0b1a11d6b7adb94423e245d2a4c32b5e98eb3ed27e40df5a83aa2c9c5b4c1deb1ec990891e8963dc1cbfac7fb6067c5de3c740d11c3ad036

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1ED8.tmp\nsDialogs.dll

Filesize
11KB

MD5
790d227d847f7571c8d58a79057a469e

SHA1
75c347b1441383c61166b615dfd6e7e65b04629f

SHA256
37e99ab9db0045870e31db147438cf0c69b6fcdec4f3737a9743c447cbc0c3c0

SHA512
5821605bfb3e57ddfcc1a74829968814aae92b13cb713ef3628913d9112d493117e8aa9cc437770facdcd2d4bd1e53a271d491e6b4d3e4cff53bd027f4b07f4c

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1ED8.tmp\nsResize.dll

Filesize
12KB

MD5
eb64d073a87db00a3c2f2d2e8641b193

SHA1
6ffb587461276f954228827a53412880cd7a92eb

SHA256
1bb9c2fb5935766f08903fccdda12ed3e32478ad0cc3f8b2ef271c0a7f4bce56

SHA512
a5f7590b11f4b9ad903155ed5d237d6762f01183ee023dc319d1dad00b23b04f003b7d751e27f72b678356843a693bdb1ede16a3a0ef34a381611d3d153c4fc7

Download Submit
memory/2364-114-0x0000000074520000-0x0000000074529000-memory.dmp

Filesize
36KB

Download
memory/2364-130-0x000000006E940000-0x000000006E94A000-memory.dmp

Filesize
40KB

Download
memory/2364-43-0x000000006E3C0000-0x000000006E3CD000-memory.dmp

Filesize
52KB

Download
memory/2364-49-0x0000000074520000-0x0000000074529000-memory.dmp

Filesize
36KB

Download
memory/2364-106-0x0000000074520000-0x0000000074529000-memory.dmp

Filesize
36KB

Download
memory/2364-107-0x0000000074520000-0x0000000074529000-memory.dmp

Filesize
36KB

Download
memory/2364-111-0x0000000074510000-0x0000000074519000-memory.dmp

Filesize
36KB

Download
memory/2364-112-0x0000000074520000-0x0000000074529000-memory.dmp

Filesize
36KB

Download
memory/2364-113-0x0000000074510000-0x0000000074519000-memory.dmp

Filesize
36KB

Download
memory/2364-117-0x0000000074510000-0x0000000074519000-memory.dmp

Filesize
36KB

Download
memory/2364-41-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2364-123-0x0000000074510000-0x0000000074519000-memory.dmp

Filesize
36KB

Download
memory/2364-122-0x0000000074510000-0x0000000074519000-memory.dmp

Filesize
36KB

Download
memory/2364-38-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/2364-124-0x0000000074510000-0x0000000074519000-memory.dmp

Filesize
36KB

Download
memory/2364-127-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2364-129-0x000000006E3C0000-0x000000006E3CD000-memory.dmp

Filesize
52KB

Download
memory/2364-42-0x0000000065180000-0x0000000065188000-memory.dmp

Filesize
32KB

Download
memory/2364-131-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/2364-136-0x0000000074520000-0x0000000074529000-memory.dmp

Filesize
36KB

Download
memory/2364-137-0x0000000074510000-0x0000000074519000-memory.dmp

Filesize
36KB

Download
memory/2364-138-0x0000000074520000-0x0000000074529000-memory.dmp

Filesize
36KB

Download
memory/2364-139-0x0000000074510000-0x0000000074519000-memory.dmp

Filesize
36KB

Download
memory/2364-140-0x0000000074520000-0x0000000074529000-memory.dmp

Filesize
36KB

Download
memory/2364-141-0x0000000074520000-0x0000000074529000-memory.dmp

Filesize
36KB

Download
memory/2364-142-0x0000000074510000-0x0000000074519000-memory.dmp

Filesize
36KB

Download
memory/2364-143-0x0000000074520000-0x0000000074529000-memory.dmp

Filesize
36KB

Download
memory/2364-144-0x0000000074510000-0x0000000074519000-memory.dmp

Filesize
36KB

Download
memory/2364-145-0x0000000074520000-0x0000000074529000-memory.dmp

Filesize
36KB

Download
memory/2364-146-0x0000000074520000-0x0000000074529000-memory.dmp

Filesize
36KB

Download
memory/2364-147-0x0000000074510000-0x0000000074519000-memory.dmp

Filesize
36KB

Download
memory/2364-148-0x0000000074510000-0x0000000074519000-memory.dmp

Filesize
36KB

Download
memory/2364-149-0x0000000074510000-0x0000000074519000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing