77df499e8a1eb73e1af23582f56282b396c3ed66fe53039e81dfa9bdd7f3db80

Analysis

max time kernel
0s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 12:41

Target

18d2eb04b5df29aedec9bb58fc26c858.exe
Size

152KB
MD5

18d2eb04b5df29aedec9bb58fc26c858
SHA1

761f4e8eaa0cc3d27301da84497a398468d06638
SHA256

77df499e8a1eb73e1af23582f56282b396c3ed66fe53039e81dfa9bdd7f3db80
SHA512

a53cedd18c40839cd621e2b85e9a2c1335da4ad44e2805b1773f6d849e09acb54352199e4d49fe5216614a0d009fcdfb0b541b79acdb4f977478aaa290f2472c
SSDEEP

3072:ltCzs/mVASDVnwevtGjg9DPXcEE+uFXx6kOV/wa19kjygULCO42F:Sw+GSDbvZNUvxVADVYa143UL54u

Score

7^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000a00000001224d-1.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
3052	18d2eb04b5df29aedec9bb58fc26c858.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000a00000001224d-1.dat	upx
behavioral1/memory/3052-64-0x0000000010000000-0x0000000010061000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\msxml71.dll	18d2eb04b5df29aedec9bb58fc26c858.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3052	18d2eb04b5df29aedec9bb58fc26c858.exe

\Windows\SysWOW64\msxml71.dll

Filesize
92KB

MD5
cc66048e347e6cf270639b6470122342

SHA1
5d388726745f52131596fd98c9ede00c0154153b

SHA256
c7ce12005179dc16a24552294914a3abc2af7d583588f7acc127d4783a6f809e

SHA512
d2b4c70c293c10dd21f50b56f2f2a3b8ac6204e4b9aac318608492a42981392b2137cdb34e7354bed772d249e69e184d2d6bcf253f0368e5ff5144145b38bc74

Download Submit
memory/3052-64-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download