ec2bf8580d47ad01dfba1e2145e83d886dce14138245e1f0ccbd33d6fef5dd8f

General

Target

3ce1143e1511cb7d5656882ede0a4692.exe
Size

1.0MB
MD5

3ce1143e1511cb7d5656882ede0a4692
SHA1

7c2bbb59cf34b555cd3af4170ccedf5d887c0d85
SHA256

ec2bf8580d47ad01dfba1e2145e83d886dce14138245e1f0ccbd33d6fef5dd8f
SHA512

f5de1a33c673d5370e6c94d394d998cb5db55c1f661abbeb77d4fd768db15f883eb8ef7751818edd3bea39d47cdf98a756b5b2fd16e35c76da65a0e59110b17c
SSDEEP

12288:FxgCMMcBsY3DYl5rDRh5ujveBxJ/JHJu6rBr6p3bVHHX3QHEoSuJF48:F5aZTYPrDRhTBr6hJQHTF48

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0009000000012252-2.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
1312	3ce1143e1511cb7d5656882ede0a4692.exe

UPX packed file 22 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1312-4-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/files/0x0009000000012252-2.dat	upx
behavioral1/memory/1312-8-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-9-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-10-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-7-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-6-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-11-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-12-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-13-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-14-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-15-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-16-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-17-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-18-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-19-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-20-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-21-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-22-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-23-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-24-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral1/memory/1312-25-0x0000000010000000-0x0000000010043000-memory.dmp	upx

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\system\Skin.dll	3ce1143e1511cb7d5656882ede0a4692.exe
File created	C:\WINDOWS\system\QQ2009.she	3ce1143e1511cb7d5656882ede0a4692.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1312	3ce1143e1511cb7d5656882ede0a4692.exe
1312	3ce1143e1511cb7d5656882ede0a4692.exe
1312	3ce1143e1511cb7d5656882ede0a4692.exe

C:\Users\Admin\AppData\Local\Temp\3ce1143e1511cb7d5656882ede0a4692.exe
"C:\Users\Admin\AppData\Local\Temp\3ce1143e1511cb7d5656882ede0a4692.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\system\Skin.dll

Filesize
98KB

MD5
4e70aa97f22995853da109a2a05b1335

SHA1
16d243efe827436907a65aeafcd02312960225a0

SHA256
ee59d2fd30511ce7611a4a229610584a52678d9423f41c23e2aaae56b211bd4f

SHA512
1aed4011fcbb0eabc14d236d0aea4b54e33d02365777196ceb22d84aaf4de7469bda0f5d124bd022c3c1c3748cd6467008cef0de1f0f025e7a324fbc7152854e

Download Submit
memory/1312-14-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-16-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-9-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-10-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-7-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-6-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-11-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-12-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-13-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-4-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-8-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-17-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-15-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-18-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-19-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-20-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-21-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-22-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-23-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-24-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/1312-25-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download

Analysis

Sharing