Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
01/01/2024, 12:39
Static task
static1
Behavioral task
behavioral1
Sample
3ce1143e1511cb7d5656882ede0a4692.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
3ce1143e1511cb7d5656882ede0a4692.exe
Resource
win10v2004-20231215-en
General
-
Target
3ce1143e1511cb7d5656882ede0a4692.exe
-
Size
1.0MB
-
MD5
3ce1143e1511cb7d5656882ede0a4692
-
SHA1
7c2bbb59cf34b555cd3af4170ccedf5d887c0d85
-
SHA256
ec2bf8580d47ad01dfba1e2145e83d886dce14138245e1f0ccbd33d6fef5dd8f
-
SHA512
f5de1a33c673d5370e6c94d394d998cb5db55c1f661abbeb77d4fd768db15f883eb8ef7751818edd3bea39d47cdf98a756b5b2fd16e35c76da65a0e59110b17c
-
SSDEEP
12288:FxgCMMcBsY3DYl5rDRh5ujveBxJ/JHJu6rBr6p3bVHHX3QHEoSuJF48:F5aZTYPrDRhTBr6hJQHTF48
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral2/files/0x000400000001e716-2.dat acprotect -
Loads dropped DLL 1 IoCs
pid Process 4556 3ce1143e1511cb7d5656882ede0a4692.exe -
resource yara_rule behavioral2/memory/4556-5-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-9-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-10-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-8-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-7-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/files/0x000400000001e716-2.dat upx behavioral2/memory/4556-11-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-12-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-13-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-14-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-15-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-16-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-17-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-18-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-19-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-20-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-21-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-22-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-23-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-24-0x0000000010000000-0x0000000010043000-memory.dmp upx behavioral2/memory/4556-25-0x0000000010000000-0x0000000010043000-memory.dmp upx -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\WINDOWS\system\Skin.dll 3ce1143e1511cb7d5656882ede0a4692.exe File created C:\WINDOWS\system\QQ2009.she 3ce1143e1511cb7d5656882ede0a4692.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 4556 3ce1143e1511cb7d5656882ede0a4692.exe 4556 3ce1143e1511cb7d5656882ede0a4692.exe 4556 3ce1143e1511cb7d5656882ede0a4692.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5126d9ba801fd60698721b5af6e86810e
SHA130eabff3799326eedb98a12f5320111158b86828
SHA256a48f13e8ebb991e09f5e345122028935fefb8246f6be154f37f9e268a726b143
SHA5127b098d73c8e33270c3948b75451053e6809f88add64b421b103df9c4179ebeed70bcc32cfed49c7e7f8d6388aa795c596e05911554e699a3ec5d6dd3d353a7ed