ec2bf8580d47ad01dfba1e2145e83d886dce14138245e1f0ccbd33d6fef5dd8f

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ce1143e1511cb7d5656882ede0a4692.exe
Size

1.0MB
MD5

3ce1143e1511cb7d5656882ede0a4692
SHA1

7c2bbb59cf34b555cd3af4170ccedf5d887c0d85
SHA256

ec2bf8580d47ad01dfba1e2145e83d886dce14138245e1f0ccbd33d6fef5dd8f
SHA512

f5de1a33c673d5370e6c94d394d998cb5db55c1f661abbeb77d4fd768db15f883eb8ef7751818edd3bea39d47cdf98a756b5b2fd16e35c76da65a0e59110b17c
SSDEEP

12288:FxgCMMcBsY3DYl5rDRh5ujveBxJ/JHJu6rBr6p3bVHHX3QHEoSuJF48:F5aZTYPrDRhTBr6hJQHTF48

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000400000001e716-2.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
4556	3ce1143e1511cb7d5656882ede0a4692.exe

UPX packed file 21 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4556-5-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-9-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-10-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-8-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-7-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/files/0x000400000001e716-2.dat	upx
behavioral2/memory/4556-11-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-12-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-13-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-14-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-15-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-16-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-17-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-18-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-19-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-20-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-21-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-22-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-23-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-24-0x0000000010000000-0x0000000010043000-memory.dmp	upx
behavioral2/memory/4556-25-0x0000000010000000-0x0000000010043000-memory.dmp	upx

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\system\Skin.dll	3ce1143e1511cb7d5656882ede0a4692.exe
File created	C:\WINDOWS\system\QQ2009.she	3ce1143e1511cb7d5656882ede0a4692.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4556	3ce1143e1511cb7d5656882ede0a4692.exe
4556	3ce1143e1511cb7d5656882ede0a4692.exe
4556	3ce1143e1511cb7d5656882ede0a4692.exe

C:\Users\Admin\AppData\Local\Temp\3ce1143e1511cb7d5656882ede0a4692.exe
"C:\Users\Admin\AppData\Local\Temp\3ce1143e1511cb7d5656882ede0a4692.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\Skin.dll

Filesize
92KB

MD5
126d9ba801fd60698721b5af6e86810e

SHA1
30eabff3799326eedb98a12f5320111158b86828

SHA256
a48f13e8ebb991e09f5e345122028935fefb8246f6be154f37f9e268a726b143

SHA512
7b098d73c8e33270c3948b75451053e6809f88add64b421b103df9c4179ebeed70bcc32cfed49c7e7f8d6388aa795c596e05911554e699a3ec5d6dd3d353a7ed

Download Submit
memory/4556-15-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-10-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-8-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-7-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-9-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-11-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-12-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-13-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-5-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-14-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-18-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-17-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-16-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-19-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-20-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-21-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-22-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-23-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-24-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4556-25-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download