Overview

overview

7

Static

static

3

57f8314c34...64.exe

windows7-x64

7

57f8314c34...64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/01/2024, 04:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    57f8314c343d518ae20cb6c0040be064.exe

  • Size

    71KB

  • MD5

    57f8314c343d518ae20cb6c0040be064

  • SHA1

    53da0150bf2ba2906cb16c761c13c00d1aa7b61c

  • SHA256

    7eccb8371514732092b5663f877824277c25907e62632eff7c3c2c91d1a22fd4

  • SHA512

    b6ced52b505c950d2999c83127a631c7727227f018a9fd0bceedf780e75f3f9edfa702c1d7c3f3befd1859c852a729df93651ed4f8909df846989bc031a3261e

  • SSDEEP

    1536:yY2LyL+wrofpaE8TQus/8xgswAD8bG9szOQlH:yYvywEfpkpKswoE/llH

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\57f8314c343d518ae20cb6c0040be064.exe
    "C:\Users\Admin\AppData\Local\Temp\57f8314c343d518ae20cb6c0040be064.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notdir88x1dll.dll
    Filesize

    54KB

    MD5

    d56e8e9be4553a343436109761a147de

    SHA1

    aebd09116966786cd4d5cf82a78d375737c6a2a3

    SHA256

    222b05f5833e93923f2b78d86a18f75b6c43d40e119819bb5a4e133c2b0ad079

    SHA512

    3d8c15d75611353cd11b834ab3c7da82372d83a8d190fd1d865efce0a1fde3d7c4e6bd7343453cdbb61cef15e40f75cb096f0f4a1b35b2bdfed5933225ac28e6

    Download Submit

  • memory/664-0-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/664-1-0x0000000000600000-0x0000000000601000-memory.dmp

    Filesize

    4KB

    Download

  • memory/664-9-0x0000000002F60000-0x0000000002F87000-memory.dmp

    Filesize

    156KB

    Download

  • memory/664-10-0x0000000002F60000-0x0000000002F87000-memory.dmp

    Filesize

    156KB

    Download

  • memory/664-13-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/664-14-0x0000000000600000-0x0000000000601000-memory.dmp

    Filesize

    4KB

    Download

  • memory/664-25-0x0000000002F60000-0x0000000002F87000-memory.dmp

    Filesize

    156KB

    Download