bf1f266ef8a8b7bca53f54a7468a30c92dc6c7183e1ea7ddf2b1ef331bcea5e3

Analysis

max time kernel
1s
max time network
3s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 10:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74788111b9ac631022b5995122a82c07.exe
Size

77KB
MD5

74788111b9ac631022b5995122a82c07
SHA1

d91234025cbdcdd296df6e84b6913cd9ad35c137
SHA256

bf1f266ef8a8b7bca53f54a7468a30c92dc6c7183e1ea7ddf2b1ef331bcea5e3
SHA512

4ea2f8df5eb874a975591d720d7fe9da28500a65ecbd8d0b8551e1a305c97a794f26e6b78c31fc6c494e3edee880b3f3f669a94519e205492db2f2eb2d9e86c3
SSDEEP

1536:hiRgxYx2kzgUnrVWCJ2AZGAjF51L53/iD6WYxpza9JN9E057jC:hSgFKyHAvjFt3/iD6WYyJN9Ev

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000b000000016231-42.dat	acprotect

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c000000012238-3.dat	upx
behavioral1/memory/2780-5-0x0000000000570000-0x000000000057F000-memory.dmp	upx
behavioral1/memory/2724-22-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2780-37-0x0000000002200000-0x000000000222F000-memory.dmp	upx
behavioral1/files/0x000b000000016231-42.dat	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\74788111b9ac631022b5995122a82c07.exe
"C:\Users\Admin\AppData\Local\Temp\74788111b9ac631022b5995122a82c07.exe"
1⤵
PID:2780
- C:\Users\Admin\AppData\Local\Temp\qjgame.Exe
  "C:\Users\Admin\AppData\Local\Temp\qjgame.Exe"
  2⤵
  PID:2724
- C:\Users\Admin\AppData\Local\Temp\wulin9527.exe
  "C:\Users\Admin\AppData\Local\Temp\wulin9527.exe"
  2⤵
  PID:2860
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\OPE68A4.bat" "" "C:\Users\Admin\AppData\Local\Temp" "74788111b9ac631022b5995122a82c07.exe""
  2⤵
  PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\dat68D3.tmp

Filesize
18KB

MD5
04d0b770aba6561c02db176c5b406bec

SHA1
ea3d0b5a83f5bd9b054db90b602ce18c0804bcb9

SHA256
75f95dfc21674d96a4a96e7a5ba0aec5a865a1d48c3dee30ba81b6b1338363be

SHA512
9b500b22839aecb0c0f3dff15fdd49da792a3c65972013e9ed4a59e6b23ae4b47c880a02a61b8d8d9879416928897c28d813f3dc3ba1a3b0c01d5a0aef7b8467

Download Submit
\Users\Admin\AppData\Local\Temp\qjgame.Exe

Filesize
29KB

MD5
1d886304b557168a14590fa1efe5fbae

SHA1
a2205d862e7d70dffa06f7b4310a5a1822a8ee28

SHA256
57f539fa75a7630252fa28f98d278b1e94267f77e5fcc57b608a1274af0df665

SHA512
dcc7cb061a0f76f6c5ea242d7fb6ad585dee2b82cdacd96861328cc7c41dfdea84905c01432566d5f8ecd92e163c1ec4b6648d702c9ea7ed113cf4c84bb36c75

Download Submit
\Users\Admin\AppData\Local\Temp\wulin9527.exe

Filesize
45KB

MD5
bd2fbcceb25d18251712d7f3348d17f5

SHA1
58c26084eb7035fa9abd698e5e5941ca60cca9e0

SHA256
7995c65f8ec35d0e2cee1cc1a7a8365193c54ea8e40e44d744a30f8e3b6c77bb

SHA512
13ed95a8c92ec83b0db3e0a4c7f7fdb8a0e2b8be87f6d4650594f722d6fd61f8d9f817b82d33d36332600df606234f5f522976382d02c7ef6ad5383c56d4d323

Download Submit
memory/2724-22-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2780-0-0x0000000000400000-0x0000000000414C8E-memory.dmp

Filesize
83KB

Download
memory/2780-5-0x0000000000570000-0x000000000057F000-memory.dmp

Filesize
60KB

Download
memory/2780-10-0x0000000000570000-0x000000000057F000-memory.dmp

Filesize
60KB

Download
memory/2780-17-0x0000000002200000-0x000000000220F000-memory.dmp

Filesize
60KB

Download
memory/2780-18-0x0000000002200000-0x000000000220F000-memory.dmp

Filesize
60KB

Download
memory/2780-37-0x0000000002200000-0x000000000222F000-memory.dmp

Filesize
188KB

Download
memory/2860-39-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download