e85e6e7d059f836252984499546bdd6899cdfafc20dac667618514e8b3711cd0

Analysis

max time kernel
140s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 05:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79701c3d2ba063269aa6bef1c4ac3cfd.exe
Size

20KB
MD5

79701c3d2ba063269aa6bef1c4ac3cfd
SHA1

b2c954f109b8bae40eff721e0cb25a5133dac14b
SHA256

e85e6e7d059f836252984499546bdd6899cdfafc20dac667618514e8b3711cd0
SHA512

73b5ab2014bd31b972f3db05e7a7847a0abd4e018529fff5f9c2e8efa802e1daa553d5d67a8d51fccdb376a09f514a7b343fd646ea9a58250dcb1b0e2cf31bf2
SSDEEP

384:MUSGaOciKhq2MHkLOAjH1VmNor6aYLrey005fw3I4SOTCt+ZbWAr1B:MNGUiKU4njVVmNoGlGy3+Y4EtOb3D

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0009000000012270-5.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
2288	79701c3d2ba063269aa6bef1c4ac3cfd.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2288-0-0x0000000000400000-0x0000000000412000-memory.dmp	upx
behavioral1/files/0x0009000000012270-5.dat	upx
behavioral1/memory/2288-7-0x00000000001B0000-0x00000000001BE000-memory.dmp	upx
behavioral1/memory/2288-8-0x0000000000400000-0x0000000000412000-memory.dmp	upx

Checks for any installed AV software in registry 1 TTPs 1 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Eset\Nod\CurrentVersion\Info\	79701c3d2ba063269aa6bef1c4ac3cfd.exe

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\msvcrt.dll	79701c3d2ba063269aa6bef1c4ac3cfd.exe
File created	C:\Program Files (x86)\Common Files\Relive.dll	79701c3d2ba063269aa6bef1c4ac3cfd.exe
File created	C:\Program Files\Internet Explorer\msvcrt.bak	79701c3d2ba063269aa6bef1c4ac3cfd.exe
File opened for modification	C:\Program Files\Internet Explorer\msvcrt.bak	79701c3d2ba063269aa6bef1c4ac3cfd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2288	79701c3d2ba063269aa6bef1c4ac3cfd.exe

C:\Users\Admin\AppData\Local\Temp\79701c3d2ba063269aa6bef1c4ac3cfd.exe
"C:\Users\Admin\AppData\Local\Temp\79701c3d2ba063269aa6bef1c4ac3cfd.exe"
1⤵
- Loads dropped DLL
- Checks for any installed AV software in registry
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1518

Security Software Discovery

T1518.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Program Files\Internet Explorer\msvcrt.dll

Filesize
12KB

MD5
32fcda85c0359436f01d646a439b2985

SHA1
25d72bc751cff7388711e53499bef73dca079638

SHA256
93dcb3fe2eec0673d637044aae72b3a0afc5587a5f7d886dc486b40676e34815

SHA512
2a3b89461dbc24c5cfcfe544e7fe4921ee2f4ccb336d04bd33a82c41bd8f39b8953e148a31cf57401d9dcd8961289f4ec52ce8a3f672944183dbeaf731fd88e3

Download Submit
memory/2288-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2288-7-0x00000000001B0000-0x00000000001BE000-memory.dmp

Filesize
56KB

Download
memory/2288-8-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download