Analysis
-
max time kernel
122s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
02/02/2024, 20:33
Behavioral task
behavioral1
Sample
8a77838fb50ac34647cc50214be992b7.exe
Resource
win7-20231215-en
General
-
Target
8a77838fb50ac34647cc50214be992b7.exe
-
Size
108KB
-
MD5
8a77838fb50ac34647cc50214be992b7
-
SHA1
ae15bdc7baa7b24ebc0e60743b22551418ea3634
-
SHA256
02dd8f94860f4d3fee685d54f6b421ae4e8c28b737cb7d089951703dc21a33d1
-
SHA512
ca586fc2c4ae8dfb9f54230fcb0fdd93b14b2949f081b23ba031128cfc8c58107956e34edd842ae2f6b6ed456803ef97fe40ca13b703e361c6ce1a986851120e
-
SSDEEP
3072:OQqz1OWH1/D1O9t0Ohrx/dbamUakjHiJaQZ8Y:ORBBGmOJx/Ed5jHiJb8Y
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral1/files/0x001000000000b1f5-4.dat acprotect -
Loads dropped DLL 1 IoCs
pid Process 2136 8a77838fb50ac34647cc50214be992b7.exe -
resource yara_rule behavioral1/memory/2136-0-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral1/files/0x001000000000b1f5-4.dat upx behavioral1/memory/2136-6-0x0000000000220000-0x000000000025C000-memory.dmp upx behavioral1/memory/2136-7-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral1/memory/2136-8-0x0000000000220000-0x000000000025C000-memory.dmp upx -
Installs/modifies Browser Helper Object 2 TTPs 1 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBD366B8-952D-496E-99C3-1FF980B539DD} 8a77838fb50ac34647cc50214be992b7.exe -
Modifies registry class 6 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBD366B8-952D-496E-99C3-1FF980B539DD}\InprocServer32 8a77838fb50ac34647cc50214be992b7.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node 8a77838fb50ac34647cc50214be992b7.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID 8a77838fb50ac34647cc50214be992b7.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBD366B8-952D-496E-99C3-1FF980B539DD} 8a77838fb50ac34647cc50214be992b7.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBD366B8-952D-496E-99C3-1FF980B539DD}\InprocServer32\ = "C:\\Windows\\SysWow64\\api-ms-win-core-sysinfo-l1-1-.dll" 8a77838fb50ac34647cc50214be992b7.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBD366B8-952D-496E-99C3-1FF980B539DD}\InprocServer32\ThreadingModel = "apartment" 8a77838fb50ac34647cc50214be992b7.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2136 8a77838fb50ac34647cc50214be992b7.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
86KB
MD526bab8b8883f48d28b3d40733c83e3ea
SHA18ad36033dab14696119ef33bf65f179711811092
SHA256dd9c693097dd387f7eaf69f95700361d59f65b8bf7a2c91eff22f35dd33c1868
SHA512b04b6466a0d30b34d695425fce4f5fb8625eb1fd937bd197ff9d920ae79ea7146559c62aaeea572c4dd630cd7ce60d21984fd4a4cb9c53598635e1b6e655b721