Analysis
-
max time kernel
92s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
02/02/2024, 20:33
Behavioral task
behavioral1
Sample
8a77838fb50ac34647cc50214be992b7.exe
Resource
win7-20231215-en
General
-
Target
8a77838fb50ac34647cc50214be992b7.exe
-
Size
108KB
-
MD5
8a77838fb50ac34647cc50214be992b7
-
SHA1
ae15bdc7baa7b24ebc0e60743b22551418ea3634
-
SHA256
02dd8f94860f4d3fee685d54f6b421ae4e8c28b737cb7d089951703dc21a33d1
-
SHA512
ca586fc2c4ae8dfb9f54230fcb0fdd93b14b2949f081b23ba031128cfc8c58107956e34edd842ae2f6b6ed456803ef97fe40ca13b703e361c6ce1a986851120e
-
SSDEEP
3072:OQqz1OWH1/D1O9t0Ohrx/dbamUakjHiJaQZ8Y:ORBBGmOJx/Ed5jHiJb8Y
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral2/files/0x000600000002324c-6.dat acprotect -
Loads dropped DLL 2 IoCs
pid Process 1388 8a77838fb50ac34647cc50214be992b7.exe 1388 8a77838fb50ac34647cc50214be992b7.exe -
resource yara_rule behavioral2/memory/1388-0-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/1388-1-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/files/0x000600000002324c-6.dat upx behavioral2/memory/1388-7-0x00000000001C0000-0x00000000001FC000-memory.dmp upx behavioral2/memory/1388-10-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral2/memory/1388-11-0x00000000001C0000-0x00000000001FC000-memory.dmp upx -
Installs/modifies Browser Helper Object 2 TTPs 1 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22F799BE-BD97-4B03-9084-2F697D510DA2} 8a77838fb50ac34647cc50214be992b7.exe -
Modifies registry class 6 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22F799BE-BD97-4B03-9084-2F697D510DA2}\InprocServer32 8a77838fb50ac34647cc50214be992b7.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node 8a77838fb50ac34647cc50214be992b7.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID 8a77838fb50ac34647cc50214be992b7.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22F799BE-BD97-4B03-9084-2F697D510DA2} 8a77838fb50ac34647cc50214be992b7.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22F799BE-BD97-4B03-9084-2F697D510DA2}\InprocServer32\ = "C:\\Windows\\SysWow64\\aspnet_counter.dll" 8a77838fb50ac34647cc50214be992b7.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22F799BE-BD97-4B03-9084-2F697D510DA2}\InprocServer32\ThreadingModel = "apartment" 8a77838fb50ac34647cc50214be992b7.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1388 8a77838fb50ac34647cc50214be992b7.exe 1388 8a77838fb50ac34647cc50214be992b7.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
86KB
MD526bab8b8883f48d28b3d40733c83e3ea
SHA18ad36033dab14696119ef33bf65f179711811092
SHA256dd9c693097dd387f7eaf69f95700361d59f65b8bf7a2c91eff22f35dd33c1868
SHA512b04b6466a0d30b34d695425fce4f5fb8625eb1fd937bd197ff9d920ae79ea7146559c62aaeea572c4dd630cd7ce60d21984fd4a4cb9c53598635e1b6e655b721