12ed3a9c702063e5caaeda763ac4b06a0f03b409d6f7795599ef954a84e1002e

General

Target

9ab236bc174a73778cf3d87ba6574d1d.exe
Size

1.8MB
MD5

9ab236bc174a73778cf3d87ba6574d1d
SHA1

c4a48c8bae5694a73d7b9bc4f498c7b210d6d819
SHA256

12ed3a9c702063e5caaeda763ac4b06a0f03b409d6f7795599ef954a84e1002e
SHA512

ce780d009ea2125d8f324a1b13fe1fc7d534da127444ecdaf26f5ba45389f33d3353aea3f364e7e9c754feefb334b168c7a1cda0168e1a73d3034c8d0ee908fc
SSDEEP

49152:LqIVuRTTJ6fFmhMMMMMMMMMMMMMMMMMMFMW5lNTmLsQHCBRes:LsUfFQMMMMMMMMMMMMMMMMMMFMclNyg1

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x003000000001272b-9.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
1632	9ab236bc174a73778cf3d87ba6574d1d.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x003000000001272b-9.dat	upx
behavioral1/memory/1632-11-0x0000000003D60000-0x0000000003DBB000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	9ab236bc174a73778cf3d87ba6574d1d.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1632	9ab236bc174a73778cf3d87ba6574d1d.exe
1632	9ab236bc174a73778cf3d87ba6574d1d.exe
1632	9ab236bc174a73778cf3d87ba6574d1d.exe

C:\Users\Admin\AppData\Local\Temp\9ab236bc174a73778cf3d87ba6574d1d.exe
"C:\Users\Admin\AppData\Local\Temp\9ab236bc174a73778cf3d87ba6574d1d.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~zm_{DC1682CD-AA93-4525-9B30-F414D0E51BE6}\css\style.css

Filesize
2KB

MD5
a1df77479ce756da1471b637d02fa6c8

SHA1
60fdcd324f6f0bce932e1a7a5940a869ec7cf181

SHA256
175e5f8ea54c5be289ddd15cc7a05fc250966ed4ea8e367e493f67485728c8c7

SHA512
62a91224437cdc6e1beeb714c6c168cc05f765d2c22237e4470aa3e225b3c00459935410751b12c8575bdb873e4d5830119fe66574cc5d6f5be65344405ff8d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{DC1682CD-AA93-4525-9B30-F414D0E51BE6}\images\bg.gif

Filesize
57B

MD5
bf5b5ecb55075be619a4f362b33f4ec3

SHA1
f9982e43e86a3ad006ab93dc76a9cd9d6eb5a6db

SHA256
a05ba99a9f30e5b0fafd771456b3fba35ab8a9da76169b66ec0ed2da8cb6b264

SHA512
fbef514ac129ca4f6f1245a74e2bb478f66a12422d705612440cc72b2cba628fec7232574febbdc612f55fb5cf74f94823aa7b898e8504a35aeeee5edcb5770d

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{DC1682CD-AA93-4525-9B30-F414D0E51BE6}\images\logo.jpg

Filesize
81KB

MD5
e26e15fd410cbc6dd91bc243956c9846

SHA1
7ddcc0d23856fb9b3fafc2538e50a49edf52af01

SHA256
40542e6dbffaf2b996eb4154d93f14d21546b3995bbc246dbe22cc9f85804d28

SHA512
a1e2133a876ff47faa56139d26b5b2006fd7576f1d178996eff1d9c52bd2f961e10dc9ae63ac5f640db4b12980ade9211e7ecf836d684abcf64b0ec6e1be2a7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{DC1682CD-AA93-4525-9B30-F414D0E51BE6}\page.html

Filesize
1KB

MD5
ec60cbb4da421db5f7fdfcb9fdb0aeb9

SHA1
2c00748dfc8362a86e753472246f898f49574b37

SHA256
45a98ea184110061447a02fc50d4a8c5c13b48b58dbfb56fbaab77cec75d0a7a

SHA512
325743a83c3b06d6100f53afa574a94927f6c36ff1c00e78cbd98468257f092cd22db4709714b9e8e518da847298fba369503727612eeb737f72277817f759a9

Download Submit
\Users\Admin\AppData\Local\Temp\{0D2B0634-3FED-4B3B-A5A7-A6AD23C07126}.dll

Filesize
120KB

MD5
c9f333d1ff898672a34805f94a265329

SHA1
2deaac66698fb2e9b3868d23034c3211c508b739

SHA256
07e546811635574c77edfda126b0e5f5292b4ea13f35158eddedcfc3cbf74b6b

SHA512
048c71e48e2def0bfc69ebfb69b834d650a9377082782333f50728fdfd6675df8093d0c87e606022e55d09f81549d4ca3b640bcdd33b9ddc9aace03ee1466add

Download Submit
memory/1632-4-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/1632-5-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1632-11-0x0000000003D60000-0x0000000003DBB000-memory.dmp

Filesize
364KB

Download
memory/1632-1-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/1632-3-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/1632-2-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1632-0-0x0000000000560000-0x0000000000646000-memory.dmp

Filesize
920KB

Download
memory/1632-92-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/1632-93-0x0000000000560000-0x0000000000646000-memory.dmp

Filesize
920KB

Download
memory/1632-95-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1632-96-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1632-97-0x0000000003D60000-0x0000000003DBB000-memory.dmp

Filesize
364KB

Download

Analysis

Sharing