33ae674ccfa5116ce99906fd28d09ccc29d4fa1855f6f74fbcdee43b7ac57364

Analysis

max time kernel
131s
max time network
131s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 01:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a663b15f5f3967b10bddcd7588a00b3.exe
Size

11.3MB
MD5

5a663b15f5f3967b10bddcd7588a00b3
SHA1

7e8382654d243a0295721544d47563bd24407ba3
SHA256

33ae674ccfa5116ce99906fd28d09ccc29d4fa1855f6f74fbcdee43b7ac57364
SHA512

4ce2f628d1484228552694867c872833a5ce3982b055f225ab4636ee960318193d283aa2118584b37925faf4d775cfe2496146284be15a2976df02fd3fe8431e
SSDEEP

196608:cZNFljw+RP8NrbVK+c8LCqNGBKhwg2qTcNxxslIbRe5S5:cZNg+R8Nrb48COGBo2p6GeI

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000a000000018b4d-94.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp

Loads dropped DLL 4 IoCs

pid	Process
2908	5a663b15f5f3967b10bddcd7588a00b3.exe
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a000000018b4d-94.dat	upx
behavioral1/memory/2592-102-0x00000000068A0000-0x00000000068D1000-memory.dmp	upx
behavioral1/memory/2592-106-0x00000000068A0000-0x00000000068D1000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp
2592	5a663b15f5f3967b10bddcd7588a00b3.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2592	2908	5a663b15f5f3967b10bddcd7588a00b3.exe	28
PID 2908 wrote to memory of 2592	2908	5a663b15f5f3967b10bddcd7588a00b3.exe	28
PID 2908 wrote to memory of 2592	2908	5a663b15f5f3967b10bddcd7588a00b3.exe	28
PID 2908 wrote to memory of 2592	2908	5a663b15f5f3967b10bddcd7588a00b3.exe	28
PID 2908 wrote to memory of 2592	2908	5a663b15f5f3967b10bddcd7588a00b3.exe	28
PID 2908 wrote to memory of 2592	2908	5a663b15f5f3967b10bddcd7588a00b3.exe	28
PID 2908 wrote to memory of 2592	2908	5a663b15f5f3967b10bddcd7588a00b3.exe	28

C:\Users\Admin\AppData\Local\Temp\5a663b15f5f3967b10bddcd7588a00b3.exe
"C:\Users\Admin\AppData\Local\Temp\5a663b15f5f3967b10bddcd7588a00b3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Users\Admin\AppData\Local\Temp\is-IVRK5.tmp\5a663b15f5f3967b10bddcd7588a00b3.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-IVRK5.tmp\5a663b15f5f3967b10bddcd7588a00b3.tmp" /SL5="$70120,10598489,891904,C:\Users\Admin\AppData\Local\Temp\5a663b15f5f3967b10bddcd7588a00b3.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-6UJT3.tmp\Settings.ini

Filesize
6KB

MD5
b87b6b7161373983206029baf0634f5d

SHA1
1ef464f8dabe32f8c4e63ca7de3cafb44e5737bd

SHA256
7b045df5b72cb8ba36083b221e3e7f8c7d12407319c9ef36a5a318bb4b746076

SHA512
e4d1f9f9536fd5d849eb48dc6d994d0df58265228c89514f3d4e4d5b619139bde89f307bf5f8567bc7685c83ecf05a36cc7231a845fb3c813783b94863cbb867

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6UJT3.tmp\SplashNew.gif

Filesize
2.4MB

MD5
88905cc2e04013d7b68c50f1ddbf98af

SHA1
cfab92dc093ffc07e05fa6c2a62e41415d10e816

SHA256
f9b8d81302222d0af4e91e290519de28112ffaa36174094f64dceaa5098a8874

SHA512
1c5a20e1f780de0bc8b188c086fe753cfdc25c53e5bd4c38c0b809409df07c08b9e6cf00dee024247a57a8bcb31cd3ad2cc5f8396a4000f1303c4b0b471dfafc

Download Submit
\Users\Admin\AppData\Local\Temp\is-6UJT3.tmp\BASS.dll

Filesize
126KB

MD5
933073a16f5136279dc6aa8d7870f63e

SHA1
44963b41137642330f5286892cbaae4373748bb6

SHA256
860e073f19bad7177ee2afed0a6c1a575eaffb446d1afe30e4f86e25b883fe56

SHA512
9276f0b28b518f4f492b39601333fa871d3005ee5f0efba97af782f024ba4d16e038257336b3774d376b8acc43ee8a2ce17cf4bda0141679729f3148899204f2

Download Submit
\Users\Admin\AppData\Local\Temp\is-6UJT3.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
\Users\Admin\AppData\Local\Temp\is-6UJT3.tmp\isgsg.dll

Filesize
34KB

MD5
09974eaff6defadde38b1328754dbe09

SHA1
001cfb5514444188e455b97acc369f037079ca9d

SHA256
9eeef28d82fc4db7d1269dfbc0ea282768ce5e2e4e4bdc867d80d6847468dca7

SHA512
da29b01ebebb454c004420c6b29bb8dca9fb50554a7a5db30035a5ec458d766049bf5502f708bf7eb210a4f9cbdb308cc0c8dcdad9f745b01a9e4f1455bbc846

Download Submit
\Users\Admin\AppData\Local\Temp\is-IVRK5.tmp\5a663b15f5f3967b10bddcd7588a00b3.tmp

Filesize
2.6MB

MD5
530ea60c44c9c25b06bbf69a5a2cad28

SHA1
216c3aa66e621eb7001675fd0c2a4d5a70afb659

SHA256
02319057240ae5835cea2b2233ca113758dc573ee4a360a3f29c295538c2cb0f

SHA512
6af5a8a03ab69a818641da3141b579694e6cfa4394cc0e41239fb8e641a622b48849f25af1166e939498b3150ad7964ae7537870cecb9ccac813909f0a4e4978

Download Submit
memory/2592-50-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-19-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-20-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-21-0x0000000003210000-0x0000000003211000-memory.dmp

Filesize
4KB

Download
memory/2592-22-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-23-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-24-0x0000000003220000-0x0000000003221000-memory.dmp

Filesize
4KB

Download
memory/2592-25-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-26-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-27-0x0000000003230000-0x0000000003231000-memory.dmp

Filesize
4KB

Download
memory/2592-28-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-29-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-30-0x0000000003240000-0x0000000003241000-memory.dmp

Filesize
4KB

Download
memory/2592-31-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-32-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-33-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/2592-34-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-35-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-36-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2592-37-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-38-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-39-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2592-41-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-40-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-43-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-45-0x00000000058F0000-0x00000000058F1000-memory.dmp

Filesize
4KB

Download
memory/2592-44-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-46-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-47-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-48-0x0000000005900000-0x0000000005901000-memory.dmp

Filesize
4KB

Download
memory/2592-49-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-51-0x0000000005910000-0x0000000005911000-memory.dmp

Filesize
4KB

Download
memory/2592-53-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-52-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-18-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/2592-42-0x00000000058E0000-0x00000000058E1000-memory.dmp

Filesize
4KB

Download
memory/2592-67-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-56-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-55-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-57-0x0000000005930000-0x0000000005931000-memory.dmp

Filesize
4KB

Download
memory/2592-58-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-59-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-61-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-62-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-60-0x0000000005940000-0x0000000005941000-memory.dmp

Filesize
4KB

Download
memory/2592-65-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-64-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-66-0x0000000005960000-0x0000000005961000-memory.dmp

Filesize
4KB

Download
memory/2592-63-0x0000000005950000-0x0000000005951000-memory.dmp

Filesize
4KB

Download
memory/2592-54-0x0000000005920000-0x0000000005921000-memory.dmp

Filesize
4KB

Download
memory/2592-68-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-71-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-70-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-69-0x0000000005970000-0x0000000005971000-memory.dmp

Filesize
4KB

Download
memory/2592-72-0x0000000005980000-0x0000000005981000-memory.dmp

Filesize
4KB

Download
memory/2592-73-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-74-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-75-0x0000000005990000-0x0000000005991000-memory.dmp

Filesize
4KB

Download
memory/2592-77-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-76-0x0000000003260000-0x00000000033A0000-memory.dmp

Filesize
1.2MB

Download
memory/2592-80-0x00000000031E0000-0x00000000031E1000-memory.dmp

Filesize
4KB

Download
memory/2592-90-0x0000000005DE0000-0x0000000005DFC000-memory.dmp

Filesize
112KB

Download
memory/2592-88-0x0000000074960000-0x00000000749AB000-memory.dmp

Filesize
300KB

Download
memory/2592-102-0x00000000068A0000-0x00000000068D1000-memory.dmp

Filesize
196KB

Download
memory/2592-104-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2592-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2592-105-0x00000000031E0000-0x00000000031E1000-memory.dmp

Filesize
4KB

Download
memory/2592-106-0x00000000068A0000-0x00000000068D1000-memory.dmp

Filesize
196KB

Download
memory/2592-16-0x00000000055C0000-0x00000000058DA000-memory.dmp

Filesize
3.1MB

Download
memory/2908-1-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/2908-103-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download