33ae674ccfa5116ce99906fd28d09ccc29d4fa1855f6f74fbcdee43b7ac57364

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 01:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a663b15f5f3967b10bddcd7588a00b3.exe
Size

11.3MB
MD5

5a663b15f5f3967b10bddcd7588a00b3
SHA1

7e8382654d243a0295721544d47563bd24407ba3
SHA256

33ae674ccfa5116ce99906fd28d09ccc29d4fa1855f6f74fbcdee43b7ac57364
SHA512

4ce2f628d1484228552694867c872833a5ce3982b055f225ab4636ee960318193d283aa2118584b37925faf4d775cfe2496146284be15a2976df02fd3fe8431e
SSDEEP

196608:cZNFljw+RP8NrbVK+c8LCqNGBKhwg2qTcNxxslIbRe5S5:cZNg+R8Nrb48COGBo2p6GeI

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x00070000000231d0-92.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp

Loads dropped DLL 5 IoCs

pid	Process
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00070000000231d0-92.dat	upx
behavioral2/memory/3924-95-0x0000000008890000-0x00000000088C1000-memory.dmp	upx
behavioral2/memory/3924-136-0x0000000008890000-0x00000000088C1000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4500	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4500	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp
3924	5a663b15f5f3967b10bddcd7588a00b3.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3688 wrote to memory of 3924	3688	5a663b15f5f3967b10bddcd7588a00b3.exe	86
PID 3688 wrote to memory of 3924	3688	5a663b15f5f3967b10bddcd7588a00b3.exe	86
PID 3688 wrote to memory of 3924	3688	5a663b15f5f3967b10bddcd7588a00b3.exe	86

C:\Users\Admin\AppData\Local\Temp\5a663b15f5f3967b10bddcd7588a00b3.exe
"C:\Users\Admin\AppData\Local\Temp\5a663b15f5f3967b10bddcd7588a00b3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3688
- C:\Users\Admin\AppData\Local\Temp\is-J5FDC.tmp\5a663b15f5f3967b10bddcd7588a00b3.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-J5FDC.tmp\5a663b15f5f3967b10bddcd7588a00b3.tmp" /SL5="$6011E,10598489,891904,C:\Users\Admin\AppData\Local\Temp\5a663b15f5f3967b10bddcd7588a00b3.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3924

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x7c 0x420
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-J3AKB.tmp\BASS.dll

Filesize
126KB

MD5
933073a16f5136279dc6aa8d7870f63e

SHA1
44963b41137642330f5286892cbaae4373748bb6

SHA256
860e073f19bad7177ee2afed0a6c1a575eaffb446d1afe30e4f86e25b883fe56

SHA512
9276f0b28b518f4f492b39601333fa871d3005ee5f0efba97af782f024ba4d16e038257336b3774d376b8acc43ee8a2ce17cf4bda0141679729f3148899204f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3AKB.tmp\Settings.ini

Filesize
6KB

MD5
b87b6b7161373983206029baf0634f5d

SHA1
1ef464f8dabe32f8c4e63ca7de3cafb44e5737bd

SHA256
7b045df5b72cb8ba36083b221e3e7f8c7d12407319c9ef36a5a318bb4b746076

SHA512
e4d1f9f9536fd5d849eb48dc6d994d0df58265228c89514f3d4e4d5b619139bde89f307bf5f8567bc7685c83ecf05a36cc7231a845fb3c813783b94863cbb867

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3AKB.tmp\SplashNew.gif

Filesize
2.4MB

MD5
88905cc2e04013d7b68c50f1ddbf98af

SHA1
cfab92dc093ffc07e05fa6c2a62e41415d10e816

SHA256
f9b8d81302222d0af4e91e290519de28112ffaa36174094f64dceaa5098a8874

SHA512
1c5a20e1f780de0bc8b188c086fe753cfdc25c53e5bd4c38c0b809409df07c08b9e6cf00dee024247a57a8bcb31cd3ad2cc5f8396a4000f1303c4b0b471dfafc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3AKB.tmp\VclStylesInno.dll

Filesize
2.1MB

MD5
b9354ae39570caa81b778c4fc69ff889

SHA1
5fae4c09a3c6d3e8e028e5571b90852ff2f75200

SHA256
809fcf88b3fd3f6f6d558ab3b703c0922e88d1775cc46027fe534030a88565f0

SHA512
4737f21885c0e4cf38fa4e1b5429b7035362146fb23d6144af3adc49c395549b76f9f07b5f8f074ebbe110aa0529cc11b13400ce8127aa5f948c0fe91cf1f756

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3AKB.tmp\VclStylesInno.dll

Filesize
1.4MB

MD5
ea6a79a29d64db1049aef8cb7a0bbf87

SHA1
6e609e3a3b09a7462f7dbcc632e851a3442ba958

SHA256
3353c603ca1d076a263ec95599c088d452762640f7581683c50c56a3ad56c110

SHA512
78f339d09e8b3fbff4011a18f22c80c60e2d44d8c382c6d6b05b59118e17a77877120e4a319cbada6420f840d45bd473930a71d1f196237975e2590b8b2f95cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J3AKB.tmp\isgsg.dll

Filesize
34KB

MD5
09974eaff6defadde38b1328754dbe09

SHA1
001cfb5514444188e455b97acc369f037079ca9d

SHA256
9eeef28d82fc4db7d1269dfbc0ea282768ce5e2e4e4bdc867d80d6847468dca7

SHA512
da29b01ebebb454c004420c6b29bb8dca9fb50554a7a5db30035a5ec458d766049bf5502f708bf7eb210a4f9cbdb308cc0c8dcdad9f745b01a9e4f1455bbc846

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J5FDC.tmp\5a663b15f5f3967b10bddcd7588a00b3.tmp

Filesize
2.6MB

MD5
530ea60c44c9c25b06bbf69a5a2cad28

SHA1
216c3aa66e621eb7001675fd0c2a4d5a70afb659

SHA256
02319057240ae5835cea2b2233ca113758dc573ee4a360a3f29c295538c2cb0f

SHA512
6af5a8a03ab69a818641da3141b579694e6cfa4394cc0e41239fb8e641a622b48849f25af1166e939498b3150ad7964ae7537870cecb9ccac813909f0a4e4978

Download Submit
memory/3688-0-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/3688-104-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/3924-37-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-52-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-20-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/3924-21-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-22-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-23-0x0000000003740000-0x0000000003741000-memory.dmp

Filesize
4KB

Download
memory/3924-24-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-27-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-26-0x0000000003750000-0x0000000003751000-memory.dmp

Filesize
4KB

Download
memory/3924-28-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-25-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-30-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-31-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-32-0x0000000003770000-0x0000000003771000-memory.dmp

Filesize
4KB

Download
memory/3924-33-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-34-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-29-0x0000000003760000-0x0000000003761000-memory.dmp

Filesize
4KB

Download
memory/3924-35-0x0000000003780000-0x0000000003781000-memory.dmp

Filesize
4KB

Download
memory/3924-36-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-38-0x0000000005DA0000-0x0000000005DA1000-memory.dmp

Filesize
4KB

Download
memory/3924-39-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-40-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-41-0x0000000005DB0000-0x0000000005DB1000-memory.dmp

Filesize
4KB

Download
memory/3924-42-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-43-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-46-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-45-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-47-0x0000000005DD0000-0x0000000005DD1000-memory.dmp

Filesize
4KB

Download
memory/3924-44-0x0000000005DC0000-0x0000000005DC1000-memory.dmp

Filesize
4KB

Download
memory/3924-18-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-48-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-49-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-51-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-50-0x0000000005DE0000-0x0000000005DE1000-memory.dmp

Filesize
4KB

Download
memory/3924-54-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-19-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-53-0x0000000005DF0000-0x0000000005DF1000-memory.dmp

Filesize
4KB

Download
memory/3924-55-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-56-0x0000000005E00000-0x0000000005E01000-memory.dmp

Filesize
4KB

Download
memory/3924-57-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-58-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-59-0x0000000005E10000-0x0000000005E11000-memory.dmp

Filesize
4KB

Download
memory/3924-60-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-61-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-62-0x0000000005E20000-0x0000000005E21000-memory.dmp

Filesize
4KB

Download
memory/3924-63-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-64-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-65-0x0000000005E30000-0x0000000005E31000-memory.dmp

Filesize
4KB

Download
memory/3924-66-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-67-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-68-0x0000000005E40000-0x0000000005E41000-memory.dmp

Filesize
4KB

Download
memory/3924-69-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-70-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-71-0x0000000005E50000-0x0000000005E51000-memory.dmp

Filesize
4KB

Download
memory/3924-72-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-73-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-74-0x0000000005E60000-0x0000000005E61000-memory.dmp

Filesize
4KB

Download
memory/3924-75-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-76-0x00000000035D0000-0x0000000003710000-memory.dmp

Filesize
1.2MB

Download
memory/3924-79-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/3924-88-0x00000000745C0000-0x000000007460B000-memory.dmp

Filesize
300KB

Download
memory/3924-87-0x0000000006170000-0x000000000618C000-memory.dmp

Filesize
112KB

Download
memory/3924-95-0x0000000008890000-0x00000000088C1000-memory.dmp

Filesize
196KB

Download
memory/3924-17-0x0000000003720000-0x0000000003721000-memory.dmp

Filesize
4KB

Download
memory/3924-105-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/3924-15-0x0000000005980000-0x0000000005C9A000-memory.dmp

Filesize
3.1MB

Download
memory/3924-5-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/3924-126-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/3924-131-0x0000000006170000-0x000000000618C000-memory.dmp

Filesize
112KB

Download
memory/3924-136-0x0000000008890000-0x00000000088C1000-memory.dmp

Filesize
196KB

Download