Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
04/03/2024, 23:04
Behavioral task
behavioral1
Sample
b352a4af44b3d6bab8c5314b02c75609.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b352a4af44b3d6bab8c5314b02c75609.exe
Resource
win10v2004-20240226-en
General
-
Target
b352a4af44b3d6bab8c5314b02c75609.exe
-
Size
65KB
-
MD5
b352a4af44b3d6bab8c5314b02c75609
-
SHA1
3dedfae4fa32f2e8a650eb3e6a543ae76c33baab
-
SHA256
d6f423c9b73dc9e27de8a11629b5e46df6c4fba43f6894d90bf08924c06335ff
-
SHA512
8748a979396de26d977fa0cfc85b9b28551933bd400d058783c8733f820663f83739ff10c52706655b605c85bdfa6e5a82a58bd33bce11d9402a51ad1e69c4ba
-
SSDEEP
768:Ks3dVZ7Ytb8Q0JVZWJe/GUlxBKwf8WQAcTtw1rStD/YGJdHKD9qXLvfohSDnhBO9:KCvZ+o7EA/7jBKWZ11r/tSaSDjG
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral2/files/0x000c000000023131-2.dat acprotect -
Loads dropped DLL 2 IoCs
pid Process 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe -
resource yara_rule behavioral2/files/0x000c000000023131-2.dat upx behavioral2/memory/2592-6-0x00000000005D0000-0x00000000005F2000-memory.dmp upx behavioral2/memory/2592-8-0x00000000005D0000-0x00000000005F2000-memory.dmp upx behavioral2/memory/2592-10-0x00000000005D0000-0x00000000005F2000-memory.dmp upx -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\T1dll.dll b352a4af44b3d6bab8c5314b02c75609.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File opened for modification C:\Program Files\svhost32.exe b352a4af44b3d6bab8c5314b02c75609.exe File created C:\Program Files\svhost32.exe b352a4af44b3d6bab8c5314b02c75609.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2592 b352a4af44b3d6bab8c5314b02c75609.exe 2592 b352a4af44b3d6bab8c5314b02c75609.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b352a4af44b3d6bab8c5314b02c75609.exe"C:\Users\Admin\AppData\Local\Temp\b352a4af44b3d6bab8c5314b02c75609.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2592
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
47KB
MD508a6d43bbc64739bb40f14a422efb024
SHA18ce97b85c23a74c0a93bf8a26b29b8feb4d7f8e8
SHA256f309681d4f4ecf76402de3b8cf4045214728b727510277d7f8816a4e8c5c1249
SHA512990b01a31de32c03fb7d31995d4cfa10534fc86c39e246e0cbb055a0fb7e8e1f540f1560809733d950f41c58ae0ed2c69e82fd42e0c2a575afb1942b868d4087