8a728200fdd188051d0b4c1c7320777ba4f3e89fcaa8d364d69807b87843b04e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 14:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8a728200fdd188051d0b4c1c7320777ba4f3e89fcaa8d364d69807b87843b04e.exe
Size

3.2MB
MD5

12c7596cf2d96f97f6cfb711625534cb
SHA1

de4c5283a121255455369d39e2f40ad36bc50e0f
SHA256

8a728200fdd188051d0b4c1c7320777ba4f3e89fcaa8d364d69807b87843b04e
SHA512

d0e18756501eecb755f436666a379a21b26b027d8e6c19d9cb92e46f10cd4b8e6fc3fa94a10edc0326d8cf2f875348f3041c60810e1a54fd2145ae64562b5795
SSDEEP

49152:83ZNaISGt+SWlt36pwOLzC+fUSogsEJIWLpxsWCsVb6KUpZ+hDg1F2d6VU:uZN5SGt+SWDaJIWLI5SbWf+YFCr

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000400000001e5eb-22.dat	acprotect

Loads dropped DLL 4 IoCs

pid	Process
2764	8a728200fdd188051d0b4c1c7320777ba4f3e89fcaa8d364d69807b87843b04e.exe
2764	8a728200fdd188051d0b4c1c7320777ba4f3e89fcaa8d364d69807b87843b04e.exe
2764	8a728200fdd188051d0b4c1c7320777ba4f3e89fcaa8d364d69807b87843b04e.exe
2764	8a728200fdd188051d0b4c1c7320777ba4f3e89fcaa8d364d69807b87843b04e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000400000001e5eb-22.dat	upx
behavioral2/memory/2764-30-0x0000000002DA0000-0x0000000002F16000-memory.dmp	upx
behavioral2/memory/2764-31-0x0000000002DA0000-0x0000000002F16000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2764	8a728200fdd188051d0b4c1c7320777ba4f3e89fcaa8d364d69807b87843b04e.exe
2764	8a728200fdd188051d0b4c1c7320777ba4f3e89fcaa8d364d69807b87843b04e.exe

C:\Users\Admin\AppData\Local\Temp\8a728200fdd188051d0b4c1c7320777ba4f3e89fcaa8d364d69807b87843b04e.exe
"C:\Users\Admin\AppData\Local\Temp\8a728200fdd188051d0b4c1c7320777ba4f3e89fcaa8d364d69807b87843b04e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\dm.dll

Filesize
804KB

MD5
c578b6820bda5689940560147c6e5ffc

SHA1
922e50d89c9c44bdc205ef17aa57212b64e58852

SHA256
3b6ddc32b800a18b21a819e842cbfdd57cb065fd92cc69545e0ef29b97cfd389

SHA512
9f2a1bb5788ad245242d12968bbf198af2694a87c6e2342f14672e8c14e8489dd3319434592fc9b20f620557d0fa58482903d19c7f5ba32456a1e4076dc1bb85

Download Submit
C:\dmreg.dll

Filesize
52KB

MD5
fdc8b75a37017141831e3421479307be

SHA1
f6a08cc570d5e5bc4218da376ca353d46d62790d

SHA256
2a37ce301490bd4b7c5d02b768b054705fe4620db6ef81061718c1fe89c9f27e

SHA512
d74e2de28523317c928965affa464cef6ba5c4da9ab05d30a79a4d3bbb59284d68331b5735c705cf73e155cf3a42b01ef5cd7219c72c242eed6b711090066537

Download Submit
memory/2764-16-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2764-29-0x0000000010000000-0x0000000010178000-memory.dmp

Filesize
1.5MB

Download
memory/2764-17-0x0000000077142000-0x0000000077143000-memory.dmp

Filesize
4KB

Download
memory/2764-0-0x0000000010000000-0x0000000010178000-memory.dmp

Filesize
1.5MB

Download
memory/2764-18-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/2764-19-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/2764-20-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/2764-21-0x0000000077143000-0x0000000077144000-memory.dmp

Filesize
4KB

Download
memory/2764-11-0x00000000027D0000-0x00000000027DF000-memory.dmp

Filesize
60KB

Download
memory/2764-15-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/2764-30-0x0000000002DA0000-0x0000000002F16000-memory.dmp

Filesize
1.5MB

Download
memory/2764-31-0x0000000002DA0000-0x0000000002F16000-memory.dmp

Filesize
1.5MB

Download
memory/2764-32-0x0000000010000000-0x0000000010178000-memory.dmp

Filesize
1.5MB

Download
memory/2764-36-0x0000000010000000-0x0000000010178000-memory.dmp

Filesize
1.5MB

Download
memory/2764-42-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/2764-44-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/2764-49-0x0000000010000000-0x0000000010178000-memory.dmp

Filesize
1.5MB

Download
memory/2764-50-0x0000000010000000-0x0000000010178000-memory.dmp

Filesize
1.5MB

Download
memory/2764-65-0x0000000010000000-0x0000000010178000-memory.dmp

Filesize
1.5MB

Download
memory/2764-66-0x0000000010000000-0x0000000010178000-memory.dmp

Filesize
1.5MB

Download