cd975a654558ad211ec25de064f166f25cc27d285d2060729fffe67675a11216

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
11-03-2024 12:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

spxzi.exe
Size

1019KB
MD5

747152780fe61479f7861a5c8da63b9d
SHA1

e0005775d522f721bd5c1e9dfc01ba106d514f9e
SHA256

d4c0c2a172450834448c984fbb134f0ef4b148518a11be44d27947083aa6d0d5
SHA512

f53d657ae54634a24f31ed12afdb30812ff6d8ced617ac3880d596a377c2cc281dab3a7e5b80ed26e3ab2823b259c38d95fd191d9d44f84ccc671a1498a6e411
SSDEEP

24576:x5SNSIjCmAYovM3m8QuNWJBMeFUGeZyCq:xANSIjnpovMRQu44xZZyCq

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0039000000014588-10.dat	acprotect

Loads dropped DLL 3 IoCs

pid	Process
2388	spxzi.exe
2388	spxzi.exe
2388	spxzi.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0039000000014588-10.dat	upx
behavioral1/memory/2388-12-0x0000000001EC0000-0x0000000001F76000-memory.dmp	upx
behavioral1/memory/2388-21-0x0000000001EC0000-0x0000000001F76000-memory.dmp	upx

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\~GLH0001.TMP	spxzi.exe
File opened for modification	C:\Windows\SysWOW64\plpl.dll	spxzi.exe
File opened for modification	C:\Windows\SysWOW64\optplug.ini	spxzi.exe
File created	C:\Windows\SysWOW64\GLBSINST.%$D	spxzi.exe

C:\Users\Admin\AppData\Local\Temp\spxzi.exe
"C:\Users\Admin\AppData\Local\Temp\spxzi.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\optplug.ini

Filesize
40B

MD5
825dfaed252540ac9bbedbb987ac5681

SHA1
636d2f12bd278ca5c54851350236d13f1bfac773

SHA256
ea1aba8cc0c5c9076f04c180c45129302dec13f55bc0b20b7400b27a1dd034ac

SHA512
4c0337ef52645e1c406a0af9cfd06eed962ccfb52ccb63ce4112da938f3cbf9a511a7db5e41393a75a31e65b46fa8a464f9f887871b65bfefb1988788c610354

Download Submit
\Users\Admin\AppData\Local\Temp\GLCD3A.tmp

Filesize
161KB

MD5
315f8d68ff1a414806e7344ac8dd8b6d

SHA1
8fe6719bdf12244e8ef154e36c77ec487dbafeff

SHA256
90b9dfcb65f6e6cd0123f44cbf8310659f4c7ca4488a57d3045f72d55a9771e9

SHA512
95a5efdaf8f620f85838be6eb59768a421059595c1e07dd6680aac3bfd371075f1c9528cb2dceefb333c72ed6821a6e592ca7d16e2923f39212a0e1ffdba296a

Download Submit
\Users\Admin\AppData\Local\Temp\GLKD4B.tmp

Filesize
33KB

MD5
a6601202dda81c941e14dd79878ca61d

SHA1
a436aa8bd1d6b501d30f01c4587fb32d513038f4

SHA256
7906a8f868986edda9f7c4df0d93ed862959b81344a475f452b9e31c1aece464

SHA512
c27d32541f21e0a5aa45939855d4cddfec04ec466a1231d419b29cf07157751bf778ef851868181a0392fbe6ddcabf372b7a2d35519b5b3a2bda21ff7192a5b4

Download Submit
\Windows\SysWOW64\plpl.dll

Filesize
271KB

MD5
8d1b9b39f397bff0167b4004b93dcb0c

SHA1
f87393b8d8075653aeda32e8b8ba2997ba8d5fb1

SHA256
ccc2ac3abf8e53d30c1d03f52c2a65b9810ec71fb616aac780f3226847f56f82

SHA512
c0f99725514e91cd1edd64bc917355b17c2585d38c44855c3a3cd8258914d76ba59cbf5fb651b602fb45a2be5e3daedc56547012a4a5eab081c4a290b06d6ae2

Download Submit
memory/2388-12-0x0000000001EC0000-0x0000000001F76000-memory.dmp

Filesize
728KB

Download
memory/2388-21-0x0000000001EC0000-0x0000000001F76000-memory.dmp

Filesize
728KB

Download