69f9bf5ca6d8c5d1130d9e897f51b475c47eb92b82f2359073cf4f52c5fb274c

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c12d01953275004203f31ec44698db15.exe
Size

33KB
MD5

c12d01953275004203f31ec44698db15
SHA1

67fd1c7a938d7b6201d385e7580e009a832a5d65
SHA256

69f9bf5ca6d8c5d1130d9e897f51b475c47eb92b82f2359073cf4f52c5fb274c
SHA512

a8994f796e7438fd243ed110a458ee7bce48b3b680ae519ddd78e4ba1bea78b62b4282e204943e7405201a2fa89c1593d94196813a00d3d6b7c02aff04a7208e
SSDEEP

768:PzU94x/KNyByRVT2DHd9z3jUhHwzZQJ0OtUN6:PjpKBRVT2DrfE84UN6

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000b00000001224d-1.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
1732	c12d01953275004203f31ec44698db15.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b00000001224d-1.dat	upx
behavioral1/memory/1732-3-0x0000000000330000-0x0000000000342000-memory.dmp	upx

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\explorer.exe	c12d01953275004203f31ec44698db15.exe
File created	C:\Windows\SysWOW64\htdll.dll	c12d01953275004203f31ec44698db15.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1732	c12d01953275004203f31ec44698db15.exe
1732	c12d01953275004203f31ec44698db15.exe

C:\Users\Admin\AppData\Local\Temp\c12d01953275004203f31ec44698db15.exe
"C:\Users\Admin\AppData\Local\Temp\c12d01953275004203f31ec44698db15.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\htdll.dll

Filesize
22KB

MD5
a53e65e9c4f2d4589b98f0171cc9a49f

SHA1
a651eb58be22851de62a710a587a14edf6411519

SHA256
f485e9f28889773d5147d51c4daa2a1ace1855c655e8cc3ddddf36dc21729049

SHA512
cafa35f5265ec1cdfe39bcef5c852230d3d47cb10da0dcc32f15222fc7c8f33c6846c2e211ce59f31a6f8434ee7863fef2892d86daef413d660e98e6ff007e47

Download Submit
memory/1732-3-0x0000000000330000-0x0000000000342000-memory.dmp

Filesize
72KB

Download
memory/1732-4-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download