Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
21-03-2024 13:00
Behavioral task
behavioral1
Sample
dbaf5477845f5e09496652ded5a9ae4e.exe
Resource
win7-20240221-en
General
-
Target
dbaf5477845f5e09496652ded5a9ae4e.exe
-
Size
114KB
-
MD5
dbaf5477845f5e09496652ded5a9ae4e
-
SHA1
07652486aedb743ae430bb2dff540c9782b75a51
-
SHA256
908d5c9e21a671e4a95bf7b74ec937e4e9c7ab3a7ce5f249607d0cac710af92e
-
SHA512
38e5e66bce8aad3260c2def9584cc92b3c06ec8179c1545f570dae342792908a2df5d7d308e64605e06b965df05990b153dfd73a06b0fb896d02a178c34bd593
-
SSDEEP
3072:yXkN3aQP/tSNxslFhUhBrNutZPYEYhziC0Bo4:ZttSAP+LN4FihuB
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral2/files/0x000d000000023156-2.dat acprotect -
Loads dropped DLL 2 IoCs
pid Process 1748 dbaf5477845f5e09496652ded5a9ae4e.exe 1748 dbaf5477845f5e09496652ded5a9ae4e.exe -
resource yara_rule behavioral2/memory/1748-0-0x0000000000400000-0x0000000000426000-memory.dmp upx behavioral2/files/0x000d000000023156-2.dat upx behavioral2/memory/1748-3-0x0000000004080000-0x00000000040BF000-memory.dmp upx behavioral2/memory/1748-4-0x0000000004080000-0x00000000040BF000-memory.dmp upx behavioral2/memory/1748-5-0x0000000000400000-0x0000000000426000-memory.dmp upx behavioral2/memory/1748-6-0x0000000004080000-0x00000000040BF000-memory.dmp upx -
Installs/modifies Browser Helper Object 2 TTPs 1 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31C5D4A4-5234-4334-B8F7-FBCB8FD2D35D} dbaf5477845f5e09496652ded5a9ae4e.exe -
Modifies registry class 6 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{31C5D4A4-5234-4334-B8F7-FBCB8FD2D35D}\InprocServer32\ = "C:\\Windows\\SysWow64\\AcGenra.dll" dbaf5477845f5e09496652ded5a9ae4e.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{31C5D4A4-5234-4334-B8F7-FBCB8FD2D35D}\InprocServer32\ThreadingModel = "apartment" dbaf5477845f5e09496652ded5a9ae4e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{31C5D4A4-5234-4334-B8F7-FBCB8FD2D35D}\InprocServer32 dbaf5477845f5e09496652ded5a9ae4e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node dbaf5477845f5e09496652ded5a9ae4e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID dbaf5477845f5e09496652ded5a9ae4e.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{31C5D4A4-5234-4334-B8F7-FBCB8FD2D35D} dbaf5477845f5e09496652ded5a9ae4e.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1748 dbaf5477845f5e09496652ded5a9ae4e.exe 1748 dbaf5477845f5e09496652ded5a9ae4e.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
91KB
MD52af40671de2999da575810b5394cd66e
SHA1590c14706f1b4885a7b73d179f3a3ac68d05adfd
SHA2561f4d8a5fe1ad926dd1d21974453abd490a11dcc6f82d0a762c788d8dc413da72
SHA51261a20a26f8139e143c03d5e10a6115b9eda2234baf54532e4683813634d98c69789d14a72343e4406d628ed2169e4c61f07a063eade260f892de27e7b44b993b