Overview

overview

7

Static

static

7

44c585076e...ec.exe

windows7-x64

7

44c585076e...ec.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    130s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/05/2024, 21:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    44c585076e523a229f3a949b65b223a4d080273aa664d0eaa3e553e63a240dec.exe

  • Size

    229KB

  • MD5

    8813393f8a3e4ebb97e0a846367ce1e7

  • SHA1

    fd4db90feccae7daf292644e0839e42534904c9c

  • SHA256

    44c585076e523a229f3a949b65b223a4d080273aa664d0eaa3e553e63a240dec

  • SHA512

    e69af8a53b79c989211197900bd05a1725d6abdfdfb4db7dc6e18ba9d79c28a4456daa62b2cc08de3a438a6d7129ab447de00a9e1a318a244e135635d0eff1f4

  • SSDEEP

    3072:l1Upt1DlS2KyYzDhLrLeBdVw9+TpFLMHb+lXpQK5:CYzdLQa8z0yQQ

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 34 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 3 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\44c585076e523a229f3a949b65b223a4d080273aa664d0eaa3e553e63a240dec.exe
    "C:\Users\Admin\AppData\Local\Temp\44c585076e523a229f3a949b65b223a4d080273aa664d0eaa3e553e63a240dec.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3452
    • F:\$RECYCLE.BIN\spoolsv.exe
      F:\$RECYCLE.BIN\spoolsv.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      PID:3640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\JKVINFZ.dll
    Filesize

    276KB

    MD5

    6e957d87e122cc8c661d98990c338bdf

    SHA1

    620b2ac415d35a78a2fc90f82c4b84c1ec8ec38b

    SHA256

    0d8ac992267263b81c011f3df915cb09a804f38021a659fc00d16648fe903ce2

    SHA512

    0ee81e64b6e0268da0c548cc14596a183ac4d01d30b824a857d401c20ea00a82166eb523d893fd3f676211dac74c42f476930a81e12eb9c68722335a5e2f9ca9

    Download Submit

  • F:\$RECYCLE.BIN\spoolsv.exe
    Filesize

    230KB

    MD5

    ae1fb58fb145ffc5f1a495674c12240e

    SHA1

    2df2937c7ebdcba0462c92762c632268ff3b6835

    SHA256

    422e9d89edf2ab3b6c544314b730f1d07d331efdb7641729348ed632c9c275b7

    SHA512

    cdda03d7febe207ed3387c652713b7d7337e7acb94e90285356a4e24c9d3561b07f6221ef91a0b7c85a41c3737269e1146e5420fc57272c1dd178d33dba82468

    Download Submit

  • memory/3452-0-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/3452-15-0x00000000006D0000-0x00000000006F0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3452-14-0x00000000006D0000-0x00000000006F0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3452-16-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/3640-17-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download