42b98730f500887d90c1cc67ba7aa48ec1e2e766e8bf1e8722c7fb413a78ba59

General

Target

42b98730f500887d90c1cc67ba7aa48ec1e2e766e8bf1e8722c7fb413a78ba59.exe
Size

10.5MB
MD5

f9a29153cf6076a51af0c9a7010cb5ef
SHA1

ed4f80338bb8c791bb8c564e9150f5abbabef3be
SHA256

42b98730f500887d90c1cc67ba7aa48ec1e2e766e8bf1e8722c7fb413a78ba59
SHA512

f2afe7213d743483cc1efc4bafb9b80a6642c7bf808a32a80ea9a8e358cdffed4401848dd91fb96e4a1ffe3d3d8d98df12b6bcf222fe296b3e299ecc069f20b0
SSDEEP

196608:cdb1jdnJliBrgU6LT5eMRwwRUnprfiLCMeOPAMp7RFCy8:QJhqrfcT0MRwwRUprfXLOoQ7RFY

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000b00000001472f-50.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
2868	42b98730f500887d90c1cc67ba7aa48ec1e2e766e8bf1e8722c7fb413a78ba59.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b00000001472f-50.dat	upx
behavioral1/memory/2868-58-0x0000000072F50000-0x0000000072F89000-memory.dmp	upx
behavioral1/memory/2868-68-0x0000000072F50000-0x0000000072F89000-memory.dmp	upx
behavioral1/memory/2868-69-0x0000000072F50000-0x0000000072F89000-memory.dmp	upx
behavioral1/memory/2868-74-0x0000000072F50000-0x0000000072F89000-memory.dmp	upx
behavioral1/memory/2868-75-0x0000000072F50000-0x0000000072F89000-memory.dmp	upx
behavioral1/memory/2868-77-0x0000000072F50000-0x0000000072F89000-memory.dmp	upx
behavioral1/memory/2868-80-0x0000000072F50000-0x0000000072F89000-memory.dmp	upx
behavioral1/memory/2868-85-0x0000000072F50000-0x0000000072F89000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	42b98730f500887d90c1cc67ba7aa48ec1e2e766e8bf1e8722c7fb413a78ba59.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2868	42b98730f500887d90c1cc67ba7aa48ec1e2e766e8bf1e8722c7fb413a78ba59.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2868	42b98730f500887d90c1cc67ba7aa48ec1e2e766e8bf1e8722c7fb413a78ba59.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2868	42b98730f500887d90c1cc67ba7aa48ec1e2e766e8bf1e8722c7fb413a78ba59.exe
2868	42b98730f500887d90c1cc67ba7aa48ec1e2e766e8bf1e8722c7fb413a78ba59.exe
2868	42b98730f500887d90c1cc67ba7aa48ec1e2e766e8bf1e8722c7fb413a78ba59.exe
2868	42b98730f500887d90c1cc67ba7aa48ec1e2e766e8bf1e8722c7fb413a78ba59.exe

C:\Users\Admin\AppData\Local\Temp\42b98730f500887d90c1cc67ba7aa48ec1e2e766e8bf1e8722c7fb413a78ba59.exe
"C:\Users\Admin\AppData\Local\Temp\42b98730f500887d90c1cc67ba7aa48ec1e2e766e8bf1e8722c7fb413a78ba59.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Mu.mu

Filesize
13KB

MD5
be702be6be99ad2203d50516014e5cd9

SHA1
b4842827e5bc9de24e74d5b08afa0675df570dba

SHA256
02bb80610621625b0c420a9fc8ba32efeef4b859b327aaa0dfb62da38abbf41c

SHA512
79cfb96a73ec2b8341c59580f7ecd5db53b5023e41acad47e6e8bd8350532d1c4dcb04c1e62bbf3bd149b1779ed904b271bb1b9fb23c6fed1752ade43239f9a8

Download Submit
\Users\Admin\AppData\Local\Temp\HPSocket.dll

Filesize
80KB

MD5
b220f0b3057a925147f57c5ebff51523

SHA1
bb9faca3b0e9f849301ecbd58381e7965a143781

SHA256
f12af891c0c1cb5e793ab260ff92e9792c8f7f2541162390a44c27e2e954dcb8

SHA512
1e9fb6bd6005aab4f553b0a02c373671ce26fa773b06461e0041cfad0ae62bbf319105296ebd5e2c1ccf1c478ce17510aeb32dab8b83254fa2a18c9148f121f1

Download Submit
memory/2868-1-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2868-33-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/2868-28-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/2868-25-0x0000000002170000-0x0000000002171000-memory.dmp

Filesize
4KB

Download
memory/2868-23-0x0000000002170000-0x0000000002171000-memory.dmp

Filesize
4KB

Download
memory/2868-20-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/2868-18-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/2868-15-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/2868-37-0x0000000000400000-0x0000000002139000-memory.dmp

Filesize
29.2MB

Download
memory/2868-13-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/2868-35-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/2868-10-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/2868-8-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/2868-6-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/2868-5-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2868-3-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2868-30-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/2868-0-0x00000000012C7000-0x00000000016BA000-memory.dmp

Filesize
3.9MB

Download
memory/2868-11-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/2868-54-0x0000000000400000-0x0000000002139000-memory.dmp

Filesize
29.2MB

Download
memory/2868-56-0x0000000000400000-0x0000000002139000-memory.dmp

Filesize
29.2MB

Download
memory/2868-58-0x0000000072F50000-0x0000000072F89000-memory.dmp

Filesize
228KB

Download
memory/2868-57-0x0000000000400000-0x0000000002139000-memory.dmp

Filesize
29.2MB

Download
memory/2868-68-0x0000000072F50000-0x0000000072F89000-memory.dmp

Filesize
228KB

Download
memory/2868-69-0x0000000072F50000-0x0000000072F89000-memory.dmp

Filesize
228KB

Download
memory/2868-70-0x00000000012C7000-0x00000000016BA000-memory.dmp

Filesize
3.9MB

Download
memory/2868-71-0x0000000000400000-0x0000000002139000-memory.dmp

Filesize
29.2MB

Download
memory/2868-72-0x0000000000400000-0x0000000002139000-memory.dmp

Filesize
29.2MB

Download
memory/2868-73-0x0000000000400000-0x0000000002139000-memory.dmp

Filesize
29.2MB

Download
memory/2868-74-0x0000000072F50000-0x0000000072F89000-memory.dmp

Filesize
228KB

Download
memory/2868-75-0x0000000072F50000-0x0000000072F89000-memory.dmp

Filesize
228KB

Download
memory/2868-77-0x0000000072F50000-0x0000000072F89000-memory.dmp

Filesize
228KB

Download
memory/2868-80-0x0000000072F50000-0x0000000072F89000-memory.dmp

Filesize
228KB

Download
memory/2868-85-0x0000000072F50000-0x0000000072F89000-memory.dmp

Filesize
228KB

Download

Analysis

Sharing