Resubmissions

11/06/2024, 00:52

240611-a8emnayalm 7

11/06/2024, 00:45

240611-a4a4nsxcnf 7

11/06/2024, 00:38

240611-azc3gaxbjb 7

Analysis

  • max time kernel
    49s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 00:52

General

  • Target

    SonicFGX_2022v2.exe

  • Size

    31.2MB

  • MD5

    c08469c16ea50572a10b29ab8d7524c7

  • SHA1

    7a3e251a8bbc739d8cfc9e1d120216fedb089a8f

  • SHA256

    ed9fb40de7a103920158a5d9e1faa921a29671bb9472ea8b07e0d511d081114a

  • SHA512

    8de7c83d1df1cb13f0932dce74f1a7c6a2932a68ef113f2b31a39f91dd2ae1174506ce8bb4de28c3959158d817a3c8fce357d2bf2e20690635b040120292f2d5

  • SSDEEP

    786432:AYQ6LnVWWQWJ95s/6DZevnuELpMr0zLdWN//:nhVCq9/DdE9Mr0zLINH

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 3 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SonicFGX_2022v2.exe
    "C:\Users\Admin\AppData\Local\Temp\SonicFGX_2022v2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:2136

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\gm_ttt_2211\D3DX8.dll

          Filesize

          241KB

          MD5

          8c7c11dbf9cba3bcb065201c560945e3

          SHA1

          3104c3f99dc23711ad52fc733602a07f0564a494

          SHA256

          120c8e8fef7ea02713d2966dbad325d631323cb207b11cfa768aeec48f5150cc

          SHA512

          778f8ff13ebc154ffca26b21937c26da33e075a10671c91fce274e322195841fd33eb764cf21530837e268dce1f59d232920fe45fc239bfcbce14bf737dc3ee0

        • \Users\Admin\AppData\Local\Temp\gm_ttt_2211\Extension3571\Dll.dll

          Filesize

          701KB

          MD5

          bfc4bb347d1d673b5c0086c5797c8da0

          SHA1

          51097c13d4bb2f74650074bee185238968fff326

          SHA256

          c97460ea765a8eafe3cd20758aaba2fe3f2a77bf5315b1c536c70b38e2b9bbae

          SHA512

          ae6bfdecec07639ce78e5b8bfb5441ce6e9cb77f45b31ce3a1f46d8706c264d1899e980bc5ca2958ce1754c87713c80e697b20cb93998ceb9768a99346f77dbe

        • \Users\Admin\AppData\Local\Temp\gm_ttt_2211\gm82\gm82core.dll

          Filesize

          120KB

          MD5

          a6c69bebeeecae6f9f2b4ace1d1531b2

          SHA1

          1af3e336b1810f5a275408e95ceefa4eb200076d

          SHA256

          ce701943a5a8cf16797c91d7ce4d2a1c43c2511a5bd828d315adf9539983edb1

          SHA512

          edc971e8d2ec027435f16bccd241509c94e3548e3eff6968f467da4ad0805a2d21fdd9c076e1ff5372c6718713c0797b76f9df62a5337423532566a143d646e9

        • memory/2136-0-0x0000000000260000-0x0000000000261000-memory.dmp

          Filesize

          4KB

        • memory/2136-4-0x0000000010000000-0x0000000010082000-memory.dmp

          Filesize

          520KB

        • memory/2136-19-0x0000000018190000-0x0000000018191000-memory.dmp

          Filesize

          4KB

        • memory/2136-20-0x0000000000260000-0x0000000000261000-memory.dmp

          Filesize

          4KB

        • memory/2136-21-0x0000000010000000-0x0000000010082000-memory.dmp

          Filesize

          520KB

        • memory/2136-22-0x0000000000400000-0x0000000000960000-memory.dmp

          Filesize

          5.4MB

        • memory/2136-33-0x0000000000400000-0x0000000000960000-memory.dmp

          Filesize

          5.4MB

        • memory/2136-35-0x0000000010000000-0x0000000010082000-memory.dmp

          Filesize

          520KB