0055ab2c26082ca69dbf1ca8e92ce03869d9992b7a44db9ff201f96d1999f8f4

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 03:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

GoogleCloudSDKInstaller.exe
Size

148KB
MD5

ea36404ca2394e5d93d1d11e34ae3327
SHA1

5313a0c1b3ceab74b5fb15bb2ddbeff7ca2518c4
SHA256

0055ab2c26082ca69dbf1ca8e92ce03869d9992b7a44db9ff201f96d1999f8f4
SHA512

f1622431cf1a1d80f2fb4f0381dedc13f8f0a0181b17729ae76bbca0a01fb108b3c916d930b423808f00490176c334b9704c43448bd41e54445868ac0b8904a6
SSDEEP

3072:t8cFgUdOpDyTdcl4vN0HjHsGu03JXi+7YMa6oTWqE9G21BwIa1:tlTe4vS57zomZ+

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0008000000016ccb-24.dat	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0008000000016ccb-24.dat	upx

Loads dropped DLL 4 IoCs

pid	Process
2596	GoogleCloudSDKInstaller.exe
2596	GoogleCloudSDKInstaller.exe
2596	GoogleCloudSDKInstaller.exe
2596	GoogleCloudSDKInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2596	GoogleCloudSDKInstaller.exe

C:\Users\Admin\AppData\Local\Temp\GoogleCloudSDKInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\GoogleCloudSDKInstaller.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nso9AAB.tmp\System.dll

Filesize
11KB

MD5
2ae993a2ffec0c137eb51c8832691bcb

SHA1
98e0b37b7c14890f8a599f35678af5e9435906e1

SHA256
681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59

SHA512
2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9

Download Submit
\Users\Admin\AppData\Local\Temp\nso9AAB.tmp\UAC.dll

Filesize
14KB

MD5
4814167aa1c7ec892e84907094646faa

SHA1
a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee

SHA256
32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822

SHA512
fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067

Download Submit
\Users\Admin\AppData\Local\Temp\nso9AAB.tmp\nsDialogs.dll

Filesize
9KB

MD5
13b6a88cf284d0f45619e76191e2b995

SHA1
09ebb0eb4b1dca73d354368414906fc5ad667e06

SHA256
cb958e21c3935ef7697a2f14d64cae0f9264c91a92d2deeb821ba58852dac911

SHA512
2aeeae709d759e34592d8a06c90e58aa747e14d54be95fb133994fdcebb1bdc8bc5d82782d0c8c3cdfd35c7bea5d7105379d3c3a25377a8c958c7b2555b1209e

Download Submit
\Users\Admin\AppData\Local\Temp\nso9AAB.tmp\nsResize.dll

Filesize
4KB

MD5
aa849e7407cf349021812f62c001e097

SHA1
4cbb55b1d1dd95dcb7a36b5a44121ad4934539af

SHA256
29b0e5792679756a79d501e3a9b317971b08e876fac1c2476180d0ae83b77ba5

SHA512
4556baa49e8182d72e29e8d809635312142eb127039f5803ca0bf011b4359f0b584a670a3bd26a9969165a332cfa14a39abeaeae0b4d90519f91fdea755c54de

Download Submit
memory/2596-26-0x0000000074D50000-0x0000000074D59000-memory.dmp

Filesize
36KB

Download
memory/2596-27-0x0000000074D50000-0x0000000074D59000-memory.dmp

Filesize
36KB

Download