1b6148c640e0d63bfd74b9df003b3214dacf2aa678a7fce1075c25cf033e0e5c

Resubmissions

24-06-2024 19:09

240624-xt97ca1fjr 7

04-04-2024 11:02

240404-m468bsda8x 10

Analysis

max time kernel
48s
max time network
17s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24-06-2024 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

888RAT 1.1.1 cracked.exe
Size

38.4MB
MD5

554cd80e1b5fc6c7d296b23e4b400664
SHA1

550d2da6068683ae545c3ca8910ec37671764fad
SHA256

1b6148c640e0d63bfd74b9df003b3214dacf2aa678a7fce1075c25cf033e0e5c
SHA512

7b3dd3ea1e85dbc66d299ff31891127a5fe8995ac7cc0741896a0593c439677f3734f0b5f925353fe5b1773f24344b1f8c274d4c7eab158566444fd110a4714c
SSDEEP

786432:x/gwpv29voFFcTLKy1kwql+9l2+OZuhQZUmvhSawvb+GlfR/s:qq2aFWTLK8x9kxZbd4awj+GR/s

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
behavioral1/files/0x0007000000014183-32.dat	acprotect

Loads dropped DLL 2 IoCs

Processes:

888RAT 1.1.1 cracked.exe

pid	Process
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/files/0x0007000000014183-32.dat	upx
behavioral1/memory/1684-36-0x00000000072A0000-0x000000000735B000-memory.dmp	upx
behavioral1/memory/1684-216-0x00000000072A0000-0x000000000735B000-memory.dmp	upx

AutoIT Executable 4 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
behavioral1/memory/1684-40-0x00000000008C0000-0x0000000002F30000-memory.dmp	autoit_exe
behavioral1/memory/1684-51-0x00000000008C0000-0x0000000002F30000-memory.dmp	autoit_exe
behavioral1/memory/1684-90-0x00000000008C0000-0x0000000002F30000-memory.dmp	autoit_exe
behavioral1/memory/1684-79-0x00000000008C0000-0x0000000002F30000-memory.dmp	autoit_exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

888RAT 1.1.1 cracked.exe

pid	Process
1684	888RAT 1.1.1 cracked.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

888RAT 1.1.1 cracked.exe

pid	Process
1684	888RAT 1.1.1 cracked.exe

Suspicious use of FindShellTrayWindow 59 IoCs

Processes:

888RAT 1.1.1 cracked.exe

pid	Process
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe

Suspicious use of SendNotifyMessage 59 IoCs

Processes:

888RAT 1.1.1 cracked.exe

pid	Process
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe
1684	888RAT 1.1.1 cracked.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

888RAT 1.1.1 cracked.exe

pid	Process
1684	888RAT 1.1.1 cracked.exe

C:\Users\Admin\AppData\Local\Temp\888RAT 1.1.1 cracked.exe
"C:\Users\Admin\AppData\Local\Temp\888RAT 1.1.1 cracked.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Splash8.jpg

Filesize
32KB

MD5
a3083356947cdfb053c7c63cec79e85f

SHA1
81d71adf137d5a8dff56843250578bb68333ba9a

SHA256
3e290e256bf19f56b233c42f19397807a83bde6cc792d6ea2f6c615cfc92ec1d

SHA512
820ac1ca3472f2356c7ad3c7443a431eea3f710679e6467f47ee8918e7c206767ff99401ced14dd3d012d930b1aad3225b9f9e1a7a9ee4303a8b204f05fdf766

Download Submit
C:\Users\Admin\AppData\Local\Temp\skin.dll

Filesize
239KB

MD5
29e1d5770184bf45139084bced50d306

SHA1
76c953cd86b013c3113f8495b656bd721be55e76

SHA256
794987c4069286f797631f936c73b925c663c42d552aeca821106dfc7c7ba307

SHA512
7cb3d0788978b6dc5a78f65349366dac3e91b1557efa4f385984bef4940b3ea859f75cfe42c71f6fe445555138f44305531de6a89c5beff4bf9d42001b4348e8

Download Submit
\Users\Admin\AppData\Local\Temp\skin.888ww.msstyles

Filesize
3.3MB

MD5
ea5d5266b8a7bcc8788c83ebb7c8c7d5

SHA1
3e9ac1ab7d5d54db9b3d141e82916513e572b415

SHA256
91ac4d215b8d90aef9a000900c9088d4c33d58c5f35a720a385a3f2d2299e5d1

SHA512
404b35fca478a1f489ec1af7be1df897190d7deb0cd8139c2c89d68c24fa377d904cf0c5e30c09ab448d74d87a47aaa3a872bf66a9bc9c124f52798320d34e60

Download Submit
memory/1684-36-0x00000000072A0000-0x000000000735B000-memory.dmp

Filesize
748KB

Download
memory/1684-44-0x0000000076C00000-0x0000000076C57000-memory.dmp

Filesize
348KB

Download
memory/1684-43-0x0000000076630000-0x00000000766D0000-memory.dmp

Filesize
640KB

Download
memory/1684-45-0x0000000075C70000-0x0000000075E85000-memory.dmp

Filesize
2.1MB

Download
memory/1684-40-0x00000000008C0000-0x0000000002F30000-memory.dmp

Filesize
38.4MB

Download
memory/1684-42-0x0000000075ED0000-0x0000000075F6D000-memory.dmp

Filesize
628KB

Download
memory/1684-41-0x0000000075510000-0x0000000075542000-memory.dmp

Filesize
200KB

Download
memory/1684-47-0x0000000076AA0000-0x0000000076BFC000-memory.dmp

Filesize
1.4MB

Download
memory/1684-46-0x0000000076D20000-0x000000007796A000-memory.dmp

Filesize
12.3MB

Download
memory/1684-48-0x00000000766D0000-0x000000007675F000-memory.dmp

Filesize
572KB

Download
memory/1684-49-0x0000000076C60000-0x0000000076C8A000-memory.dmp

Filesize
168KB

Download
memory/1684-50-0x0000000075210000-0x0000000075261000-memory.dmp

Filesize
324KB

Download
memory/1684-54-0x0000000076630000-0x00000000766D0000-memory.dmp

Filesize
640KB

Download
memory/1684-53-0x0000000075510000-0x0000000075542000-memory.dmp

Filesize
200KB

Download
memory/1684-52-0x0000000075620000-0x0000000075629000-memory.dmp

Filesize
36KB

Download
memory/1684-51-0x00000000008C0000-0x0000000002F30000-memory.dmp

Filesize
38.4MB

Download
memory/1684-56-0x0000000076C00000-0x0000000076C57000-memory.dmp

Filesize
348KB

Download
memory/1684-57-0x0000000075C70000-0x0000000075E85000-memory.dmp

Filesize
2.1MB

Download
memory/1684-55-0x0000000075370000-0x000000007550E000-memory.dmp

Filesize
1.6MB

Download
memory/1684-62-0x00000000766D0000-0x000000007675F000-memory.dmp

Filesize
572KB

Download
memory/1684-61-0x0000000076AA0000-0x0000000076BFC000-memory.dmp

Filesize
1.4MB

Download
memory/1684-60-0x0000000076D20000-0x000000007796A000-memory.dmp

Filesize
12.3MB

Download
memory/1684-59-0x0000000076020000-0x000000007609B000-memory.dmp

Filesize
492KB

Download
memory/1684-66-0x0000000075510000-0x0000000075542000-memory.dmp

Filesize
200KB

Download
memory/1684-67-0x0000000075ED0000-0x0000000075F6D000-memory.dmp

Filesize
628KB

Download
memory/1684-65-0x0000000075210000-0x0000000075261000-memory.dmp

Filesize
324KB

Download
memory/1684-64-0x0000000075A50000-0x0000000075B1C000-memory.dmp

Filesize
816KB

Download
memory/1684-82-0x0000000076630000-0x00000000766D0000-memory.dmp

Filesize
640KB

Download
memory/1684-83-0x0000000075370000-0x000000007550E000-memory.dmp

Filesize
1.6MB

Download
memory/1684-85-0x0000000075600000-0x0000000075612000-memory.dmp

Filesize
72KB

Download
memory/1684-88-0x0000000075A50000-0x0000000075B1C000-memory.dmp

Filesize
816KB

Download
memory/1684-93-0x0000000075ED0000-0x0000000075F6D000-memory.dmp

Filesize
628KB

Download
memory/1684-95-0x0000000075370000-0x000000007550E000-memory.dmp

Filesize
1.6MB

Download
memory/1684-96-0x0000000076C00000-0x0000000076C57000-memory.dmp

Filesize
348KB

Download
memory/1684-94-0x0000000076630000-0x00000000766D0000-memory.dmp

Filesize
640KB

Download
memory/1684-100-0x0000000076020000-0x000000007609B000-memory.dmp

Filesize
492KB

Download
memory/1684-92-0x0000000075510000-0x0000000075542000-memory.dmp

Filesize
200KB

Download
memory/1684-91-0x0000000075620000-0x0000000075629000-memory.dmp

Filesize
36KB

Download
memory/1684-84-0x0000000076C00000-0x0000000076C57000-memory.dmp

Filesize
348KB

Download
memory/1684-110-0x0000000076C00000-0x0000000076C57000-memory.dmp

Filesize
348KB

Download
memory/1684-109-0x0000000075370000-0x000000007550E000-memory.dmp

Filesize
1.6MB

Download
memory/1684-108-0x0000000075510000-0x0000000075542000-memory.dmp

Filesize
200KB

Download
memory/1684-81-0x0000000075510000-0x0000000075542000-memory.dmp

Filesize
200KB

Download
memory/1684-80-0x0000000075620000-0x0000000075629000-memory.dmp

Filesize
36KB

Download
memory/1684-68-0x0000000076630000-0x00000000766D0000-memory.dmp

Filesize
640KB

Download
memory/1684-69-0x0000000075370000-0x000000007550E000-memory.dmp

Filesize
1.6MB

Download
memory/1684-72-0x0000000075C70000-0x0000000075E85000-memory.dmp

Filesize
2.1MB

Download
memory/1684-75-0x00000000766D0000-0x000000007675F000-memory.dmp

Filesize
572KB

Download
memory/1684-106-0x0000000076C00000-0x0000000076C57000-memory.dmp

Filesize
348KB

Download
memory/1684-105-0x0000000075210000-0x0000000075261000-memory.dmp

Filesize
324KB

Download
memory/1684-104-0x0000000075280000-0x0000000075293000-memory.dmp

Filesize
76KB

Download
memory/1684-103-0x0000000075A50000-0x0000000075B1C000-memory.dmp

Filesize
816KB

Download
memory/1684-101-0x00000000766D0000-0x000000007675F000-memory.dmp

Filesize
572KB

Download
memory/1684-98-0x0000000075C70000-0x0000000075E85000-memory.dmp

Filesize
2.1MB

Download
memory/1684-97-0x0000000075600000-0x0000000075612000-memory.dmp

Filesize
72KB

Download
memory/1684-90-0x00000000008C0000-0x0000000002F30000-memory.dmp

Filesize
38.4MB

Download
memory/1684-89-0x0000000075210000-0x0000000075261000-memory.dmp

Filesize
324KB

Download
memory/1684-86-0x0000000075C70000-0x0000000075E85000-memory.dmp

Filesize
2.1MB

Download
memory/1684-79-0x00000000008C0000-0x0000000002F30000-memory.dmp

Filesize
38.4MB

Download
memory/1684-78-0x0000000075210000-0x0000000075261000-memory.dmp

Filesize
324KB

Download
memory/1684-77-0x0000000075280000-0x0000000075293000-memory.dmp

Filesize
76KB

Download
memory/1684-76-0x0000000075A50000-0x0000000075B1C000-memory.dmp

Filesize
816KB

Download
memory/1684-74-0x0000000076020000-0x000000007609B000-memory.dmp

Filesize
492KB

Download
memory/1684-71-0x0000000075600000-0x0000000075612000-memory.dmp

Filesize
72KB

Download
memory/1684-70-0x0000000076C00000-0x0000000076C57000-memory.dmp

Filesize
348KB

Download
memory/1684-216-0x00000000072A0000-0x000000000735B000-memory.dmp

Filesize
748KB

Download