c16b9278b929051b129a1d9f8e3b4a6922a1da94c35e9eb9a3b411a97278aba8

Analysis

max time kernel
142s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c16b9278b929051b129a1d9f8e3b4a6922a1da94c35e9eb9a3b411a97278aba8.exe
Size

3.3MB
MD5

a6eb4fdd1f3e1506cb88d9c4e92f1120
SHA1

4f8c8637223243d617186c5bb648009461f092ee
SHA256

c16b9278b929051b129a1d9f8e3b4a6922a1da94c35e9eb9a3b411a97278aba8
SHA512

471c098e0e45fe0768f68a08da41c43186869f68b11760210f7616de1b0e526bae0f3342483627243b949dd6e7214256716f022cbaf48f1f31f54a5864431bb7
SSDEEP

98304:ubCm/GuMIRt+BLlHthTTHyECjoKL5eUTbNl:ubCQM2MLRtIJv1eMj

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0008000000015b6e-2.dat	acprotect
behavioral1/files/0x0007000000015ce8-10.dat	acprotect

Loads dropped DLL 3 IoCs

pid	Process
1776	c16b9278b929051b129a1d9f8e3b4a6922a1da94c35e9eb9a3b411a97278aba8.exe
1776	c16b9278b929051b129a1d9f8e3b4a6922a1da94c35e9eb9a3b411a97278aba8.exe
1776	c16b9278b929051b129a1d9f8e3b4a6922a1da94c35e9eb9a3b411a97278aba8.exe

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1776-0-0x0000000000400000-0x0000000000937000-memory.dmp	upx
behavioral1/files/0x0008000000015b6e-2.dat	upx
behavioral1/memory/1776-4-0x0000000010000000-0x00000000106FF000-memory.dmp	upx
behavioral1/files/0x0007000000015ce8-10.dat	upx
behavioral1/memory/1776-18-0x0000000074EF0000-0x0000000074F46000-memory.dmp	upx
behavioral1/memory/1776-26-0x0000000074EF0000-0x0000000074F46000-memory.dmp	upx
behavioral1/memory/1776-24-0x0000000000400000-0x0000000000937000-memory.dmp	upx
behavioral1/memory/1776-25-0x0000000010000000-0x00000000106FF000-memory.dmp	upx
behavioral1/memory/1776-33-0x0000000074EF0000-0x0000000074F46000-memory.dmp	upx
behavioral1/memory/1776-32-0x0000000010000000-0x00000000106FF000-memory.dmp	upx
behavioral1/memory/1776-37-0x0000000000400000-0x0000000000937000-memory.dmp	upx
behavioral1/memory/1776-48-0x0000000074EF0000-0x0000000074F46000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1776	c16b9278b929051b129a1d9f8e3b4a6922a1da94c35e9eb9a3b411a97278aba8.exe
1776	c16b9278b929051b129a1d9f8e3b4a6922a1da94c35e9eb9a3b411a97278aba8.exe

C:\Users\Admin\AppData\Local\Temp\c16b9278b929051b129a1d9f8e3b4a6922a1da94c35e9eb9a3b411a97278aba8.exe
"C:\Users\Admin\AppData\Local\Temp\c16b9278b929051b129a1d9f8e3b4a6922a1da94c35e9eb9a3b411a97278aba8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\ee\Plugins\rdjson.dll

Filesize
192KB

MD5
2244857ed4d33e3ab8b32c1a09eaff39

SHA1
9af9d5bc1be9c202471075b5222500c409428fd0

SHA256
e345f88529b2337bb2719550985a049c61a6bca84c113c7b07f7ec5313446f7d

SHA512
c88af689b603c22dac0be5cdb0922d0bb58325ee57d736b6fa090e967704edb5fa535100149fd5d02ac764ab32b0ccea99310dd28101ffc907a58414e8867590

Download Submit
\Users\Admin\Documents\ee\Plugins\6.9.41\owlform.dll

Filesize
2.5MB

MD5
6d04c6040ebbe9d7f8553be72701b234

SHA1
a3d1ef43ce24cea6c825d7f3a73e03688a65c621

SHA256
f8504e0076660bbc5efde8e0acfa4f98fedff86d06b04082464d147cc0dc0683

SHA512
402f4484ebf93afa7a0c85a52b81e502a4582a51f0c3b7c50e0064907b2d8ce9f52755c05200c8e85fe47241835fc795e7a5e7f0bb9e10d2f17666a87f765363

Download Submit
\Users\Admin\Documents\ee\Plugins\ecurl.dll

Filesize
162KB

MD5
a84e2a5cf1ff392a922a2d36d5ac6d10

SHA1
6a337a928408faa8528845af3e3c6aedc7c7eaa2

SHA256
a0679211a81bd6ccbe9fd8f6a7eb19bd5ea38cc7f3c8452448bc24daf226817d

SHA512
c64edde97e4bfad2a6d540673360856a76b7bed7a58c6deefdc057684a51e8ef3368ff2a28255fe3227303f9a8891d23965df7e7ad5592a9a0dd80afbefb12f0

Download Submit
memory/1776-18-0x0000000074EF0000-0x0000000074F46000-memory.dmp

Filesize
344KB

Download
memory/1776-4-0x0000000010000000-0x00000000106FF000-memory.dmp

Filesize
7.0MB

Download
memory/1776-12-0x000000002C3D0000-0x000000002C3D1000-memory.dmp

Filesize
4KB

Download
memory/1776-0-0x0000000000400000-0x0000000000937000-memory.dmp

Filesize
5.2MB

Download
memory/1776-26-0x0000000074EF0000-0x0000000074F46000-memory.dmp

Filesize
344KB

Download
memory/1776-24-0x0000000000400000-0x0000000000937000-memory.dmp

Filesize
5.2MB

Download
memory/1776-25-0x0000000010000000-0x00000000106FF000-memory.dmp

Filesize
7.0MB

Download
memory/1776-33-0x0000000074EF0000-0x0000000074F46000-memory.dmp

Filesize
344KB

Download
memory/1776-32-0x0000000010000000-0x00000000106FF000-memory.dmp

Filesize
7.0MB

Download
memory/1776-37-0x0000000000400000-0x0000000000937000-memory.dmp

Filesize
5.2MB

Download
memory/1776-48-0x0000000074EF0000-0x0000000074F46000-memory.dmp

Filesize
344KB

Download