c10b7a9b9cdd21b2aa6d375a031d80915e15df0b41940344895b7a6fb492c7bb

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 18:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c10b7a9b9cdd21b2aa6d375a031d80915e15df0b41940344895b7a6fb492c7bb.dll
Size

2.5MB
MD5

489d3924260190cf9be69ba183c4956e
SHA1

4cfdf015d2eb14e92d88488a110d422c482818e6
SHA256

c10b7a9b9cdd21b2aa6d375a031d80915e15df0b41940344895b7a6fb492c7bb
SHA512

f68c4d1d3ff6f17f26de5789e37eb686795ac44ecd5dc2f5ce2927f0378ea231490736c4cb715d7ddca50694f6b3ab67e970538f1235e560438d50174789fd60
SSDEEP

49152:OB9uchwaAlbkvafQpcpsutfKJmRZgMtIQy6ykwocE4JARQS4XqzqpsN6B:Oabb0afM29k6uMtIQyjjVE4JA6S4kER

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x00080000000155f7-6.dat	acprotect
behavioral1/files/0x0007000000015605-11.dat	acprotect

Loads dropped DLL 3 IoCs

pid	Process
2952	rundll32.exe
2952	rundll32.exe
2952	rundll32.exe

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2952-0-0x0000000010000000-0x000000001070C000-memory.dmp	upx
behavioral1/memory/2952-1-0x0000000010000000-0x000000001070C000-memory.dmp	upx
behavioral1/memory/2952-2-0x0000000010000000-0x000000001070C000-memory.dmp	upx
behavioral1/memory/2952-3-0x0000000010000000-0x000000001070C000-memory.dmp	upx
behavioral1/files/0x00080000000155f7-6.dat	upx
behavioral1/memory/2952-9-0x0000000074CE0000-0x0000000074F18000-memory.dmp	upx
behavioral1/files/0x0007000000015605-11.dat	upx
behavioral1/memory/2952-14-0x0000000074AF0000-0x0000000074B46000-memory.dmp	upx
behavioral1/memory/2952-24-0x0000000010000000-0x000000001070C000-memory.dmp	upx
behavioral1/memory/2952-27-0x0000000010000000-0x000000001070C000-memory.dmp	upx
behavioral1/memory/2952-29-0x0000000074AF0000-0x0000000074B46000-memory.dmp	upx
behavioral1/memory/2952-28-0x0000000074CE0000-0x0000000074F18000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2952	2888	rundll32.exe	28
PID 2888 wrote to memory of 2952	2888	rundll32.exe	28
PID 2888 wrote to memory of 2952	2888	rundll32.exe	28
PID 2888 wrote to memory of 2952	2888	rundll32.exe	28
PID 2888 wrote to memory of 2952	2888	rundll32.exe	28
PID 2888 wrote to memory of 2952	2888	rundll32.exe	28
PID 2888 wrote to memory of 2952	2888	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c10b7a9b9cdd21b2aa6d375a031d80915e15df0b41940344895b7a6fb492c7bb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c10b7a9b9cdd21b2aa6d375a031d80915e15df0b41940344895b7a6fb492c7bb.dll,#1
  2⤵
  - Loads dropped DLL
  PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\ee\Plugins\ecurl.dll

Filesize
162KB

MD5
a84e2a5cf1ff392a922a2d36d5ac6d10

SHA1
6a337a928408faa8528845af3e3c6aedc7c7eaa2

SHA256
a0679211a81bd6ccbe9fd8f6a7eb19bd5ea38cc7f3c8452448bc24daf226817d

SHA512
c64edde97e4bfad2a6d540673360856a76b7bed7a58c6deefdc057684a51e8ef3368ff2a28255fe3227303f9a8891d23965df7e7ad5592a9a0dd80afbefb12f0

Download Submit
\Users\Admin\AppData\Local\Temp\ee\Plugins\hp_socket4c.dll

Filesize
792KB

MD5
6637599f87ab11b6238f2f24c55797fc

SHA1
a84090bed39c91503300ab3bd78883001bf71aac

SHA256
65e65ccfe5b7fc075e06a5cf58507253a92dd9b7ab7a1a2b9e6b31fe7810e6ac

SHA512
8edecfb2ac6865bd3886f5ff77c78ccd44a4362d2305b69397526a1e463207430bd838d390979cbdc498040a2fbca21ccdab679df506efec07be400f6b42d828

Download Submit
\Users\Admin\AppData\Local\Temp\ee\Plugins\rdjson.dll

Filesize
192KB

MD5
2244857ed4d33e3ab8b32c1a09eaff39

SHA1
9af9d5bc1be9c202471075b5222500c409428fd0

SHA256
e345f88529b2337bb2719550985a049c61a6bca84c113c7b07f7ec5313446f7d

SHA512
c88af689b603c22dac0be5cdb0922d0bb58325ee57d736b6fa090e967704edb5fa535100149fd5d02ac764ab32b0ccea99310dd28101ffc907a58414e8867590

Download Submit
memory/2952-3-0x0000000010000000-0x000000001070C000-memory.dmp

Filesize
7.0MB

Download
memory/2952-0-0x0000000010000000-0x000000001070C000-memory.dmp

Filesize
7.0MB

Download
memory/2952-9-0x0000000074CE0000-0x0000000074F18000-memory.dmp

Filesize
2.2MB

Download
memory/2952-2-0x0000000010000000-0x000000001070C000-memory.dmp

Filesize
7.0MB

Download
memory/2952-14-0x0000000074AF0000-0x0000000074B46000-memory.dmp

Filesize
344KB

Download
memory/2952-1-0x0000000010000000-0x000000001070C000-memory.dmp

Filesize
7.0MB

Download
memory/2952-18-0x000000002AC30000-0x000000002AC31000-memory.dmp

Filesize
4KB

Download
memory/2952-24-0x0000000010000000-0x000000001070C000-memory.dmp

Filesize
7.0MB

Download
memory/2952-27-0x0000000010000000-0x000000001070C000-memory.dmp

Filesize
7.0MB

Download
memory/2952-29-0x0000000074AF0000-0x0000000074B46000-memory.dmp

Filesize
344KB

Download
memory/2952-28-0x0000000074CE0000-0x0000000074F18000-memory.dmp

Filesize
2.2MB

Download