Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26-06-2024 07:45
Behavioral task
behavioral1
Sample
82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe
Resource
win10v2004-20240611-en
General
-
Target
82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe
-
Size
10.0MB
-
MD5
5d1f2553a05ae47cb7de9fd2814af473
-
SHA1
df32fbf6aaf753721628dc09150b3a5398a14312
-
SHA256
82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05
-
SHA512
2a170c4227f6456ad4855bd63d7b37ba5d59bf0b35e87c027c1a068fba5936b40ae6eac6cb212e3ca8f387e6c7b6c76ad6e4f31ba1d0d1768195215920e0712a
-
SSDEEP
196608:K7zFRdZtLdJXK1bIfPpd/1trVa41mS+cxorcZdqxIiijQQC6MYAuvNuFI:K7xjLvXKBWPD11uQfZ8I2QCvBc
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral1/files/0x0008000000015f7a-17.dat acprotect -
Loads dropped DLL 2 IoCs
pid Process 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe -
resource yara_rule behavioral1/memory/2988-19-0x0000000001360000-0x0000000001D6C000-memory.dmp vmprotect behavioral1/memory/2988-22-0x0000000001360000-0x0000000001D6C000-memory.dmp vmprotect behavioral1/memory/2988-153-0x0000000001360000-0x0000000001D6C000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe Token: 33 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe Token: SeIncBasePriorityPrivilege 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe Token: 33 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe Token: SeIncBasePriorityPrivilege 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe -
Suspicious use of SetWindowsHookEx 28 IoCs
pid Process 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 2988 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe"C:\Users\Admin\AppData\Local\Temp\82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe"1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2988
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16B
MD594a515b306e6228e8ce1d1795b5faf02
SHA15f6d4e1f6e98c0608805a6ead5c0a5d37205da86
SHA25665ba2da2aa325358c44b42b1b002ae6717507eefcb42f1fcca4f3c480a9cf182
SHA5128c84db3b0962af7af3a6a6ec842ec02cdaa9345749bfc1d839b6612dcd4b96e4a9ebbeab8afa7f7c24b242e9bfc1eae18b6689afb7ef071a89a22c3690099188
-
Filesize
24B
MD5502640b26b032cb3dfc9c3d27947280c
SHA12f6b99cb033a68411a04c2a6959a7907438a4d46
SHA256549b8c298bac30fed200a6e36a9499744d6231782481718fe28ba4e980c635f4
SHA51221c60a181566fb64306dfbec67d7e00e08d7747e0a5e059cd98966a5053f74a3293cdb7fcb4ad6297f138d6c06a0b4522edf7e038136f0520f8bcb4bf47d7f8d
-
Filesize
105KB
MD5ccdfb726cc8aebf76c9bc6f1341f5325
SHA14ad4d1f3c0423ce7757062467ab87a4dc1d48536
SHA256fdeefa724abb593832eccdd6beab4b4fc5f51b210dcbc936c642d94e1ae43bc9
SHA51266e53a5bcc6483c4f37d81379430b6e455931ae5c0e9561c16d908347af3021383c4aa2131ccffe9beaaba18599d5865efa3dfa2bbd427027261e27bf0e6a794