657271cda48fd7d3c435d71d8139c92b2779728d6352b388fb055e746106228a

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 18:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Install.exe
Size

1.5MB
MD5

29da5fe413aa82261275a47507505996
SHA1

d1d70970a5c7c2b0cc1c053b34313b5c5195aa16
SHA256

657271cda48fd7d3c435d71d8139c92b2779728d6352b388fb055e746106228a
SHA512

b06784ec703eae235b39724481182ed3cd7ca255d139bc42b48acf1d6306108249e554e4848bb5798a43610222229024096ba52f6236daa0f0405622d7a83ff8
SSDEEP

24576:TBWJITU4aiHL265QtUepQLbBFLyTivrEF/WXX73PY5IJnQO3EdomJUtaghkxn:UuhaiB5Qt7QLybF/WXL3PYORQO0d9JUe

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x00090000000141c5-14.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
1124	Install.tmp

Loads dropped DLL 2 IoCs

pid	Process
2796	Install.exe
1124	Install.tmp

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00090000000141c5-14.dat	upx
behavioral1/memory/1124-27-0x0000000003C10000-0x0000000003F4A000-memory.dmp	upx
behavioral1/memory/1124-84-0x0000000003C10000-0x0000000003F4A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1124	Install.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1124	Install.tmp
1124	Install.tmp
1124	Install.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 1124	2796	Install.exe	28
PID 2796 wrote to memory of 1124	2796	Install.exe	28
PID 2796 wrote to memory of 1124	2796	Install.exe	28
PID 2796 wrote to memory of 1124	2796	Install.exe	28
PID 2796 wrote to memory of 1124	2796	Install.exe	28
PID 2796 wrote to memory of 1124	2796	Install.exe	28
PID 2796 wrote to memory of 1124	2796	Install.exe	28

C:\Users\Admin\AppData\Local\Temp\Install.exe
"C:\Users\Admin\AppData\Local\Temp\Install.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Users\Admin\AppData\Local\Temp\is-CKFFK.tmp\Install.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-CKFFK.tmp\Install.tmp" /SL5="$4010A,1066541,132608,C:\Users\Admin\AppData\Local\Temp\Install.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-CKFFK.tmp\Install.tmp

Filesize
1.1MB

MD5
022360181305907af4f5c51aca0fe04b

SHA1
2f27bd946c3c8b9563bbd4394d5c9c2378275067

SHA256
43ce8ea37e4e13bac4879c7e7fba793e4b66a062f094cb031378e75da38ca866

SHA512
f23531bafaccc4f60e770113582676446bc8553d110b9bcfa980dfd41efc70c9a5882a194ef4aeca86714af8cdeb6ec3cf51a4325831bda0a896db73559cd3f1

Download Submit
\Users\Admin\AppData\Local\Temp\is-Q1EB3.tmp\VclStyles.dll

Filesize
866KB

MD5
02c1da5bef779903151ab958ef3be92c

SHA1
9233f55588eae8f3a73e06e2f5549b92a07590ae

SHA256
d82406839714541c9ef3f7660a21c3dd5927b13f09c6a8260708b4e04dc0bc66

SHA512
e511bbaf3eed4778f8ae89401a8a60454a2d19f6f08418953c8885f88d71556ce0e45601d6aac696ae9f669fd66aa92bf40bdd97139c65d7e8ae5c4ea438f0c8

Download Submit
memory/1124-37-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-74-0x0000000003260000-0x0000000003261000-memory.dmp

Filesize
4KB

Download
memory/1124-50-0x00000000031E0000-0x00000000031E1000-memory.dmp

Filesize
4KB

Download
memory/1124-76-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-75-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-36-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-73-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-72-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-71-0x0000000003250000-0x0000000003251000-memory.dmp

Filesize
4KB

Download
memory/1124-70-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-35-0x0000000002000000-0x0000000002001000-memory.dmp

Filesize
4KB

Download
memory/1124-66-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-65-0x0000000003230000-0x0000000003231000-memory.dmp

Filesize
4KB

Download
memory/1124-63-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-62-0x0000000003220000-0x0000000003221000-memory.dmp

Filesize
4KB

Download
memory/1124-60-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-59-0x0000000003210000-0x0000000003211000-memory.dmp

Filesize
4KB

Download
memory/1124-58-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-57-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-56-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/1124-55-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-54-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-53-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/1124-52-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-51-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-49-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-48-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-47-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/1124-46-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-8-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/1124-42-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-41-0x0000000002020000-0x0000000002021000-memory.dmp

Filesize
4KB

Download
memory/1124-39-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-38-0x0000000002010000-0x0000000002011000-memory.dmp

Filesize
4KB

Download
memory/1124-43-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-45-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-67-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-34-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-33-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-32-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

Filesize
4KB

Download
memory/1124-31-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-28-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-26-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-27-0x0000000003C10000-0x0000000003F4A000-memory.dmp

Filesize
3.2MB

Download
memory/1124-25-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/1124-23-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-22-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/1124-21-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-20-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-19-0x0000000001F70000-0x0000000001F71000-memory.dmp

Filesize
4KB

Download
memory/1124-18-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-69-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-68-0x0000000003240000-0x0000000003241000-memory.dmp

Filesize
4KB

Download
memory/1124-64-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-61-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-44-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download
memory/1124-40-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-30-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-29-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

Filesize
4KB

Download
memory/1124-24-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-17-0x0000000003F50000-0x0000000004090000-memory.dmp

Filesize
1.2MB

Download
memory/1124-16-0x0000000000980000-0x0000000000981000-memory.dmp

Filesize
4KB

Download
memory/1124-79-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/1124-80-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/1124-84-0x0000000003C10000-0x0000000003F4A000-memory.dmp

Filesize
3.2MB

Download
memory/1124-88-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/1124-113-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2796-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2796-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/2796-81-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download