1b807893801a0ba0e6c2c0c2bfba59dc5779a1471cd00c57a27aa82afe2acd66

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b807893801a0ba0e6c2c0c2bfba59dc5779a1471cd00c57a27aa82afe2acd66.exe
Size

4.2MB
MD5

a6dfc1c9ade8bb9f696a9168470a7770
SHA1

8398d002b407334b9dc27431bb006ef19b9e36b2
SHA256

1b807893801a0ba0e6c2c0c2bfba59dc5779a1471cd00c57a27aa82afe2acd66
SHA512

10aded9362791d914744da495675d6d1aea7ee6625772e3e7e6801a6f22914dc7ebb0433cf139e83f925856477e80f1d994c6e2c323a4a5e1d4589ff79121f3b
SSDEEP

49152:QGUwKu/5dlHb0xn91Q2C5AVlY7SJb/UoaHwq5CPK3MXRQz70Vgaej5f7U5fWwCHo:QGUBu/5dN+91QNAw7M7dxsOg73I

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000d000000023457-5.dat	acprotect
behavioral2/files/0x000b000000023458-13.dat	acprotect
behavioral2/files/0x000a000000023455-19.dat	acprotect

Loads dropped DLL 6 IoCs

pid	Process
2604	1b807893801a0ba0e6c2c0c2bfba59dc5779a1471cd00c57a27aa82afe2acd66.exe
2604	1b807893801a0ba0e6c2c0c2bfba59dc5779a1471cd00c57a27aa82afe2acd66.exe
2604	1b807893801a0ba0e6c2c0c2bfba59dc5779a1471cd00c57a27aa82afe2acd66.exe
2604	1b807893801a0ba0e6c2c0c2bfba59dc5779a1471cd00c57a27aa82afe2acd66.exe
2604	1b807893801a0ba0e6c2c0c2bfba59dc5779a1471cd00c57a27aa82afe2acd66.exe
2604	1b807893801a0ba0e6c2c0c2bfba59dc5779a1471cd00c57a27aa82afe2acd66.exe

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000d000000023457-5.dat	upx
behavioral2/memory/2604-16-0x0000000004C80000-0x0000000004D45000-memory.dmp	upx
behavioral2/files/0x000b000000023458-13.dat	upx
behavioral2/memory/2604-24-0x0000000004180000-0x0000000004193000-memory.dmp	upx
behavioral2/memory/2604-23-0x0000000002E10000-0x0000000002E94000-memory.dmp	upx
behavioral2/memory/2604-22-0x0000000004C80000-0x0000000004D45000-memory.dmp	upx
behavioral2/files/0x000a000000023455-19.dat	upx
behavioral2/memory/2604-30-0x0000000002E10000-0x0000000002E94000-memory.dmp	upx
behavioral2/memory/2604-29-0x0000000004C80000-0x0000000004D45000-memory.dmp	upx
behavioral2/memory/2604-81-0x0000000004180000-0x0000000004193000-memory.dmp	upx
behavioral2/memory/2604-80-0x0000000002E10000-0x0000000002E94000-memory.dmp	upx
behavioral2/memory/2604-79-0x0000000004C80000-0x0000000004D45000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2604	1b807893801a0ba0e6c2c0c2bfba59dc5779a1471cd00c57a27aa82afe2acd66.exe
Token: SeIncBasePriorityPrivilege	2604	1b807893801a0ba0e6c2c0c2bfba59dc5779a1471cd00c57a27aa82afe2acd66.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2604	1b807893801a0ba0e6c2c0c2bfba59dc5779a1471cd00c57a27aa82afe2acd66.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2604	1b807893801a0ba0e6c2c0c2bfba59dc5779a1471cd00c57a27aa82afe2acd66.exe

C:\Users\Admin\AppData\Local\Temp\1b807893801a0ba0e6c2c0c2bfba59dc5779a1471cd00c57a27aa82afe2acd66.exe
"C:\Users\Admin\AppData\Local\Temp\1b807893801a0ba0e6c2c0c2bfba59dc5779a1471cd00c57a27aa82afe2acd66.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\947F07A6.nbp

Filesize
257KB

MD5
8b0e2b2c71d69bca02960e9d38b76b29

SHA1
a85fbd6e058b61a35e9a8ad666d91d77710adbda

SHA256
35c3afbe966c77ec0122cdfa960c21bf9f015365c7c74744d9059fa89d1ed240

SHA512
5f517149829617c5c3be8b0b03227f01fdc5de3b2b645d4fcb76c7179d5827bd50266c899efe3bb79529aee0731dd479a35e37c7ef8759df22e2081316cc35df

Download Submit
C:\Users\Admin\AppData\Local\Temp\947F07A7.nbp

Filesize
174KB

MD5
2f703c0a8f18f8678e330428a4a40be5

SHA1
9a34fc3449277fa11e836a47dffbde214cccef07

SHA256
55671a1f118d606a0a8ed31cb6806916c6b09ad7d85ef269055e69b96fc94deb

SHA512
74f6be377b8a0bd69701503e939c572f23bffd9320a96c9ad14c9ce84d4e350d3215e1e8531c3322da71dbb10123bcc3c450b09b76b356f857f7008a6fce7fbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\NBKBv1.dll

Filesize
23KB

MD5
be8b666b5c0aa1325fe50c4332de3b0a

SHA1
f9ca7898c6ed4f186f49becf2aad0ee6c3a9eb3d

SHA256
41b66f64b12047c5aecfadcfa70bfa6fcbd7d8bca7fa5b9d4a3f8463f84064bc

SHA512
be8019cd74a87742735c819eadf82f2e277d8d284c205d396db21c90c5749f6213432f4e6f16eb93533b01313257aee6de301a1fee304c97ee1646046a7220f0

Download Submit
memory/2604-25-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/2604-28-0x0000000000400000-0x00000000005ED000-memory.dmp

Filesize
1.9MB

Download
memory/2604-23-0x0000000002E10000-0x0000000002E94000-memory.dmp

Filesize
528KB

Download
memory/2604-22-0x0000000004C80000-0x0000000004D45000-memory.dmp

Filesize
788KB

Download
memory/2604-16-0x0000000004C80000-0x0000000004D45000-memory.dmp

Filesize
788KB

Download
memory/2604-0-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/2604-27-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/2604-24-0x0000000004180000-0x0000000004193000-memory.dmp

Filesize
76KB

Download
memory/2604-30-0x0000000002E10000-0x0000000002E94000-memory.dmp

Filesize
528KB

Download
memory/2604-29-0x0000000004C80000-0x0000000004D45000-memory.dmp

Filesize
788KB

Download
memory/2604-32-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/2604-37-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/2604-81-0x0000000004180000-0x0000000004193000-memory.dmp

Filesize
76KB

Download
memory/2604-80-0x0000000002E10000-0x0000000002E94000-memory.dmp

Filesize
528KB

Download
memory/2604-79-0x0000000004C80000-0x0000000004D45000-memory.dmp

Filesize
788KB

Download