add8b7edd74822c2bcdeac12f9225406bae8b93b7e78b76de99053f9a0665d70

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05-07-2024 05:13

Target

add8b7edd74822c2bcdeac12f9225406bae8b93b7e78b76de99053f9a0665d70.exe
Size

14.6MB
MD5

a9b03c18438939291b716dee1d5150ea
SHA1

6aaf845e68b7b8b8d8f73bd111fb556c0d186bbf
SHA256

add8b7edd74822c2bcdeac12f9225406bae8b93b7e78b76de99053f9a0665d70
SHA512

63724c59020a97a3c5bf31c31aa5298f625259a7d95c7dbed0bdb5bb0e91de0f1578fb58e5ebfc19f6fbb7e87d873fdc59f93e5cb44dff1f6a85ae2a9fabe15f
SSDEEP

393216:4TCIT7E51DXhe9RU26bAMFS4R+X6K/AmpkS:QCoo5RY9RiAMFLW6tYH

Score

7^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0003000000011ba4-8.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
2852	add8b7edd74822c2bcdeac12f9225406bae8b93b7e78b76de99053f9a0665d70.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2852-0-0x0000000010000000-0x0000000010018000-memory.dmp	upx
behavioral1/memory/2852-2-0x0000000010000000-0x0000000010018000-memory.dmp	upx
behavioral1/files/0x0003000000011ba4-8.dat	upx
behavioral1/memory/2852-10-0x0000000004CD0000-0x0000000004D6F000-memory.dmp	upx
behavioral1/memory/2852-40-0x0000000004CD0000-0x0000000004D6F000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2852	add8b7edd74822c2bcdeac12f9225406bae8b93b7e78b76de99053f9a0665d70.exe
2852	add8b7edd74822c2bcdeac12f9225406bae8b93b7e78b76de99053f9a0665d70.exe
2852	add8b7edd74822c2bcdeac12f9225406bae8b93b7e78b76de99053f9a0665d70.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 2080	2852	add8b7edd74822c2bcdeac12f9225406bae8b93b7e78b76de99053f9a0665d70.exe	30
PID 2852 wrote to memory of 2080	2852	add8b7edd74822c2bcdeac12f9225406bae8b93b7e78b76de99053f9a0665d70.exe	30
PID 2852 wrote to memory of 2080	2852	add8b7edd74822c2bcdeac12f9225406bae8b93b7e78b76de99053f9a0665d70.exe	30
PID 2852 wrote to memory of 2080	2852	add8b7edd74822c2bcdeac12f9225406bae8b93b7e78b76de99053f9a0665d70.exe	30

C:\Users\Admin\AppData\Local\Temp\f7721a4.tmp\data.ini

Filesize
2KB

MD5
d09437c8cd7a01f55b99cd1b904aaeb8

SHA1
687b9f353e22c4fdaa75e8901f4ab45b3e59d71a

SHA256
fb76344bfed53572f7f2298fe5cac6c9ef52aaba663efdd25a5c08fa25cf77e9

SHA512
be6aa4a1ca1234d70de7595b96ec28c81e277deaaecec68e6ebb1100c4a9e1a683d63b0dd3e02f810ff333fef45ba084f7504e4954ed6dd94388344918a4c5a8

Download Submit
\Users\Admin\AppData\Local\Temp\7-zip32_2.dll

Filesize
233KB

MD5
ea3df059beae86a3e186b2b179755e77

SHA1
babdcd6b5082c02fa2f5ebc2020f2cb3bbd77e8d

SHA256
1ab68a0c296281437fe638c8535309c6241ded4852608d940f5efcb8cc2d91a6

SHA512
1406d8083cfbd26e18aba74f6b45a09137bb3960f7afce5c5d0d790b0edb7277b7b885ed2ded9def12b667bcb37cbfb335884b2d7b8f08565743b674d1f053bb

Download Submit
memory/2852-0-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/2852-2-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/2852-3-0x000000007738D000-0x000000007738E000-memory.dmp

Filesize
4KB

Download
memory/2852-4-0x0000000077360000-0x0000000077470000-memory.dmp

Filesize
1.1MB

Download
memory/2852-10-0x0000000004CD0000-0x0000000004D6F000-memory.dmp

Filesize
636KB

Download
memory/2852-40-0x0000000004CD0000-0x0000000004D6F000-memory.dmp

Filesize
636KB

Download
memory/2852-42-0x0000000077360000-0x0000000077470000-memory.dmp

Filesize
1.1MB

Download
memory/2852-41-0x0000000077360000-0x0000000077470000-memory.dmp

Filesize
1.1MB

Download