8ac24d9c7d67bab07b3733368b2490b6597f210a754950efbc3d4fd29a1368b9

Resubmissions

07/07/2024, 21:58

240707-1vfwns1dqa 10

07/07/2024, 21:56

240707-1tel8ayflm 10

Analysis

max time kernel
45s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 21:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Activator.exe
Size

12.5MB
MD5

6e47bea9ab90932d7b7dc87b25595a10
SHA1

abd8699cf93c07a85569d25d8ffb93245baedd77
SHA256

8ac24d9c7d67bab07b3733368b2490b6597f210a754950efbc3d4fd29a1368b9
SHA512

8fc81451fd67de521582b6545505fd39450e18f84ae16f637cfe6609f77c359c7b688b1c93bd8a41449640e81d7e4664ad1482e57b5e2aec85e4a0c6cf018654
SSDEEP

196608:Otvlimxx+hKFCjTO/62WtaEJ2Hsx8tn2s03nfz1HkFsnP1PibIYxpkn+9D3pdks:ovgf58Y1husnP1WuQpdks

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 20 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x00070000000234c1-43.dat	acprotect
behavioral2/files/0x000700000002349e-49.dat	acprotect
behavioral2/files/0x00070000000234ab-51.dat	acprotect
behavioral2/files/0x00070000000234c3-61.dat	acprotect
behavioral2/files/0x00070000000234a7-73.dat	acprotect
behavioral2/files/0x00070000000234a0-74.dat	acprotect
behavioral2/files/0x00070000000234a6-72.dat	acprotect
behavioral2/files/0x00070000000234aa-75.dat	acprotect
behavioral2/files/0x00070000000234a5-71.dat	acprotect
behavioral2/files/0x00070000000234a4-70.dat	acprotect
behavioral2/files/0x00070000000234a3-69.dat	acprotect
behavioral2/files/0x00070000000234a2-68.dat	acprotect
behavioral2/files/0x00070000000234a1-67.dat	acprotect
behavioral2/files/0x000700000002349f-65.dat	acprotect
behavioral2/files/0x000700000002349d-64.dat	acprotect
behavioral2/files/0x000700000002349c-63.dat	acprotect
behavioral2/files/0x00070000000234c4-62.dat	acprotect
behavioral2/files/0x00070000000234c2-60.dat	acprotect
behavioral2/files/0x00070000000234c0-59.dat	acprotect
behavioral2/files/0x00070000000234ad-58.dat	acprotect

Loads dropped DLL 6 IoCs

pid	Process
1328	Activator.exe
1328	Activator.exe
1328	Activator.exe
1328	Activator.exe
1328	Activator.exe
1328	Activator.exe

UPX packed file 35 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00070000000234c1-43.dat	upx
behavioral2/memory/1328-47-0x00000000749F0000-0x0000000074F00000-memory.dmp	upx
behavioral2/files/0x000700000002349e-49.dat	upx
behavioral2/files/0x00070000000234ab-51.dat	upx
behavioral2/memory/1328-54-0x0000000074990000-0x000000007499D000-memory.dmp	upx
behavioral2/memory/1328-53-0x00000000749A0000-0x00000000749BE000-memory.dmp	upx
behavioral2/files/0x00070000000234c3-61.dat	upx
behavioral2/files/0x00070000000234a7-73.dat	upx
behavioral2/files/0x00070000000234a0-74.dat	upx
behavioral2/files/0x00070000000234a6-72.dat	upx
behavioral2/files/0x00070000000234aa-75.dat	upx
behavioral2/memory/1328-76-0x0000000074980000-0x0000000074990000-memory.dmp	upx
behavioral2/memory/1328-77-0x00000000745F0000-0x000000007497D000-memory.dmp	upx
behavioral2/files/0x00070000000234a5-71.dat	upx
behavioral2/files/0x00070000000234a4-70.dat	upx
behavioral2/files/0x00070000000234a3-69.dat	upx
behavioral2/files/0x00070000000234a2-68.dat	upx
behavioral2/files/0x00070000000234a1-67.dat	upx
behavioral2/files/0x000700000002349f-65.dat	upx
behavioral2/files/0x000700000002349d-64.dat	upx
behavioral2/files/0x000700000002349c-63.dat	upx
behavioral2/files/0x00070000000234c4-62.dat	upx
behavioral2/files/0x00070000000234c2-60.dat	upx
behavioral2/files/0x00070000000234c0-59.dat	upx
behavioral2/files/0x00070000000234ad-58.dat	upx
behavioral2/files/0x00070000000234ac-57.dat	upx
behavioral2/memory/1328-78-0x00000000749F0000-0x0000000074F00000-memory.dmp	upx
behavioral2/memory/1328-81-0x0000000074980000-0x0000000074990000-memory.dmp	upx
behavioral2/memory/1328-79-0x00000000749A0000-0x00000000749BE000-memory.dmp	upx
behavioral2/memory/1328-82-0x00000000745F0000-0x000000007497D000-memory.dmp	upx
behavioral2/memory/1328-93-0x0000000074990000-0x000000007499D000-memory.dmp	upx
behavioral2/memory/1328-94-0x00000000749A0000-0x00000000749BE000-memory.dmp	upx
behavioral2/memory/1328-91-0x0000000074980000-0x0000000074990000-memory.dmp	upx
behavioral2/memory/1328-88-0x00000000749F0000-0x0000000074F00000-memory.dmp	upx
behavioral2/memory/1328-92-0x00000000745F0000-0x000000007497D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 1328	4564	Activator.exe	85
PID 4564 wrote to memory of 1328	4564	Activator.exe	85
PID 4564 wrote to memory of 1328	4564	Activator.exe	85

C:\Users\Admin\AppData\Local\Temp\Activator.exe
"C:\Users\Admin\AppData\Local\Temp\Activator.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Users\Admin\AppData\Local\Temp\Activator.exe
  "C:\Users\Admin\AppData\Local\Temp\Activator.exe"
  2⤵
  - Loads dropped DLL
  PID:1328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI45642\VCRUNTIME140.dll

Filesize
88KB

MD5
81b11024a8ed0c9adfd5fbf6916b133c

SHA1
c87f446d9655ba2f6fddd33014c75dc783941c33

SHA256
eb6a3a491efcc911f9dff457d42fed85c4c170139414470ea951b0dafe352829

SHA512
e4b1c694cb028fa960d750fa6a202bc3a477673b097b2a9e0991219b9891b5f879aa13aa741f73acd41eb23feee58e3dd6032821a23e9090ecd9cc2c3ec826a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\_asyncio.pyd

Filesize
33KB

MD5
0fb11b8a286d5cc42aa9dfcff01c30ab

SHA1
b6821bde782faf02347acd8fb1c3c92661da182c

SHA256
866f9ba34068dff5f0fad7d2c2bcb2cac2136632aadf06df6451aa734ee0a32f

SHA512
497032eae4989c3791a7a377ddab458c984b55da735937f21eb8a8654a784b39e83e5261ac033e878aea706bacb2c501d7ec15d77201655b899de2f7c6f678e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\_bz2.pyd

Filesize
44KB

MD5
be85139f08f3304325bcc539ab22ce88

SHA1
e2b05661c7cba3dd48154aabe97cf5988f30e190

SHA256
3ace8490f5d9c64e79d696d1a4e9692ca12ee53831396fb31b9692f97543ccc0

SHA512
1ba6dae7cd19fef50b5ee1e50f6c81913e8926d4ca592b37cbdfb283ef25629866a7ed98b12eb943ac600cc40bc2711d23e7a9891754bef4cacb208fcf3727c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\_ctypes.pyd

Filesize
52KB

MD5
da190a412c9762ef8a8a4509bdf60d18

SHA1
99b2249d31527ea87a8ceed5c5931146053b1eee

SHA256
de95f33e0211eeb9e0a9246986bc9c5cb9e712e884f93fcfafab34449ed67ca1

SHA512
c0f0594a67dc514725abfc3ad2466e76647eb1348c59139191bb386c45514913b69e8cc06079849c715b87f936733544d980fff6baf780ba82a49a4b6762ab95

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\_decimal.pyd

Filesize
79KB

MD5
d09f499f38f36cd22bf783a34c07a284

SHA1
9c71faaea7a48c9caeed18d8badc123d354337f7

SHA256
7487f629c1e89fca8870a292fcb88bfa7cd3be72bab5b220736271db1e80d869

SHA512
f5d447a1dbbe68338deeed65912906e938e2315fb294a2430a9814ee39bbcd75096cd258b726c8a123a0a2c0b2d6597786bfeaa58718476c1f996522057a9d9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\_hashlib.pyd

Filesize
30KB

MD5
967835e6f2267b359b25acd2e947e4e7

SHA1
97bcd65ffad1ec2ca08cdba46470297b6678178f

SHA256
dc02966b8c79d14d9d7753cbb12c5412f88c601bc63a4287d9a1eb6f7bfb6b1d

SHA512
97fb9c608e292d9e8666fb4d3bd50302e7abc183ade618430ae4eefae038e795174a199a4e17fdee13367dc8616e03891d84a35a106eaabbc49c2d34c6d1f468

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\_lzma.pyd

Filesize
79KB

MD5
6e9f336041454a196373f2f6904eddbd

SHA1
4ebcfa4096153a17bca35a3e511bd71c40109bcf

SHA256
d113eeecb5e57893ca135175cd7483126b5e43a904fba38a886c2021bf94f8eb

SHA512
ea817101c9380829c7d5da9dcc0143b72e2a0834e948f57c8b48d289455c5dfee6ff6864d106a92dc4e6ad026342cf916173301a5a84edb8a4333bbc1c0305de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\_multiprocessing.pyd

Filesize
25KB

MD5
336f01a17bcc32f26890e0d519534fe1

SHA1
a3781f0da29cdcdb2fab6fef8aa63b887a8fea03

SHA256
7a1f068e743bc8e60dd13c46e96aaf638ec09f3adda95ab755cb9a152cb5b88d

SHA512
206a7a783f1f1e462d437ee9cc54bf6e594ddb751372ecee6bc712232aa057501a940403862b2ab8de93a1a744ca940f7f30b3981751fb04347896cce06170a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\_overlapped.pyd

Filesize
29KB

MD5
eb5c2f0eb245ccfc48666cc7edd7e099

SHA1
ae66bf56011bfdf66d7894814bafa1f4dc0abbbc

SHA256
fdceb1ecfcab79a295e57b3cf0b5c16b8fb0bcf9549494afd1d9abd9f7219504

SHA512
713bbbf3f238def02155657ee256afea9e74fe895daa0d5b0040f33a4f10601ecea34adb7b239144acff18190dccb88dc12364554a069eb9eb0941b4988a5aea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\_queue.pyd

Filesize
24KB

MD5
26f349b8ec626f63d8b4b861975ccde2

SHA1
e095da2152e345a794f5141b45becfeb04bc3f35

SHA256
8deccb8bad06a3d7cc016e13e1d3a1fcfdf84f5970160a1e74db7d5c6c5e2d1a

SHA512
bdbee86ce2de40dfbbea1feaaaf7e5181a27ca09bbe13ed29372f1c1fac109711847fbe0f2d2e5db6e260f36081859d3690e6f7f74901a803499f904eadcef3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\_socket.pyd

Filesize
38KB

MD5
65d0109db28d7692a2175011768048fc

SHA1
a58ef52ce9aab3c3ef82a3b182e1f31f81b9334d

SHA256
f6b7893c7ccd58b7275cb9ca9e5f3dbc8169fac80c1db978508bf818359f87b3

SHA512
569bb757f606feef936a0785077697d9cd763fdc60dab9655c5bf384abbff829b7fa84da395aec130f8995a0ffd3c15d2809712949fa4eff7809d645fc329371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\_sqlite3.pyd

Filesize
44KB

MD5
40824b8c19071ce8e03f029068ab30ec

SHA1
8eb2735bc64867d734c9ea8a1c0cebdd32ff79e0

SHA256
7d7e5cca2bfe9b6728f45cae0440f9d593ce1e972cf21d0c678d36f99dfd36be

SHA512
8990791b9d7f7a7a38ebfac76f69574614f3fda85705e58f020938d7a8d44a273b5185df67ab7de4608f5f5cad0e4de44941b25da42787992d5ca74851613a78

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\_ssl.pyd

Filesize
61KB

MD5
8111f1613454c24245b11384d4f339dd

SHA1
bd7ca1b533a47fbd49fb3b41802bbf5be5273a8c

SHA256
c8032e9cfb4ab80f64a5b33d779e2bce14d91bd1a543ff4a1a41fb5732d9843c

SHA512
e5d6cc1ab2cfcc17aac6d2d1165db9c7ccc762fce51160c01afafd3b4c35be69e34c96313d02dc39f3e8f755736d86cc6c37419239a8ed38cd0dcf52c235e967

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\base_library.zip

Filesize
1.4MB

MD5
c04a1916b8a726a74bcdba99b42a376b

SHA1
f87ca7e558071e8dc85872644b8b2993563a75c0

SHA256
f9c5fdc929a36e519ec6a0a3d9f9a4f3358105640bdb71d98de7fb395542b8c4

SHA512
8f453af49da1354b8e22aac594edc2cc5907f64a85167a35d750d2d300be0f39b0f461d48ab5cff70cf24e7f43bad8143933d42710db6153f782c3411923a073

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\crypto_clipper.json

Filesize
155B

MD5
8bff94a9573315a9d1820d9bb710d97f

SHA1
e69a43d343794524b771d0a07fd4cb263e5464d5

SHA256
3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7

SHA512
d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\libcrypto-3.dll

Filesize
1023KB

MD5
929df34736100473bb658503a77a2fb1

SHA1
2b081c8f615e4b955ec87a52f0e666f75aa75f2f

SHA256
813328a96b3d907770e5a34333b042c301e3c5ad21711b8e0a82b2cfd264debf

SHA512
7829a1319f768debd2c282d5143143fdb21b4937bae35288194c7099f0d387f0617dc0743570816869c3c736779e91db41b3908031fbbc5c68bd1ac16182b427

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\libffi-8.dll

Filesize
28KB

MD5
cafe0a27f8f2cc6f5e4a4c6233bb954f

SHA1
6f8b66056d058a02b05e61b9090762ed7acced6f

SHA256
97ccb8542e8bbaf8c949683e8aba21b85e496a237c5543f8b2f6d90d9855b389

SHA512
dc2221584fc54f6c9e423f212294614a447f6a8274a61138910f2364ca7eae041c15c8d224c6b7f3f79581626a3151a27bfcedee95e65784d6e16e94ccfe6330

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\libssl-3.dll

Filesize
190KB

MD5
bce101eeaaa7bdf1063158964961c860

SHA1
352c7f720b3977cf0c5152f9e33c42ed1786e13e

SHA256
80720807204e840c63ade6b4425a5e6e2f6e2b5fbae95260307bebf2ac7fb027

SHA512
ea8d84368728b4adf8829c6e662e516328694052fa3c4c1a4f4588e74da81158f64995a9eddd5241f6c243457dd82441ee381361ca984dea872bf91c67f5fc5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\pyexpat.pyd

Filesize
71KB

MD5
6e74820a102a123c2f1ec65b0ea981b8

SHA1
b5e07524c9de095bb8a2de484d6ef02daecc963e

SHA256
e685c7061ecf13184ee7c11ef405cbccba7e6f7b2b9ff169fcb7747236b65b27

SHA512
d067e911af242b6e4b9285a6f256261409cd23190ed5401d22605b6c6b2a7eae4cb3dfbd1cc904ce06eb20cd96306beecabeb77a70be5f70b02e5f1e6b90a74f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\python311.dll

Filesize
1.4MB

MD5
df88f8e8a13f7026ca3d7cfcbe0f7899

SHA1
4431e70e6d2911096852eccbb95b3015cdc7b129

SHA256
de9b346a0a8aedcfa3ca53f63c95a549595fc49a7ac8b7d41e849b6157980867

SHA512
ebec07cdd71a70a9f56413e9e7868d2bdd81d0e369bd9bc923ee1a8821f9c34983cf9391e0e154d647df566fe0dcd261c72c5c5eab974d570ff25e38c7635f5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\select.pyd

Filesize
24KB

MD5
81e02268c70643b00b2cd08fa5fabdc6

SHA1
7014ae2927c346777b64790f968243308bb6d90e

SHA256
58f3b7be63f84f6a78bd86c3e6dcbe43cc2d1e348d514cdd61f88daebac2b9ed

SHA512
9a527aaae0ee2b44a83a2c256066059c7528d5f9483b794b69e8e813e4beeb2799b1ab7f0d3ac096e57e4e4ff10696cbd692ee5cd614d1def50dfa9ac85476cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\sqlite3.dll

Filesize
505KB

MD5
46cbc4b1a7f66449e9945964d23722d0

SHA1
39420d13a13def505d348bf01b8be3f97f5e99fb

SHA256
4db6828ff91b31c2a49f9fe3144a21627686a67822e72d3e5649bc7122ba9823

SHA512
e67355bd8bbe716c0632d8d690bd710811da32956abb4a4218da08e6a2f6921a162d4d9fa4c6df8d1ca8297efdcf6a173daa57d3524582487cd3cdc9cf8cc69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45642\unicodedata.pyd

Filesize
291KB

MD5
485142e6218019ba023f0328788c7cf5

SHA1
e34e524d84c1a48604adbdb26b1cbe801e84a434

SHA256
43438380f07bdcfa795b610cf2de45159dd809ea63d178fb3e16ca4198fcdd84

SHA512
ffe9315fb9bcff3a94259730996dee28e9c004d6d62bae06b49c705ef22adcc6de275cadb863932a456e42c09bbacf6e35403af27f30988e9695ce235dcc0725

Download Submit
memory/1328-54-0x0000000074990000-0x000000007499D000-memory.dmp

Filesize
52KB

Download
memory/1328-79-0x00000000749A0000-0x00000000749BE000-memory.dmp

Filesize
120KB

Download
memory/1328-76-0x0000000074980000-0x0000000074990000-memory.dmp

Filesize
64KB

Download
memory/1328-53-0x00000000749A0000-0x00000000749BE000-memory.dmp

Filesize
120KB

Download
memory/1328-77-0x00000000745F0000-0x000000007497D000-memory.dmp

Filesize
3.6MB

Download
memory/1328-78-0x00000000749F0000-0x0000000074F00000-memory.dmp

Filesize
5.1MB

Download
memory/1328-81-0x0000000074980000-0x0000000074990000-memory.dmp

Filesize
64KB

Download
memory/1328-47-0x00000000749F0000-0x0000000074F00000-memory.dmp

Filesize
5.1MB

Download
memory/1328-82-0x00000000745F0000-0x000000007497D000-memory.dmp

Filesize
3.6MB

Download
memory/1328-93-0x0000000074990000-0x000000007499D000-memory.dmp

Filesize
52KB

Download
memory/1328-94-0x00000000749A0000-0x00000000749BE000-memory.dmp

Filesize
120KB

Download
memory/1328-91-0x0000000074980000-0x0000000074990000-memory.dmp

Filesize
64KB

Download
memory/1328-88-0x00000000749F0000-0x0000000074F00000-memory.dmp

Filesize
5.1MB

Download
memory/1328-92-0x00000000745F0000-0x000000007497D000-memory.dmp

Filesize
3.6MB

Download