Overview

overview

7

Static

static

3

7e104e94c2...ec.exe

windows7-x64

7

7e104e94c2...ec.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2024 02:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e104e94c2a2f1f9ee10ba5c7e70d6ec.exe

  • Size

    665KB

  • MD5

    7e104e94c2a2f1f9ee10ba5c7e70d6ec

  • SHA1

    02b8a65430ae611baa46ca48c4b4e1ebcc9101aa

  • SHA256

    ebf4048af02f662e08746174979921767cfe327a76664493f90b34c304aa9bbe

  • SHA512

    44d80b4e8429448aebab720ef8ff61086a70d06647a1f024f2397f5f1ae1258368dcce8da5f315d27eb5e14efc9349f016ea6b1e4f15302ccd069fa98705c490

  • SSDEEP

    6144:8KDEo6in3CfUzXZjCjf79GnMTvQD5Y3cFDCStRz0MCfUztDzI7ybK7Ju:mo6qhCVYq3mtRz0LUztz/K7

Score
7/10
discoveryupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 4 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e104e94c2a2f1f9ee10ba5c7e70d6ec.exe
    "C:\Users\Admin\AppData\Local\Temp\7e104e94c2a2f1f9ee10ba5c7e70d6ec.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s actskn4.ocx
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2280

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\actskn4.ocx
    Filesize

    202KB

    MD5

    8737acb60e2ee5bed0913de1d88f85b5

    SHA1

    1d9957f853f11e19d2a46194c3db3df320a3c98f

    SHA256

    961b1b242d20b269fdb23fdeb2940b422eda71eeef234870c6a3832245502fe1

    SHA512

    df6178fec920307ea494fae7868bbbf7b0398d1d14e0b2810e96ad380954f8a23d403b4d1f1c0ccbb14d503e1937f50243fcf1cc34af5e3d6c6dd36306715d68

    Download Submit

  • memory/2376-0-0x0000000000400000-0x00000000004AB208-memory.dmp

    Filesize

    684KB

    Download

  • memory/2376-11-0x0000000010000000-0x0000000010076000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2376-10-0x0000000010000000-0x0000000010076000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2376-12-0x0000000000400000-0x00000000004AB208-memory.dmp

    Filesize

    684KB

    Download