Overview

overview

7

Static

static

3

8770f21959...b8.exe

windows7-x64

7

8770f21959...b8.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/{416...er.exe

windows7-x64

1

$TEMP/{416...er.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-08-2024 22:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/{416EFCF5-47DC-49B8-9392-AE29034365FE}/ACDSeeProInstaller.exe

  • Size

    5.0MB

  • MD5

    aadd56a729e970a81249f031240d0d6f

  • SHA1

    a44dafc342f0d26e679e2f71213f5fbfc36e7006

  • SHA256

    628951fa0bf404c7d4ef365dd34eff8209f6b17fda5b9674ca85fcc4fa73b314

  • SHA512

    efd4996a1a88e59803e168d6613b57dab5e81f1478d07e028b07203d76d48c56979782967f3f2b9414d0a94798bf8c6d9b93477eeab0f1d950d1e9827c95e957

  • SSDEEP

    98304:8L3VBid7vs2RJQcL5xFLOAkGkzdnEVomFHKnPN:QaB9L3FLOyomFHKnPN

Score
5/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Modifies Control Panel 1 IoCs
    evasion
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\{416EFCF5-47DC-49B8-9392-AE29034365FE}\ACDSeeProInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\{416EFCF5-47DC-49B8-9392-AE29034365FE}\ACDSeeProInstaller.exe"
    1⤵
    • Checks computer location settings
    • Modifies Control Panel
    • Suspicious use of SetWindowsHookEx
    PID:2372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads