da227b8605253a207ad5c2d8d38e984e32a182ce1fe30dcd899793cc924a1c8b

General

Target

da227b8605253a207ad5c2d8d38e984e32a182ce1fe30dcd899793cc924a1c8b.exe
Size

10.1MB
MD5

daf1c5843ee97b92104e170c59698aa5
SHA1

93d18cda9e3ffbabaa4030eaf381372ce2253f5e
SHA256

da227b8605253a207ad5c2d8d38e984e32a182ce1fe30dcd899793cc924a1c8b
SHA512

0d3db57f372357d136e76f31efd8dfd910e2b754e7d957619a959cd2adcbc1968691e6cf428d21a70272e3336c774a82597ca14a65d1715165ea1b684d954997
SSDEEP

196608:SVRbDv1LMpxYplV5v6hNtDiqw+A6XslNqqAA1GErYLwu8T8wX5l5lEX:SVZ1LMpxYpD5CwIXsvdwMIw7E

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000a00000001202e-51.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
1736	da227b8605253a207ad5c2d8d38e984e32a182ce1fe30dcd899793cc924a1c8b.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1736-54-0x0000000073B90000-0x0000000073BC9000-memory.dmp	upx
behavioral1/files/0x000a00000001202e-51.dat	upx
behavioral1/memory/1736-57-0x0000000073B90000-0x0000000073BC9000-memory.dmp	upx
behavioral1/memory/1736-59-0x0000000073B90000-0x0000000073BC9000-memory.dmp	upx
behavioral1/memory/1736-60-0x0000000073B90000-0x0000000073BC9000-memory.dmp	upx
behavioral1/memory/1736-68-0x0000000073B90000-0x0000000073BC9000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1736	da227b8605253a207ad5c2d8d38e984e32a182ce1fe30dcd899793cc924a1c8b.exe
1736	da227b8605253a207ad5c2d8d38e984e32a182ce1fe30dcd899793cc924a1c8b.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	da227b8605253a207ad5c2d8d38e984e32a182ce1fe30dcd899793cc924a1c8b.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1736	da227b8605253a207ad5c2d8d38e984e32a182ce1fe30dcd899793cc924a1c8b.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1736	da227b8605253a207ad5c2d8d38e984e32a182ce1fe30dcd899793cc924a1c8b.exe
1736	da227b8605253a207ad5c2d8d38e984e32a182ce1fe30dcd899793cc924a1c8b.exe

C:\Users\Admin\AppData\Local\Temp\da227b8605253a207ad5c2d8d38e984e32a182ce1fe30dcd899793cc924a1c8b.exe
"C:\Users\Admin\AppData\Local\Temp\da227b8605253a207ad5c2d8d38e984e32a182ce1fe30dcd899793cc924a1c8b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\HPSocket4C.dll

Filesize
80KB

MD5
b220f0b3057a925147f57c5ebff51523

SHA1
bb9faca3b0e9f849301ecbd58381e7965a143781

SHA256
f12af891c0c1cb5e793ab260ff92e9792c8f7f2541162390a44c27e2e954dcb8

SHA512
1e9fb6bd6005aab4f553b0a02c373671ce26fa773b06461e0041cfad0ae62bbf319105296ebd5e2c1ccf1c478ce17510aeb32dab8b83254fa2a18c9148f121f1

Download Submit
memory/1736-30-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1736-35-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1736-5-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/1736-6-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1736-8-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1736-10-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1736-11-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1736-13-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1736-33-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1736-16-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1736-18-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1736-20-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1736-23-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1736-25-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1736-3-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/1736-28-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1736-15-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1736-0-0x0000000000756000-0x0000000000DC5000-memory.dmp

Filesize
6.4MB

Download
memory/1736-38-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1736-41-0x0000000000400000-0x00000000017DA000-memory.dmp

Filesize
19.9MB

Download
memory/1736-49-0x0000000000400000-0x00000000017DA000-memory.dmp

Filesize
19.9MB

Download
memory/1736-48-0x0000000000400000-0x00000000017DA000-memory.dmp

Filesize
19.9MB

Download
memory/1736-44-0x0000000010000000-0x00000000101BB000-memory.dmp

Filesize
1.7MB

Download
memory/1736-40-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1736-54-0x0000000073B90000-0x0000000073BC9000-memory.dmp

Filesize
228KB

Download
memory/1736-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/1736-55-0x0000000000756000-0x0000000000DC5000-memory.dmp

Filesize
6.4MB

Download
memory/1736-56-0x0000000000400000-0x00000000017DA000-memory.dmp

Filesize
19.9MB

Download
memory/1736-57-0x0000000073B90000-0x0000000073BC9000-memory.dmp

Filesize
228KB

Download
memory/1736-59-0x0000000073B90000-0x0000000073BC9000-memory.dmp

Filesize
228KB

Download
memory/1736-60-0x0000000073B90000-0x0000000073BC9000-memory.dmp

Filesize
228KB

Download
memory/1736-68-0x0000000073B90000-0x0000000073BC9000-memory.dmp

Filesize
228KB

Download

Analysis

Sharing