323b9ae96f915ed3a82822386422571a5d1ecc95e6b2946de20f1b6854d78a9c

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2024 04:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wjjwzi.exe
Size

960KB
MD5

92d37d5da4173a00ee8c1a1ccb0ff71c
SHA1

b3095cb2667f66edc54488f548341c041db5a745
SHA256

d89b27e0c2b0e15797612c208baa5bbd0d1bbb53b3c694750b897627e48164ec
SHA512

8007a9d3562c18f7e208938fdb52ba98f7109d0e00d419bcbfe8296c0dbf6827205528d275ebdb36cb4b6f9503320cf85c178c938ce2f995de85e392ea250035
SSDEEP

24576:PNSIjE0L/fu5tIrhIQXnC1SWGxo2JtY6aushKJiJ:PNSIjE0L/fu5ANXnCzGxoB6ausn

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000d0000000233d3-16.dat	acprotect

Loads dropped DLL 5 IoCs

pid	Process
1624	wjjwzi.exe
1624	wjjwzi.exe
1624	wjjwzi.exe
1624	wjjwzi.exe
1624	wjjwzi.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000d0000000233d3-16.dat	upx
behavioral2/memory/1624-20-0x0000000004360000-0x000000000441F000-memory.dmp	upx
behavioral2/memory/1624-19-0x0000000004360000-0x000000000441F000-memory.dmp	upx

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\GLBSINST.%$D	wjjwzi.exe
File created	C:\Windows\SysWOW64\~GLH0001.TMP	wjjwzi.exe
File opened for modification	C:\Windows\SysWOW64\plpl.dll	wjjwzi.exe
File opened for modification	C:\Windows\SysWOW64\optplug.ini	wjjwzi.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wjjwzi.exe

C:\Users\Admin\AppData\Local\Temp\wjjwzi.exe
"C:\Users\Admin\AppData\Local\Temp\wjjwzi.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:1624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\GLC7B0C.tmp

Filesize
161KB

MD5
315f8d68ff1a414806e7344ac8dd8b6d

SHA1
8fe6719bdf12244e8ef154e36c77ec487dbafeff

SHA256
90b9dfcb65f6e6cd0123f44cbf8310659f4c7ca4488a57d3045f72d55a9771e9

SHA512
95a5efdaf8f620f85838be6eb59768a421059595c1e07dd6680aac3bfd371075f1c9528cb2dceefb333c72ed6821a6e592ca7d16e2923f39212a0e1ffdba296a

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLK7B2C.tmp

Filesize
33KB

MD5
a6601202dda81c941e14dd79878ca61d

SHA1
a436aa8bd1d6b501d30f01c4587fb32d513038f4

SHA256
7906a8f868986edda9f7c4df0d93ed862959b81344a475f452b9e31c1aece464

SHA512
c27d32541f21e0a5aa45939855d4cddfec04ec466a1231d419b29cf07157751bf778ef851868181a0392fbe6ddcabf372b7a2d35519b5b3a2bda21ff7192a5b4

Download Submit
C:\Windows\SysWOW64\optplug.ini

Filesize
38B

MD5
fad8c4d4e28165c09cf3d7181b4c5269

SHA1
cc0b38f48b58f243603f1807691bd8d0dd31571f

SHA256
b8fba263bebe8a697b417a9c1650b93cb6d7c3ca4f0963fe5a4c708d1ea3b155

SHA512
ae1ce3edca1451b64e6167f5fe5f1b59c865d8b08b956b36fcef398598369dd7eb34efb58bd9bb64de99cc1021de5bd521bb1ce42da9f706a55ecb951c168ec8

Download Submit
C:\Windows\SysWOW64\plpl.dll

Filesize
284KB

MD5
1ffeb47371c82eccd6572e3d46b841bf

SHA1
cfbb932f9bd2ca5ac3c42a44afc5970109c4c357

SHA256
826e77cb7cf5477fd5d99723c5df688762d5e09759de4a56bdfdce36397f479b

SHA512
8d23079c50cdf209d24375269623397b88e60492712aaed072bc212e864cde972b1bb556a3f9b9de3616f616c0c96cedf94d937226c61973f25dbced3ffe5573

Download Submit
memory/1624-20-0x0000000004360000-0x000000000441F000-memory.dmp

Filesize
764KB

Download
memory/1624-19-0x0000000004360000-0x000000000441F000-memory.dmp

Filesize
764KB

Download
memory/1624-21-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/1624-30-0x0000000004360000-0x000000000441F000-memory.dmp

Filesize
764KB

Download
memory/1624-31-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download