f67e875492e8fe1c8deb2f30804af1938e6ebb643030d26396c0746b25c4c960

Analysis

max time kernel
110s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2024, 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2b36bdbaf9f8c38c71a0d54c4869e60N.exe
Size

482KB
MD5

d2b36bdbaf9f8c38c71a0d54c4869e60
SHA1

febb9e1627dae2eeda179b391fc62d6418fc02fe
SHA256

f67e875492e8fe1c8deb2f30804af1938e6ebb643030d26396c0746b25c4c960
SHA512

ce5deef74e5f835d6a26c3b4c069ee2cc9696d58ce7ee3ce4d9168f4d5310bcb1554cf0eefee9c60b2fc5e390c3d7834f830828b5aafa13e4e2198c83bf9157e
SSDEEP

12288:vRPYB8TzBR3gy2f9BD3bqOidPWi1opnQtKARuL:vRPYyj3gjBDeO2Ht4

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x00070000000234cd-2.dat	acprotect

Loads dropped DLL 5 IoCs

pid	Process
4720	d2b36bdbaf9f8c38c71a0d54c4869e60N.exe
4720	d2b36bdbaf9f8c38c71a0d54c4869e60N.exe
4720	d2b36bdbaf9f8c38c71a0d54c4869e60N.exe
4720	d2b36bdbaf9f8c38c71a0d54c4869e60N.exe
4720	d2b36bdbaf9f8c38c71a0d54c4869e60N.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00070000000234cd-2.dat	upx
behavioral2/memory/4720-5-0x00000000744F0000-0x00000000744FA000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d2b36bdbaf9f8c38c71a0d54c4869e60N.exe

C:\Users\Admin\AppData\Local\Temp\d2b36bdbaf9f8c38c71a0d54c4869e60N.exe
"C:\Users\Admin\AppData\Local\Temp\d2b36bdbaf9f8c38c71a0d54c4869e60N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsxBE50.tmp\EmbeddedLists.dll

Filesize
57KB

MD5
b39e7bdae82dd074a57bd5555ed093a6

SHA1
a85dd2e27d847ecfa3298a748f1bb00ac5648ba3

SHA256
105cc10085c47be1494869f65a5bd939b0f4004d91ce091f7fb75368e8306e0e

SHA512
3ac590850757e0a868062a2706a676ae79288d8a30839fd67a20efc113f81a378e30fa397d54647f5f7cdef55615f45a49445088c79785a10aaf209f83563120

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBE50.tmp\inetc.dll

Filesize
25KB

MD5
29e2dcdfb57ee3ab5e2bbc2fc3c42f02

SHA1
bd6cafcce5b70ee15311f9f53e9fd4aac819ccda

SHA256
2b7a69e98ed4975fd4eade513cff17099c43b3eebe7e7641696d1d20e8e14b2f

SHA512
f71c981b3b5308566b56156462d106ebf8e49a32e55b70891f9d70338941afd347cb4df374fe38b9b3d7309f63dd75a7c80ebe02bb8941d558cd638a6f8daf7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBE50.tmp\installpack_items.ini

Filesize
24KB

MD5
a882107f037cc8c00e8cb3aaabee87bc

SHA1
204429d9df466784eee8095d2304cca6801979c4

SHA256
e2b981e3f5372b443277b6b685beda29755d90bb16c1e28f01515f1e6331ae02

SHA512
0fcfe2a493add9986de7d5f4ef9476b9f046ae4a99d3ffa1448495cee7e8111a5175e90d7ea34c6d187ed1043b2cfdba11fc4423da41900053df089c92b14ea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBE50.tmp\installpack_items.ini

Filesize
25KB

MD5
be3ea22748e9b7bdde611cc6e8b8d630

SHA1
91e14c2bc6c46c7a066adfef226ff33796686d13

SHA256
cb88d01dcff88e7734c78124252c829837a11548e7670e36f22c636c411a69dd

SHA512
08c99a66d82a2158ac823b57058131504e29dd96eecd84228abf51a8c7b300b7413fd0fd9df6e37bc025a0262242302d091703634e494a30260f1b0699812630

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBE50.tmp\installpack_items.ini

Filesize
23KB

MD5
fa5bb2145bf883ac9e22b63e4cf55315

SHA1
8cc02ad617c4ffbada73f749d9b62e8fc611cafb

SHA256
d41955439a979f22d6ed4cbd1725f375aaff829793072cd1741f21f6e34a05e2

SHA512
b891b207f0a5dc67e160025252b6c0c8e265876676b609ea992c557670dcbd8d909f12a1ec58e48f07f09cf8b9dcb50f6f0dd06cb967bd3623634cea9b51523d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBE50.tmp\installpack_items.ini

Filesize
23KB

MD5
af5d727517d5116612d9a8a645afb1f1

SHA1
afd717cb125a40c93dad28406fbb74158c551b29

SHA256
2cdf87fa064358b21c9229cdeb7b1c0cb09c4fa158268cfc05b7ed069032bcd0

SHA512
fb048edc2fc5743e295e2b49061c8ca743c71969403c5f7a7221df58d294f291537ea295d4211774aa02ccd1bf8ace6f5405460bb366b34844ce057557e43c68

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsxBE50.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/4720-5-0x00000000744F0000-0x00000000744FA000-memory.dmp

Filesize
40KB

Download
memory/4720-1834-0x0000000000400000-0x0000000000571000-memory.dmp

Filesize
1.4MB

Download