8eec1cbacaed4637f2f1dac7c09827f4788d4b80d467f7c48d66d5c4cdc744b6

Analysis

max time kernel
128s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 07:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8eec1cbacaed4637f2f1dac7c09827f4788d4b80d467f7c48d66d5c4cdc744b6.exe
Size

12.8MB
MD5

dc7493fd5248feebaa4e7c9513351e11
SHA1

93b8cb141da976de99dab863ba4c51ce1e190a3b
SHA256

8eec1cbacaed4637f2f1dac7c09827f4788d4b80d467f7c48d66d5c4cdc744b6
SHA512

86b9a20da4e22a624aa695959f77c5d517a89d875eef45c24858c0993e8fce478a373f48e1d497b457e5b9d0ff3453662eea98f1ccb532050aa32cc08dbec522
SSDEEP

196608:xRO7XXSRiCaV9TyjXPUcgvUN+MrS4rBKkKiaUJiyi6K/vXt4HbFLd9m+tJVoG3t:qvMrHIY9K/vXK7FLdg+tJ

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4304	8eec1cbacaed4637f2f1dac7c09827f4788d4b80d467f7c48d66d5c4cdc744b6.exe
4304	8eec1cbacaed4637f2f1dac7c09827f4788d4b80d467f7c48d66d5c4cdc744b6.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4304-13-0x0000000003410000-0x0000000003434000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8eec1cbacaed4637f2f1dac7c09827f4788d4b80d467f7c48d66d5c4cdc744b6.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4304	8eec1cbacaed4637f2f1dac7c09827f4788d4b80d467f7c48d66d5c4cdc744b6.exe
4304	8eec1cbacaed4637f2f1dac7c09827f4788d4b80d467f7c48d66d5c4cdc744b6.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4304	8eec1cbacaed4637f2f1dac7c09827f4788d4b80d467f7c48d66d5c4cdc744b6.exe
4304	8eec1cbacaed4637f2f1dac7c09827f4788d4b80d467f7c48d66d5c4cdc744b6.exe

C:\Users\Admin\AppData\Local\Temp\8eec1cbacaed4637f2f1dac7c09827f4788d4b80d467f7c48d66d5c4cdc744b6.exe
"C:\Users\Admin\AppData\Local\Temp\8eec1cbacaed4637f2f1dac7c09827f4788d4b80d467f7c48d66d5c4cdc744b6.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\libacf.dll

Filesize
3.0MB

MD5
717ae0841cf17611cefc59ca6cf8284e

SHA1
35d0dd5cacebb5787a07647f8536aa0294ca680d

SHA256
9b89bada8584f038c5c6744ea5249d71a5fa6d953a0152dbad21827a969e047d

SHA512
4efd5073d287ecea9cc7eed7d42e9b7e927f33d90faebb348651a35ef36d8ed4fb28e0f7dce77082d264cd0070c5a30393814a44d9760905d9279c2fbe164fde

Download Submit
C:\Users\Admin\AppData\Local\Temp\libacf_Caller.dll

Filesize
449KB

MD5
dc78ab716d4c046e187a0ccacceadc57

SHA1
01da2325701d0f5668bf8acbe28c8a7816f1b5c8

SHA256
9eb9405da103fe9c13f8d902fb1d6690d13a9a10115cc8e290ade22fa819af85

SHA512
0e02df7741f018d5946f783b4fbe62243847cdd6aed628f86a9c6895ca69db417e4dfce7429d8f9dc591ed9fd9b47ed140deb1f96bd8a7a9937c293f3cc8191c

Download Submit
memory/4304-24-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-34-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-13-0x0000000003410000-0x0000000003434000-memory.dmp

Filesize
144KB

Download
memory/4304-15-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-16-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-17-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-18-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-19-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-20-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-21-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-22-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-23-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-14-0x0000000001720000-0x0000000001721000-memory.dmp

Filesize
4KB

Download
memory/4304-11-0x00000000004D1000-0x00000000004D2000-memory.dmp

Filesize
4KB

Download
memory/4304-30-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-27-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-28-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-29-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-26-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-31-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-32-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-33-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-25-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-35-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-37-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download
memory/4304-39-0x0000000000400000-0x000000000116E000-memory.dmp

Filesize
13.4MB

Download