0d758fa0a4c3a9a4b634fb08211078d408418148215105ef3e30a492672bfda1

Analysis

max time kernel
143s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-10-2024 16:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fps_boost.exe
Size

10.3MB
MD5

c157d6596197035913df51690b5aefca
SHA1

b5a3f07e7d53ba1ec6c4628096464be57a11c991
SHA256

0d758fa0a4c3a9a4b634fb08211078d408418148215105ef3e30a492672bfda1
SHA512

6565e0f96664c6cf39bedeaf35b9db104db53a4892e14211bb2f0b95b4f0d11c849c42a4adf799b5f75ea657d4b6b03472a3250250337599574212552dee0302
SSDEEP

196608:Muin3DxOpJlXC4NmNumGOEJohaDjx4a0FAwYxM4NBXSrgllqbvYK:M3nTxOpJUi/raMjm2BPNMrgGY

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 22 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0007000000023ccf-45.dat	acprotect
behavioral2/files/0x0007000000023caa-51.dat	acprotect
behavioral2/files/0x0007000000023cb9-54.dat	acprotect
behavioral2/files/0x0007000000023cd0-61.dat	acprotect
behavioral2/files/0x0007000000023cad-68.dat	acprotect
behavioral2/files/0x0007000000023cd2-63.dat	acprotect
behavioral2/files/0x0007000000023cb8-80.dat	acprotect
behavioral2/files/0x0007000000023cb5-76.dat	acprotect
behavioral2/files/0x0007000000023cb4-75.dat	acprotect
behavioral2/files/0x0007000000023cb3-74.dat	acprotect
behavioral2/files/0x0007000000023cb2-73.dat	acprotect
behavioral2/files/0x0007000000023cb1-72.dat	acprotect
behavioral2/files/0x0007000000023cb0-71.dat	acprotect
behavioral2/files/0x0007000000023caf-70.dat	acprotect
behavioral2/files/0x0007000000023cae-69.dat	acprotect
behavioral2/files/0x0007000000023cac-67.dat	acprotect
behavioral2/files/0x0007000000023cab-66.dat	acprotect
behavioral2/files/0x0007000000023ca9-65.dat	acprotect
behavioral2/files/0x0007000000023ca8-64.dat	acprotect
behavioral2/files/0x0007000000023cce-60.dat	acprotect
behavioral2/files/0x0007000000023cbb-59.dat	acprotect
behavioral2/files/0x0007000000023cd1-62.dat	acprotect

Loads dropped DLL 6 IoCs

pid	Process
764	fps_boost.exe
764	fps_boost.exe
764	fps_boost.exe
764	fps_boost.exe
764	fps_boost.exe
764	fps_boost.exe

UPX packed file 34 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023ccf-45.dat	upx
behavioral2/memory/764-49-0x0000000075120000-0x00000000755A2000-memory.dmp	upx
behavioral2/files/0x0007000000023caa-51.dat	upx
behavioral2/files/0x0007000000023cb9-54.dat	upx
behavioral2/files/0x0007000000023cd0-61.dat	upx
behavioral2/memory/764-77-0x0000000075050000-0x000000007505C000-memory.dmp	upx
behavioral2/files/0x0007000000023cad-68.dat	upx
behavioral2/memory/764-79-0x0000000075030000-0x0000000075042000-memory.dmp	upx
behavioral2/files/0x0007000000023cd2-63.dat	upx
behavioral2/memory/764-81-0x0000000074DD0000-0x0000000075022000-memory.dmp	upx
behavioral2/files/0x0007000000023cb8-80.dat	upx
behavioral2/files/0x0007000000023cb5-76.dat	upx
behavioral2/files/0x0007000000023cb4-75.dat	upx
behavioral2/files/0x0007000000023cb3-74.dat	upx
behavioral2/files/0x0007000000023cb2-73.dat	upx
behavioral2/files/0x0007000000023cb1-72.dat	upx
behavioral2/files/0x0007000000023cb0-71.dat	upx
behavioral2/files/0x0007000000023caf-70.dat	upx
behavioral2/files/0x0007000000023cae-69.dat	upx
behavioral2/files/0x0007000000023cac-67.dat	upx
behavioral2/files/0x0007000000023cab-66.dat	upx
behavioral2/files/0x0007000000023ca9-65.dat	upx
behavioral2/files/0x0007000000023ca8-64.dat	upx
behavioral2/files/0x0007000000023cce-60.dat	upx
behavioral2/files/0x0007000000023cbb-59.dat	upx
behavioral2/files/0x0007000000023cba-58.dat	upx
behavioral2/memory/764-55-0x0000000075060000-0x0000000075082000-memory.dmp	upx
behavioral2/files/0x0007000000023cd1-62.dat	upx
behavioral2/memory/764-82-0x0000000075120000-0x00000000755A2000-memory.dmp	upx
behavioral2/memory/764-87-0x0000000074DD0000-0x0000000075022000-memory.dmp	upx
behavioral2/memory/764-89-0x0000000075060000-0x0000000075082000-memory.dmp	upx
behavioral2/memory/764-88-0x0000000075050000-0x000000007505C000-memory.dmp	upx
behavioral2/memory/764-86-0x0000000075030000-0x0000000075042000-memory.dmp	upx
behavioral2/memory/764-83-0x0000000075120000-0x00000000755A2000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fps_boost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fps_boost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4748 wrote to memory of 764	4748	fps_boost.exe	84
PID 4748 wrote to memory of 764	4748	fps_boost.exe	84
PID 4748 wrote to memory of 764	4748	fps_boost.exe	84

C:\Users\Admin\AppData\Local\Temp\fps_boost.exe
"C:\Users\Admin\AppData\Local\Temp\fps_boost.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Users\Admin\AppData\Local\Temp\fps_boost.exe
  "C:\Users\Admin\AppData\Local\Temp\fps_boost.exe"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI47482\VCRUNTIME140.dll

Filesize
81KB

MD5
55c8e69dab59e56951d31350d7a94011

SHA1
b6af2d245ae4d67c38eb1cd31e0c1cffb29b9b2c

SHA256
9d8d21022ff9d3f6b81a45209662a4f3481edc2befae0c73b83cf942eab8be25

SHA512
efb2ac1891724df16268480628eb230b6ee37ed47b56d2e02a260559865cdd48ee340ce445e58f625e0f4d6dbdc5bfb7ce2eeedf564b837cff255ef7d1dc58cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\_asyncio.pyd

Filesize
29KB

MD5
fc2732eee5ab49a1767460683a103987

SHA1
543963e7e3e9152532ebbb682bb0dc3bb8373692

SHA256
f7bd5af823984398987213d033602d25b22a75da12e41aba20ffc686e9fb9f89

SHA512
62c47fb53f7dbf5bf28331b97a36d0d92b1a559784a0b7ac96ecd97503657b1714587d627fb09d0631fa4d95348dc8889edbc2100f84e2d8088dd2a22e61b68e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\_bz2.pyd

Filesize
42KB

MD5
7e2635e06c3d7a72d2b0e1cbb8f4b47a

SHA1
0eb409c30d87507aa736cd096cddcbde53645229

SHA256
e2858222c0f5729d79a244ddf9a8b4aba9f7bf720f7d606d015ba48464181274

SHA512
7adbbefc172cebf7c0a1a50437ed6e44a40dd79ff94bd3275ac434aa9996f15f50a43beb277f5c090592cc8ac4d6f456f853efa446fbb042a30352e096880655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\_ctypes.pyd

Filesize
50KB

MD5
03fe59e2e3f629843ffaabd9d700819b

SHA1
a0636abd0cd55d2b3d923d0ef998df3aa08f1b8b

SHA256
2486f363d4586d3a1d6cc5a92d95c10e28d8af2a165db4be99cec7e7b791a557

SHA512
b79c45c2f2b070fd7627631ca6da4502d8e62a0a63f574bdc074fcb5292798b8007e2b5cbf457e5dd7e0758e77606660f6560bdcc614f6c69d46f662a845d3e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\_decimal.pyd

Filesize
83KB

MD5
3b86f83c0ad6fd0730ffbbccab15241e

SHA1
b0a221c250ec5da47677e05d0226d71a6f675f76

SHA256
7cf6ca3ce7919d268c3ad48f0a71ebf6a7ae1c0feec34af17e0c856b9d7d9f61

SHA512
9c1f4b19ed941e789d9727fb4ceb112f44461e86a5e0e649d451d32655523e027322b2e1a330812401b590f48e407f81143deb84ff458163fe6603c113361b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\_elementtree.pyd

Filesize
71KB

MD5
a4b295e88a0ca842a95a4d1ea92e9681

SHA1
9046a29fb328b7a9a747a920245833e599f960b7

SHA256
60311b89a968044cdbb80255c5f0f79a0ec90c9cc749c2421d4bda7b7cfc537e

SHA512
ae3a93fd8bbd72b28b45b0075d5b54ea57200940a91131f43ec0e3a9ff864c886a4eb83bf16d82877bc5e1ce56a2ae15e0a4e702787020d2f7627be6258b30d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\_hashlib.pyd

Filesize
26KB

MD5
c4ed6bb824eafcb71325e5ddcef21890

SHA1
c26859fb72d1e9270618c924af411d5b190ec372

SHA256
779ca6540c3f039e41c0e73396346f5bcd6d15e95f6b4934dc635daf618279cb

SHA512
46b4296f42245a361ca1fd1e58b1e1fb0f8bd760a526b1ab7717c32cb808d08ce1eb07dfafc55eaa80b5ba4c40d56cf216ac5a699715639cad7031055d25622b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\_lzma.pyd

Filesize
80KB

MD5
eabe20f2b3e9bf84affb523c2e023fec

SHA1
aea8d13848b204e25f5e21e261fa2c92ac794dae

SHA256
13f7904dee42476f01568e187c611d0193417ee5371bdb443083f5859a08357a

SHA512
14c650d67c8269f54ffe1e095b00e46843da6ed23947efd87b3d18fa07a17d3e0caa06471e45044fc2ee3c0e07a3c2a0cee55f79330aed8e602c337b00744209

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\_multiprocessing.pyd

Filesize
20KB

MD5
e830e563ed0d882511cc114ca267e4df

SHA1
4383197285d2a7602eaf29b9e3976e91144bdef9

SHA256
b70f64c66e1c39dbc709f65ec78ec6a6003189904c928f98abfe5f2c64e97c2b

SHA512
a46a2c7bcba0b98d56e74584710c45de48d6ba9153c929536e1b95c47ec94effdd67bc23b0c4c01f4b0b69df93ca99305a979b1eb5f07bb21ad45217214604b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\_overlapped.pyd

Filesize
24KB

MD5
bc4ab73c6cd06309604a537fdc27d510

SHA1
7cbb3f61b00bf82fd5a6f1041c5d06e8fd2ef23a

SHA256
05af7a47b2654cee9599f9f7d2c6425464939b0b18bf641b553629f48febcdb1

SHA512
3e0f3d0adf518e7b87471951c18de1b359105f7044ae19fe38328db52774f71493fb135e9e78518a994105ac46eacde3d512ea0f2380fc01ff83917d3bb66d07

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\_queue.pyd

Filesize
20KB

MD5
57b82ec9fef0bd5a54f8f633f5978317

SHA1
d2aac952e500f7c5b0cb5133feed6a5de0e56e30

SHA256
c7edf6cda105ad6f127afa4ce659ac519406279323ddda344316764782bf70cd

SHA512
6bc734958fc0e5deeba1a551973b23d0ef245a5fe193e7bf1508adeaacf864f184002c32fabd18e4f96b755bd05eaebe4acd30114fa18d3bf5366027a7a869ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\_socket.pyd

Filesize
35KB

MD5
6eb06bba571d03b65a19535966d4d9d6

SHA1
c61de129dbca3731d596a1cdebc9431ba8bc43e8

SHA256
a4f5160eb46943dc89410de9c0d09edb18f6e194abcadf1d07504eb4eb70bc02

SHA512
e23cac3f10020cc1cb8941627d7d157f30db3d7b1fa6ac8ab23ac7ae130526ee221bce951ac094ab63a545faa4f19f4df860dc327885c110b42aacc5758af339

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\_sqlite3.pyd

Filesize
34KB

MD5
a779b2c2e39295e787b21a4d9b8a8663

SHA1
a3a1a09d46a33469e04d945f6d60f2de90d49895

SHA256
18b228b76fbe257f4bb771e80506a9fcc759e912fb1344781a42875bf8b60ae4

SHA512
1d44fd1fd8d5e2d0927e39c15af2bf0dab1e60c2ddb9d738ec9fe1f059a9c28692b80f0128226e527e81c28de575820217f0a8912f68447fa0f8bb58f23fee33

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\_ssl.pyd

Filesize
53KB

MD5
eba397afda3baaeb3e4a38ffed4391b1

SHA1
f5d53e1c91bc5c3239ebead81c9abddd2121fe62

SHA256
4d874d604da9ae4755fa0a851557116be67416d597d1becc673245531923b934

SHA512
c6a1aa19e55a794d5d545e592017865a9c32745c30039c0ebfb7f1e139617d4bf41c3b20f445f192309267af17028701be4ae25cbdcb0fbb6fc8c57d2992b5b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\_uuid.pyd

Filesize
18KB

MD5
15985ef78a98897e3096f679e870c15e

SHA1
8134574c360a4abfa3f4e4f6182f2d271b240ad8

SHA256
14f4d198bf974db98883f103ad18591dd8e793499e296c6cbf599eea7490e41f

SHA512
ed29d924a00d155f927d3e2a4295d6f9a5d6dfc56af62388fa5af1a769ffc703cdca6ebcaff1cb098c8bfbf87a2deb297c363b81c838985735eb6fe779a37f26

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\base_library.zip

Filesize
822KB

MD5
077f614c0d45a14b87aa769da7277165

SHA1
edd2f5a6bfffc3b5b7705fa179054ee4c46617f1

SHA256
1888bebd2e4d139168e11ce69b9100e4f6d6fa038436155adbdcd2bede8419a3

SHA512
d46896f4a1a50ca660c5b1b2825e39883535dc6bafb3c64da5b185e05197f1b1d319c26fb9d875d70ead73ea2d7dcc02fa5bc3e22187bf65278493dcc951ad1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\crypto_clipper.json

Filesize
155B

MD5
8bff94a9573315a9d1820d9bb710d97f

SHA1
e69a43d343794524b771d0a07fd4cb263e5464d5

SHA256
3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7

SHA512
d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\libcrypto-1_1.dll

Filesize
735KB

MD5
dbd06f3421a0cf3fc22a9e208a5bdded

SHA1
fd8d5cd2ccbbda5f3b5e6ad874830f69d7c58b15

SHA256
889d304848874192386184a10fc87477601e9a1100898a4297fc23111eaeb7d7

SHA512
2806973c67400c478845c945821149d6135dd04951891454cf7d2b4fdd6783460857297d77d368187fe7bac998be4d273ba7aa325a2623d1985475b1069f726f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\libffi-7.dll

Filesize
22KB

MD5
be02e3ba1fddb2bef792c6f179442431

SHA1
1b87681c55e0d343c217ceaee48f6e5a73b33ce1

SHA256
c763cceb2134aef0cfa4dbd201e9f60c1441e169886d8a80e09eff855396f997

SHA512
a5e5d383c419433592a6d8c6a36e0ecb8a2ddb5b15dffa22b94fe2cbda1fae07404ae2fdce93222c2c10397375eb7725d4dd44afe8624222adfa7724ba54f021

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\libssl-1_1.dll

Filesize
166KB

MD5
fcde85ec96fc889ab7e32309faed5f0c

SHA1
d9a6138fd56d08a4ba874c078d2e50da0fc75170

SHA256
df11c11a0290374527193d19b6edc1045e93286fb7a641e63682157b78267435

SHA512
c93c8ba3ecb318d66f98939e61af1b2fd7d0529afb342812ffd0095dc015e06ab0b0b52bbede84136b115194fb2720a70d2e98f7b488863c9ef7cf815d9c989e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\pyexpat.pyd

Filesize
66KB

MD5
f1eb3fd4863dad5334de8d3ac089da8e

SHA1
fae563f74ac73e91252c14e0b8bf1add20437471

SHA256
4ccb954209a0162c5ae9bb3f9a6be0a264b14c6e8521d2f1de7dfa1fe88c7867

SHA512
b60225ad8608b0a2b82653d95374c9e68fa4f8d48b530c97b89f341bcee0345939785aebd23419472daa6dccae0201f33e965c033d56402f2912fb093e1ad2ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\python39.dll

Filesize
1.2MB

MD5
7cd78961972c635bbe49b29bb86e5726

SHA1
5677a224e3b1c27ffd05a6ccea6ffcbbdb42b3ef

SHA256
e99fc9e98f769b903473ba46ab4a6019df3126d8d40184c369a91fdeb5a336ca

SHA512
0dca58bea7a0297bbe7166b908ce4f6b2e0a85586492c3ba7f4aa8c75e12d3ca854040426a674ba5f75c2f53d407accda5ced56ce7166ca9a6ef40a1857ca145

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\select.pyd

Filesize
19KB

MD5
bdc5ddf0b75c8f2daeb62a0841362fa1

SHA1
87e62c3c307647936fbde68f81663f6803877bc9

SHA256
763ba787ae1755b7e07e5fec6e08d71eee3b137ee76b4bb6598b794516e57b9d

SHA512
af88e23f9b71a0777c811a6a1a9deb8d735e35527ca2b3f8decf5ae45ccc1b114bce3deca70df6bbdb06cc2425f7afa9016b4348c7f4a5ff9efaa65ce2450d49

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\sqlite3.dll

Filesize
483KB

MD5
bf361e2ab295d15a06cc4a2404101669

SHA1
02242fc9cb5162d5f208e4ea4d7939a392d885a2

SHA256
1438dcbfb39493542d5e89d36abd92c22a84427fbf14b909e489afe02e9424bf

SHA512
618e6cb38fb7d9bf8653c212940498ab9f6aba62ff320fc1d1db6077a0a87bcc66f1b13b1f8e79abfe9036e58f2b9a3225fdedfe267a7a6ef49a88bd244bd9f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\unicodedata.pyd

Filesize
282KB

MD5
adaa2e1d235950b35ed10cdedf3951f8

SHA1
0c1b85246a116eaa77a283650155a6bd515b6fa9

SHA256
8f84777b58a326ea37fd248bf46945a8ab1d6e0692060d0f75d6ffcde5ed55a2

SHA512
957bb411577a86db44dd563c6b5693f2073bba2d8e3fda0e1fd73ee2f153d4f12a935d3c6f11624d14f9a409dfbc0140dff826f3a726e95cd8eabbda173c867c

Download Submit
memory/764-49-0x0000000075120000-0x00000000755A2000-memory.dmp

Filesize
4.5MB

Download
memory/764-77-0x0000000075050000-0x000000007505C000-memory.dmp

Filesize
48KB

Download
memory/764-81-0x0000000074DD0000-0x0000000075022000-memory.dmp

Filesize
2.3MB

Download
memory/764-55-0x0000000075060000-0x0000000075082000-memory.dmp

Filesize
136KB

Download
memory/764-79-0x0000000075030000-0x0000000075042000-memory.dmp

Filesize
72KB

Download
memory/764-82-0x0000000075120000-0x00000000755A2000-memory.dmp

Filesize
4.5MB

Download
memory/764-87-0x0000000074DD0000-0x0000000075022000-memory.dmp

Filesize
2.3MB

Download
memory/764-89-0x0000000075060000-0x0000000075082000-memory.dmp

Filesize
136KB

Download
memory/764-88-0x0000000075050000-0x000000007505C000-memory.dmp

Filesize
48KB

Download
memory/764-86-0x0000000075030000-0x0000000075042000-memory.dmp

Filesize
72KB

Download
memory/764-83-0x0000000075120000-0x00000000755A2000-memory.dmp

Filesize
4.5MB

Download