fd84148426c6188c0bdec2e66d1f4fda9392342adb0c225d64aaacce24ce8653

Analysis

max time kernel
290s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file_ (4).exe
Size

135KB
MD5

693f73c11611c6e8cbc1421e228739e2
SHA1

4ea96e0a92b563112dd05783e41b416cc410fd10
SHA256

99d596702cc87904fa030fec5f21f6f078c3b04b58b19ac7528f14834cfe943c
SHA512

e255bf838fd0c6cf3ec4e4d77cd1fc875654687a2ae2f3c6846f3b11544bbc0d1a2eca67129bcb89715077a55930f33cba5b99195b91911869e86ebcf30e450c
SSDEEP

3072:/sfKhCVx2XoxJOIrknnyWdWTBR6t1VQLpaPyzF:3hhEJ3rkyCwct/QLsA

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\suhpjd.tmp	acprotect

Loads dropped DLL 1 IoCs

Processes:

file_ (4).exe

pid process

2884 file_ (4).exe

pid	process
2884	file_ (4).exe

UPX packed file 20 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\suhpjd.tmp	upx
behavioral17/memory/2884-6-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-7-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-8-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-9-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-10-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-11-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-12-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-13-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-14-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-15-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-16-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-17-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-18-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-19-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-20-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-21-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-22-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-23-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx
behavioral17/memory/2884-24-0x0000000074C90000-0x0000000074CE8000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

file_ (4).exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language file_ (4).exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file_ (4).exe

C:\Users\Admin\AppData\Local\Temp\file_ (4).exe
"C:\Users\Admin\AppData\Local\Temp\file_ (4).exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\suhpjd.tmp

Filesize
53KB

MD5
10992c0812bffb85f6f0a715ac04a0c9

SHA1
0a0126710ebc654b25cc5e9b75df0cfc5189803f

SHA256
3020b201720e8974a53ae42bf61c68fb363692c4c3cddc0849d6f1b3d6c7c807

SHA512
a824bf539c74bb5023a563f6f5ae25cf3fd048b7f2a5a7cd0de98018f8b8433d85f95f104306c9e6da4d0b5d3029970b21db70eefed03d1ff67b4be8eb6f0439

Download Submit
memory/2884-14-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-22-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-7-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-8-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-9-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-10-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-11-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-15-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-24-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-6-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-12-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-16-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-17-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-18-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-19-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-20-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-21-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2884-23-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download
memory/2884-13-0x0000000074C90000-0x0000000074CE8000-memory.dmp

Filesize
352KB

Download