cf232e9f8c9784fe6997ec50ffebadd6aa561125f020d215cc23238d206323fd

Resubmissions

09-12-2024 02:33

241209-c2bcrstjem 10

Analysis

max time kernel
93s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-12-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

7.5MB
MD5

c80941f5d6c50dbb19241bbf4a43846f
SHA1

4d6e45e50d39cf5c31577dc93c926a26333314a8
SHA256

cf232e9f8c9784fe6997ec50ffebadd6aa561125f020d215cc23238d206323fd
SHA512

94c7aa8b62f152e97fecdc17afd33cec23c553d91c6ac22f7717f981f05456aaf212f11d5cd2750661627b90c206230ef9fcd2f4ae5be8bad43e221fbb92c084
SSDEEP

196608:5wtKrcQk3fFWT/HzEvotxg+Udf7NFNSAR:5NQQI+wv+xwpTNS

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 20 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0007000000023cd0-30.dat	acprotect
behavioral2/files/0x0007000000023ccc-40.dat	acprotect
behavioral2/files/0x0007000000023cbf-37.dat	acprotect
behavioral2/files/0x0007000000023cbe-42.dat	acprotect
behavioral2/files/0x0007000000023cc2-44.dat	acprotect
behavioral2/files/0x0007000000023cce-51.dat	acprotect
behavioral2/files/0x0007000000023cc8-64.dat	acprotect
behavioral2/files/0x0007000000023cc7-63.dat	acprotect
behavioral2/files/0x0007000000023cc6-62.dat	acprotect
behavioral2/files/0x0007000000023cc5-61.dat	acprotect
behavioral2/files/0x0007000000023cc4-60.dat	acprotect
behavioral2/files/0x0007000000023cc3-59.dat	acprotect
behavioral2/files/0x0007000000023cc1-58.dat	acprotect
behavioral2/files/0x0007000000023cc0-57.dat	acprotect
behavioral2/files/0x0007000000023ccb-67.dat	acprotect
behavioral2/files/0x0007000000023cbd-56.dat	acprotect
behavioral2/files/0x0007000000023cd3-55.dat	acprotect
behavioral2/files/0x0007000000023cd2-54.dat	acprotect
behavioral2/files/0x0007000000023cd1-53.dat	acprotect
behavioral2/files/0x0007000000023ccf-52.dat	acprotect

Loads dropped DLL 8 IoCs

pid	Process
3108	source_prepared.exe
3108	source_prepared.exe
3108	source_prepared.exe
3108	source_prepared.exe
3108	source_prepared.exe
3108	source_prepared.exe
3108	source_prepared.exe
3108	source_prepared.exe

UPX packed file 35 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023cd0-30.dat	upx
behavioral2/memory/3108-34-0x0000000074970000-0x0000000074D8F000-memory.dmp	upx
behavioral2/memory/3108-41-0x00000000748A0000-0x00000000748AC000-memory.dmp	upx
behavioral2/files/0x0007000000023ccc-40.dat	upx
behavioral2/memory/3108-39-0x00000000748B0000-0x00000000748D3000-memory.dmp	upx
behavioral2/files/0x0007000000023cbf-37.dat	upx
behavioral2/files/0x0007000000023cbe-42.dat	upx
behavioral2/files/0x0007000000023cc2-44.dat	upx
behavioral2/memory/3108-47-0x0000000074850000-0x000000007487B000-memory.dmp	upx
behavioral2/memory/3108-46-0x0000000074880000-0x0000000074898000-memory.dmp	upx
behavioral2/files/0x0007000000023ccd-50.dat	upx
behavioral2/files/0x0007000000023cce-51.dat	upx
behavioral2/files/0x0007000000023cc8-64.dat	upx
behavioral2/files/0x0007000000023cc7-63.dat	upx
behavioral2/files/0x0007000000023cc6-62.dat	upx
behavioral2/files/0x0007000000023cc5-61.dat	upx
behavioral2/files/0x0007000000023cc4-60.dat	upx
behavioral2/files/0x0007000000023cc3-59.dat	upx
behavioral2/files/0x0007000000023cc1-58.dat	upx
behavioral2/files/0x0007000000023cc0-57.dat	upx
behavioral2/files/0x0007000000023ccb-67.dat	upx
behavioral2/memory/3108-66-0x0000000074840000-0x000000007484F000-memory.dmp	upx
behavioral2/memory/3108-68-0x00000000745E0000-0x0000000074834000-memory.dmp	upx
behavioral2/files/0x0007000000023cbd-56.dat	upx
behavioral2/files/0x0007000000023cd3-55.dat	upx
behavioral2/files/0x0007000000023cd2-54.dat	upx
behavioral2/files/0x0007000000023cd1-53.dat	upx
behavioral2/files/0x0007000000023ccf-52.dat	upx
behavioral2/memory/3108-69-0x0000000074970000-0x0000000074D8F000-memory.dmp	upx
behavioral2/memory/3108-75-0x00000000745E0000-0x0000000074834000-memory.dmp	upx
behavioral2/memory/3108-80-0x0000000074840000-0x000000007484F000-memory.dmp	upx
behavioral2/memory/3108-79-0x0000000074880000-0x0000000074898000-memory.dmp	upx
behavioral2/memory/3108-78-0x0000000074850000-0x000000007487B000-memory.dmp	upx
behavioral2/memory/3108-77-0x00000000748A0000-0x00000000748AC000-memory.dmp	upx
behavioral2/memory/3108-76-0x00000000748B0000-0x00000000748D3000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	source_prepared.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	source_prepared.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 3108	1932	source_prepared.exe	84
PID 1932 wrote to memory of 3108	1932	source_prepared.exe	84
PID 1932 wrote to memory of 3108	1932	source_prepared.exe	84

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19322\VCRUNTIME140.dll

Filesize
74KB

MD5
5f9d90d666620944943b0d6d1cca1945

SHA1
08ead2b72a4701349430d18d4a06d9343f777fa6

SHA256
9ec4afad505e0a3dad760fa5b59c66606ae54dd043c16914cf56d7006e46d375

SHA512
be7a2c9dae85e425a280af552dbd7efd84373f780fa8472bab9a5ff29376c3a82d9dfa1fef32c6cf7f45ba6e389de90e090cb579eebff12dcfe12e6f3e7764d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\_asyncio.pyd

Filesize
29KB

MD5
f77154b51c3b97b71f942a74990dba86

SHA1
7b38140c75377b0eea6b9865238016e9a2a959e8

SHA256
633f0880433a75cb716bad7b0161f39872df491bd68288e741cc70d7c0839607

SHA512
441db707669c300e3fafb90167fb2b5ad561a20058ca1d1c73ec2edceb40444d2eaeb0ef2feec0ce4e14b11c97fa8aec3f0298ed27a63f031788239fe95175fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\_bz2.pyd

Filesize
43KB

MD5
3d329a6f1753529feb1248bc1e04372a

SHA1
e3b51a49114fa585db0fe3f431434c3a6b6b95ac

SHA256
87cc56567c2abba62c1f8c3b8b40b24557553cee6e83888c80e83b2733b5b5ff

SHA512
2919e950af2273effd1e26fdba9a84d0eae1477dfb22aed937dfb81af2402b48505a45158a3626528b82fb1337727777d5be58f438025465d4a52e0c929d9865

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\_ctypes.pyd

Filesize
51KB

MD5
1904b00e3da589cd446ec4f72bee39e8

SHA1
2072d1e4fc5e8d26d72ca9a890005fa901f53a64

SHA256
a97f3af1f2d59c8118295e900fcbca0b5e792444781f67881eb4922726d1cd19

SHA512
aa696082a779baada5fe14432f437689a5fd8976b4e39e31ceee70bfbf384c7392c8f3b4fc1d7f59feaa2e2d65feff24301242b20193f174af43f71d850b81cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\_decimal.pyd

Filesize
83KB

MD5
9e096b4523e9fb2cec0af26e6fdb4451

SHA1
9f828e01bcebe5769367dbbf8fc44b823e6f711e

SHA256
497fff6be0ef2ab6dc2e44f71e113e4890bd84d1b8643bc3cd15f7bde2d903d5

SHA512
c3f0ae8fa51097cf484973ca250b3469b858901f9671cd95f2dc810056c1ab3e8fcd3c01c8799b659582b88b4c8064af8e5963ef3d3330c4e72ea50b5561b202

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\_hashlib.pyd

Filesize
24KB

MD5
e3ecfa75c90bd3a474810d7c7a235a47

SHA1
5184dd1aaea183e748c1f2cdedc5915753af66a7

SHA256
09dbe0713436ac8b57e6077f1d7796daddf42865cd7e5bb935b59c1474018c0e

SHA512
b982de83878e2dc1c29da7dfacda64729990438f90c080247bd799815cf7de239969a2cf2908593d73fd0cb1d265e7b855682736b90dfa6b855baee33f17df9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\_lzma.pyd

Filesize
80KB

MD5
9771a82fcedc881d38c2498f431d1cdb

SHA1
fa37af3730c522d0604af2d8b5c0cac3902bd1ce

SHA256
53fe2bc7162d647ada5e91ea32f14c4e65ac25b41c1fa9e94d64467a8028bde7

SHA512
7e7c37ee2fa3fd3a42abaf34f5fa81d0d93b219f6636ce2abe5ebe5ab67f55e03bfd0509adc965bcf2876d39650306b6469c6829f7ce434c253302affd8faf13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\_multiprocessing.pyd

Filesize
20KB

MD5
71a5d98de840dd57abcbdf6c7aa07a8f

SHA1
4fef3a7deabe01b6a91fe0cfd84fdf8a578128fa

SHA256
ce06890e280c285759631610372fb94e9f327e8876433a9462eb32985cfba378

SHA512
1f2abd0e7f0c324c227e5ecb2b34e2f3cac63f6f73acb9c27e901ca912fafd1bf0e54f97263401b56728528b9bcf155486943fe638979a34abdd2e235a1c04df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\_overlapped.pyd

Filesize
24KB

MD5
0a9611f829cd5001bfe808fb9b8b679f

SHA1
70c619f3b761282461c16e3bc52cf1fff6d95633

SHA256
990ca5440c5ee32ebd45ec74837706c8a93d2af43579131b3ee092df9e0addc8

SHA512
a4dfcbcb3ee048dc722aeafa29e58840b9396ad3ad5deccf2b9de896b2ed25d1791f72cc23b85f82cbba49b5cfb962f818972101a27e4fac7b6475300fbdc46e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\_queue.pyd

Filesize
20KB

MD5
6d559337994ca4be1fed8d5623e8c2a5

SHA1
14d8c51e3f7871fbaab5c0f85d68d60c1591fcb3

SHA256
5ec3268c0b3e89cb5d71da83d4262ad5a7bc581796f69ac0579d4893f3cb6a5b

SHA512
dbdeefc4d5138202723adf32320d50b34cc5fdf1532df95a1820f392f546fbf20dd2bba5df61aa291e5ecde7eaacb7d7618db795df22002a38d22385ad22f4fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\_socket.pyd

Filesize
35KB

MD5
268ab728a1c787b49b13d347ce7a8d0a

SHA1
f71c0fa20ffb42500119374ca4600736023aab5f

SHA256
a0609f0238df7a2e5a95dd70c0e1f471924ab23cae4ae1d609d643c40f86a5d2

SHA512
cced847e09a31477517b0f1159df8b969d7607872bd9911091723344d79be6268b6b7d57e46f5f7b2649ddd5994b9249d26619c4f0752e0a84b431655dc4723f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\_sqlite3.pyd

Filesize
35KB

MD5
320300ab8a6a48c7714e1b491b518d66

SHA1
806902104335f744ca8877a38e4ea445c67937c4

SHA256
efd4e04b6d3aa3f22f41d787f65a32af66874de2708ee737e9327725f92d209f

SHA512
e8fa08a901bb96509800001d5295df9227b6e981a3d93732751e0a9241e401860e237d48af726f445529f0b04f1b92a5842dcebbd65a32a667b0c7170250f01c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\_ssl.pyd

Filesize
54KB

MD5
400e42579c649ad89cfdeea7680f9ba9

SHA1
37671513f1c55e0440f07f9c35b6dc1989764dff

SHA256
d232a422a51bfea6c88b1d0cad8afd755843e1d9c0b46bfd396532043f64c99e

SHA512
57fc6bd96ef0191cc675ee89767f6c7749e8b1d0c00f34dcd389bab1f000aa9a65682b57bf7f6e28bcae1f545c8391810fa13862ee4ff4542fc753d4c712c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\base_library.zip

Filesize
824KB

MD5
09f7062e078379845347034c2a63943e

SHA1
9683dd8ef7d72101674850f3db0e05c14039d5fd

SHA256
7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629

SHA512
a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\crypto_clipper.json

Filesize
155B

MD5
8bff94a9573315a9d1820d9bb710d97f

SHA1
e69a43d343794524b771d0a07fd4cb263e5464d5

SHA256
3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7

SHA512
d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\libcrypto-1_1.dll

Filesize
738KB

MD5
85eab20e10e1315d3d26658d85576602

SHA1
b3028b3ba6d16bf78521179af808cbd12d252e96

SHA256
de612480755a3863544fc47071ab92a47e52111a7a495c1e3e2eee3f483df29f

SHA512
83b56e81f4314ce90d3d1831f783224e7fa19364a48cc9638203124a9af1f51e3d3b4dde1edbe0644e4deee5a070978e8baf26e63ff7fb42ea4a01774efea4bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\libffi-7.dll

Filesize
22KB

MD5
be02e3ba1fddb2bef792c6f179442431

SHA1
1b87681c55e0d343c217ceaee48f6e5a73b33ce1

SHA256
c763cceb2134aef0cfa4dbd201e9f60c1441e169886d8a80e09eff855396f997

SHA512
a5e5d383c419433592a6d8c6a36e0ecb8a2ddb5b15dffa22b94fe2cbda1fae07404ae2fdce93222c2c10397375eb7725d4dd44afe8624222adfa7724ba54f021

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\libssl-1_1.dll

Filesize
166KB

MD5
9ed50bd9aaad32c12e93928b62e1a585

SHA1
b3a3026731120d379d3a0aa5467a0af5c56cfe21

SHA256
d882f2366775bb0044d5b1af4a2724c0dcf9e749fd8fdeb59c0fe6b47593140f

SHA512
391d67e5788936fd30dff5a2838f7775f44dd257c20d0f5fc469d2c1da145a0017b27664b4fcf594653e373fea6abdc0870732648f0953637aad6267895e8e7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\pyexpat.pyd

Filesize
66KB

MD5
1bc1be876c78d027aff97a15c1b96489

SHA1
7055a43e48cb8f1f9c242bbfd2055d911ea1b66a

SHA256
d87b44a55527ee0a1ec40e5f30ba22f33619d630e42d218ef6817e1e4ce4dec2

SHA512
232be1951d5c7563eb08606d6b9710b4c6a1a55dcf084635302e821117a7e8b81a75ba87f5326a1b83a6bdbff2f81bf93e5fbcb0641bdbf62c012673338ede6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\python38.dll

Filesize
1.2MB

MD5
eb3584979fba74ac2ae6b2c5f15123bf

SHA1
b81d3ad896c620e8f593d966d81f218ec5758fa1

SHA256
1210e51ca453fe7725b1edced3adf2f41ab36d0c4a3f03f3459ee64547808ab8

SHA512
9eeccdcbc8457d0e7585007346d19445e18d4f370498ae860555e37edcf99f92f248ebab7db8ba417b9df88ccdcdccd6347a928f4b456c31ac657a3754aba4c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\select.pyd

Filesize
20KB

MD5
c99aa24df99db294bfbb2c3a5d98d2f7

SHA1
7d179c020ecc78a2564776a1cd05651ce36422ef

SHA256
e19f37e5d4f606726ac289849e2c536443580e07fff67d00e5f2fb52c90a9ce1

SHA512
aaa7084d514be84380d9bce7ea4538cc13a8ecc728765eb306538a2a00a4c48f676e00a195f67df42f9666fc739d2f090c3eb8a3f85380e09f566cfbcca4ab68

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\sqlite3.dll

Filesize
483KB

MD5
3e0ebc6f6e948bf59606d66a495e5cf7

SHA1
5ece40caaffb75a8594fc374cdbe345e81789524

SHA256
fa350810cd4c830e759847ae738c2c524e7c3e05ed286cf2ff5c915c84437a1d

SHA512
949a3270d78ba5702c75c7dde171f2d791fefb7112ce3538e557ad6febca1239bf35895c6e121bb135e64c62f4b1d53dd86e89c8efd4c26160548d35ff71d99a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19322\unicodedata.pyd

Filesize
277KB

MD5
7de3cd93b5bc3aa5f8d48094c84e1a58

SHA1
88f8f6761f3c34e895e5716765b212e86185d1c7

SHA256
643b39b3113551b7b3bce1682b6184a19a3c2299940605e917c584153aad8461

SHA512
e5ac78a5fe6f95651970143e3e321fbff17b777d3b1c3afdfcc57d1d7959bf1b628a3460b0bcbc72b4b49899071bbfb66c343222da78984985ed96d6bc34de63

Download Submit
memory/3108-66-0x0000000074840000-0x000000007484F000-memory.dmp

Filesize
60KB

Download
memory/3108-34-0x0000000074970000-0x0000000074D8F000-memory.dmp

Filesize
4.1MB

Download
memory/3108-68-0x00000000745E0000-0x0000000074834000-memory.dmp

Filesize
2.3MB

Download
memory/3108-39-0x00000000748B0000-0x00000000748D3000-memory.dmp

Filesize
140KB

Download
memory/3108-41-0x00000000748A0000-0x00000000748AC000-memory.dmp

Filesize
48KB

Download
memory/3108-46-0x0000000074880000-0x0000000074898000-memory.dmp

Filesize
96KB

Download
memory/3108-69-0x0000000074970000-0x0000000074D8F000-memory.dmp

Filesize
4.1MB

Download
memory/3108-75-0x00000000745E0000-0x0000000074834000-memory.dmp

Filesize
2.3MB

Download
memory/3108-80-0x0000000074840000-0x000000007484F000-memory.dmp

Filesize
60KB

Download
memory/3108-79-0x0000000074880000-0x0000000074898000-memory.dmp

Filesize
96KB

Download
memory/3108-78-0x0000000074850000-0x000000007487B000-memory.dmp

Filesize
172KB

Download
memory/3108-77-0x00000000748A0000-0x00000000748AC000-memory.dmp

Filesize
48KB

Download
memory/3108-76-0x00000000748B0000-0x00000000748D3000-memory.dmp

Filesize
140KB

Download
memory/3108-47-0x0000000074850000-0x000000007487B000-memory.dmp

Filesize
172KB

Download