Analysis

  • max time kernel
    0s
  • max time network
    0s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-12-2024 08:06

General

  • Target

    Info.5394.htm .exe

  • Size

    31KB

  • MD5

    47cc271e765e6cdf0562e692ce805b35

  • SHA1

    0f40032c4deeee340b959c919222e255a63e1043

  • SHA256

    de9bf3159bd5a7b663e8d8a4dc9f9dd921c044bf0564a795a085f9b730d0cfb5

  • SHA512

    5ebbd9b7ef65771c9d95ff12c855da7731f5c4831179e0352841876d71236197596b4d75022f9248fe6bb06c5d166735a825f6af002467cffb6a5ed75bfb61a8

  • SSDEEP

    768:OYuwqgY48mWxEgfXmBN0ldWxOFfXFQ30ABVv:OYwIWT+BqldWxUSESv

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Info.5394.htm .exe
    "C:\Users\Admin\AppData\Local\Temp\Info.5394.htm .exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Windows\SysWOW64\notepad.exe
      notepad "C:\Users\Admin\AppData\Local\Temp\Message"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Message

    Filesize

    4KB

    MD5

    bc283ccc713fd089debad8ff9828d097

    SHA1

    37a8910e63423b37f67e8ceed82b94ee08c7fb07

    SHA256

    1882821f1b788bc2a58abfaab6a58bd352aaa91f11a2ae91bfdc4c50c9fbc8ef

    SHA512

    dea3bfd81f9b62550930c4dd464123f1e935ee5b511263cb31986e13c66eaf3b1f1da387aa22076395051731764d12222ba05cf43cf3440755d182926aeed0d7

  • \Windows\SysWOW64\Ika.dll

    Filesize

    9KB

    MD5

    388c0ebf65424dcfc1911485fd01647f

    SHA1

    2b6e8d949523549e611316a52c7b892bff92af1f

    SHA256

    a29e37c52077bb3dced7b389a3c2e65dd0b51d7bb865d2100a8d5f162fe07c9f

    SHA512

    930fcafd847c4b537852c21a82c05fb34370e64e00128a5d7667165817e2b20d83d0eb225772ecc425d0c902f3c1287475a73a9a464a6f364f539daa0859e9ce

  • memory/2324-0-0x00000000004A0000-0x00000000004B1000-memory.dmp

    Filesize

    68KB

  • memory/2324-5-0x00000000721F0000-0x00000000721F8000-memory.dmp

    Filesize

    32KB