a7dfe3d3fa9d1913e671cc4be463460171c4270f5884586bd67356965a37f5c8

Analysis

max time kernel
54s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:35

Target

a7dfe3d3fa9d1913e671cc4be463460171c4270f5884586bd67356965a37f5c8.exe
Size

6.4MB
MD5

8e2a5545aba2842b2d322d783b5ab5fe
SHA1

e1aa8b725a6fbf84e6e130d79096777b256a450f
SHA256

a7dfe3d3fa9d1913e671cc4be463460171c4270f5884586bd67356965a37f5c8
SHA512

34475011c75d2b3642e1feaef03d469e59846f6188e71738bcd45d3d2febbe4063be6a68ad6e163e6b88d3fa405a458f53705ed1cbafddc20d4ac6305c833a58
SSDEEP

196608:zhxRPAu3shN9YytnJZ95dv9YIYVbNTITw9j:tzPI39Nt5dU+s

Score

7^/10

ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.

Processes:

resource yara_rule

C:\Users\Admin\AppData\Local\Temp\7-zip32_2.dll acprotect
Loads dropped DLL 2 IoCs

Processes:

a7dfe3d3fa9d1913e671cc4be463460171c4270f5884586bd67356965a37f5c8.exe

pid process

448 a7dfe3d3fa9d1913e671cc4be463460171c4270f5884586bd67356965a37f5c8.exe
448 a7dfe3d3fa9d1913e671cc4be463460171c4270f5884586bd67356965a37f5c8.exe

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\7-zip32_2.dll	acprotect

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/448-0-0x0000000010000000-0x0000000010018000-memory.dmp	upx
behavioral2/memory/448-2-0x0000000010000000-0x0000000010018000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\7-zip32_2.dll	upx
behavioral2/memory/448-13-0x000000000A110000-0x000000000A1AF000-memory.dmp	upx
behavioral2/memory/448-43-0x000000000A110000-0x000000000A1AF000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

a7dfe3d3fa9d1913e671cc4be463460171c4270f5884586bd67356965a37f5c8.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

a7dfe3d3fa9d1913e671cc4be463460171c4270f5884586bd67356965a37f5c8.exe

description	pid	process	target process
PID 448 wrote to memory of 2940	448	a7dfe3d3fa9d1913e671cc4be463460171c4270f5884586bd67356965a37f5c8.exe	cacls.exe
PID 448 wrote to memory of 2940	448	a7dfe3d3fa9d1913e671cc4be463460171c4270f5884586bd67356965a37f5c8.exe	cacls.exe
PID 448 wrote to memory of 2940	448	a7dfe3d3fa9d1913e671cc4be463460171c4270f5884586bd67356965a37f5c8.exe	cacls.exe

C:\Users\Admin\AppData\Local\Temp\7-zip32_2.dll
Filesize
233KB

MD5
ea3df059beae86a3e186b2b179755e77

SHA1
babdcd6b5082c02fa2f5ebc2020f2cb3bbd77e8d

SHA256
1ab68a0c296281437fe638c8535309c6241ded4852608d940f5efcb8cc2d91a6

SHA512
1406d8083cfbd26e18aba74f6b45a09137bb3960f7afce5c5d0d790b0edb7277b7b885ed2ded9def12b667bcb37cbfb335884b2d7b8f08565743b674d1f053bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5737e8.tmp\data.ini
Filesize
2KB

MD5
2377d2d6aa5a9dff586f14847d8c8867

SHA1
f1c16b6cc4e7823a29892e70a4ddf4bca9777ef7

SHA256
8d57fec102a7e2a5d99a9acaf7d4cdb27ea4a908d101e188271f6e5c51748cef

SHA512
67bf6eca6dc16dec58da89ac678727164b09c2dc63d09040912a10bd8dd53b1a0b9db88c9171cc599a712cffc12990b6c1915c4a35ec69c1901c32d2704f81d4

Download Submit
memory/448-0-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/448-3-0x0000000076919000-0x000000007691A000-memory.dmp

Filesize
4KB

Download
memory/448-2-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/448-4-0x0000000076900000-0x00000000769F0000-memory.dmp

Filesize
960KB

Download
memory/448-13-0x000000000A110000-0x000000000A1AF000-memory.dmp

Filesize
636KB

Download
memory/448-44-0x0000000076900000-0x00000000769F0000-memory.dmp

Filesize
960KB

Download
memory/448-43-0x000000000A110000-0x000000000A1AF000-memory.dmp

Filesize
636KB

Download