a97cefa589546b0bbde75f131db43d0fb7dfb9c43b9b475e5ee8f13f9c98859d | Triage

Submit
Reports

Overview

overview

Static

static

8

a97cefa589...9d.exe

windows7_x64

a97cefa589...9d.exe

windows10_x64

Sharing

General

Target

a97cefa589546b0bbde75f131db43d0fb7dfb9c43b9b475e5ee8f13f9c98859d
Size

928KB
Sample

210110-9c2vg42jxs
MD5

6e613af5c36988a9b922974192f1f985
SHA1

00e43809bdcb30975de249de5abdf39be33c0411
SHA256

a97cefa589546b0bbde75f131db43d0fb7dfb9c43b9b475e5ee8f13f9c98859d
SHA512

ee04d01925a27fc65520213d69e88925e78c0ea6f2a276c16a703145161f26ff1dbc0d33928ef4a539dff39080477d8dbc9c0c8c3027ed930d21c50d16c6a364

Score

10^/10

aspackv2 persistence

Static task

static1

Behavioral task

behavioral1

Sample

a97cefa589546b0bbde75f131db43d0fb7dfb9c43b9b475e5ee8f13f9c98859d.exe

Resource

win7v20201028

aspackv2 persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a97cefa589546b0bbde75f131db43d0fb7dfb9c43b9b475e5ee8f13f9c98859d.exe

Resource

win10v20201028

aspackv2 persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  a97cefa589546b0bbde75f131db43d0fb7dfb9c43b9b475e5ee8f13f9c98859d
- Size
  
  928KB
- MD5
  
  6e613af5c36988a9b922974192f1f985
- SHA1
  
  00e43809bdcb30975de249de5abdf39be33c0411
- SHA256
  
  a97cefa589546b0bbde75f131db43d0fb7dfb9c43b9b475e5ee8f13f9c98859d
- SHA512
  
  ee04d01925a27fc65520213d69e88925e78c0ea6f2a276c16a703145161f26ff1dbc0d33928ef4a539dff39080477d8dbc9c0c8c3027ed930d21c50d16c6a364
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy