1e8ee438d96fab9b3700eeab94a56576b2b9f2d723ec1ac0ee8fa6e2f571794c | Triage

Submit
Reports

Overview

overview

Static

static

8

1e8ee438d9...4c.exe

windows7_x64

1e8ee438d9...4c.exe

windows10_x64

Sharing

General

Target

1e8ee438d96fab9b3700eeab94a56576b2b9f2d723ec1ac0ee8fa6e2f571794c
Size

1.5MB
Sample

210228-xyz7999vy2
MD5

33586cf1b453e778d63d611f60b857d1
SHA1

1912eb8c08c4f04dfb85cbafee015d64b927fa5a
SHA256

1e8ee438d96fab9b3700eeab94a56576b2b9f2d723ec1ac0ee8fa6e2f571794c
SHA512

9046ceb4dd7c85ed8669ee4b47589a378a7c8e923aa49de1c98f4883b0970ebe54ae27656203f83ee18b5ff15d1089cae15c8e40f51cb45572c45756dd7949c2

Score

10^/10

aspackv2 persistence

Static task

static1

Behavioral task

behavioral1

Sample

1e8ee438d96fab9b3700eeab94a56576b2b9f2d723ec1ac0ee8fa6e2f571794c.exe

Resource

win7v20201028

aspackv2 persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1e8ee438d96fab9b3700eeab94a56576b2b9f2d723ec1ac0ee8fa6e2f571794c.exe

Resource

win10v20201028

aspackv2 persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1e8ee438d96fab9b3700eeab94a56576b2b9f2d723ec1ac0ee8fa6e2f571794c
- Size
  
  1.5MB
- MD5
  
  33586cf1b453e778d63d611f60b857d1
- SHA1
  
  1912eb8c08c4f04dfb85cbafee015d64b927fa5a
- SHA256
  
  1e8ee438d96fab9b3700eeab94a56576b2b9f2d723ec1ac0ee8fa6e2f571794c
- SHA512
  
  9046ceb4dd7c85ed8669ee4b47589a378a7c8e923aa49de1c98f4883b0970ebe54ae27656203f83ee18b5ff15d1089cae15c8e40f51cb45572c45756dd7949c2
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy