4d71a7228e929e830c9dc1f1b0e42aeb4791694fb0f286c9ce83979c08b4a31b | Triage

Submit
Reports

Overview

overview

Static

static

8

4d71a7228e...1b.exe

windows7_x64

4d71a7228e...1b.exe

windows10_x64

Sharing

General

Target

4d71a7228e929e830c9dc1f1b0e42aeb4791694fb0f286c9ce83979c08b4a31b
Size

1.1MB
Sample

210302-4qs3esvrae
MD5

f5b67430dfcf62def4dfe4930f0c82d1
SHA1

991303453bb060c87532e986a047f7404994cfe9
SHA256

4d71a7228e929e830c9dc1f1b0e42aeb4791694fb0f286c9ce83979c08b4a31b
SHA512

124204478c180e811c22bce9e217378e85d7e88b6309ed7fab375bcfd4636359adbc36af4ac118be1b4ba270234b1e2d36d97cc978968e90f87cd6beaf4886b9

Score

10^/10

aspackv2 persistence

Static task

static1

Behavioral task

behavioral1

Sample

4d71a7228e929e830c9dc1f1b0e42aeb4791694fb0f286c9ce83979c08b4a31b.exe

Resource

win7v20201028

aspackv2 persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4d71a7228e929e830c9dc1f1b0e42aeb4791694fb0f286c9ce83979c08b4a31b.exe

Resource

win10v20201028

aspackv2 persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4d71a7228e929e830c9dc1f1b0e42aeb4791694fb0f286c9ce83979c08b4a31b
- Size
  
  1.1MB
- MD5
  
  f5b67430dfcf62def4dfe4930f0c82d1
- SHA1
  
  991303453bb060c87532e986a047f7404994cfe9
- SHA256
  
  4d71a7228e929e830c9dc1f1b0e42aeb4791694fb0f286c9ce83979c08b4a31b
- SHA512
  
  124204478c180e811c22bce9e217378e85d7e88b6309ed7fab375bcfd4636359adbc36af4ac118be1b4ba270234b1e2d36d97cc978968e90f87cd6beaf4886b9
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy