4a70250c80a24898d1a36a498dedb40a072fe5356ada994c3813e866d48f9b9d | Triage

Submit
Reports

Overview

overview

Static

static

8

4a70250c80...9d.exe

windows7_x64

4a70250c80...9d.exe

windows10_x64

Sharing

General

Target

4a70250c80a24898d1a36a498dedb40a072fe5356ada994c3813e866d48f9b9d
Size

1.5MB
Sample

210302-dwmsk6mqce
MD5

92a26931fd2b205bc81cdb67632d89c4
SHA1

3a345d48d694dc35b1075af7a186363fe709fc69
SHA256

4a70250c80a24898d1a36a498dedb40a072fe5356ada994c3813e866d48f9b9d
SHA512

60cb54ca136d0f6e8654ccf1a50ff24db30ce4a76f6a8a07b6304fd7510d407816d6a50c5d29b638e6b97af68bb6dde3581775acc3c912d14fdd65116d2a0636

Score

10^/10

aspackv2 persistence

Static task

static1

Behavioral task

behavioral1

Sample

4a70250c80a24898d1a36a498dedb40a072fe5356ada994c3813e866d48f9b9d.exe

Resource

win7v20201028

aspackv2 persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4a70250c80a24898d1a36a498dedb40a072fe5356ada994c3813e866d48f9b9d.exe

Resource

win10v20201028

aspackv2 persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4a70250c80a24898d1a36a498dedb40a072fe5356ada994c3813e866d48f9b9d
- Size
  
  1.5MB
- MD5
  
  92a26931fd2b205bc81cdb67632d89c4
- SHA1
  
  3a345d48d694dc35b1075af7a186363fe709fc69
- SHA256
  
  4a70250c80a24898d1a36a498dedb40a072fe5356ada994c3813e866d48f9b9d
- SHA512
  
  60cb54ca136d0f6e8654ccf1a50ff24db30ce4a76f6a8a07b6304fd7510d407816d6a50c5d29b638e6b97af68bb6dde3581775acc3c912d14fdd65116d2a0636
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy