640687d5a7fca6dbdfb442c14ee0c20626318066e8259b48dee878cc2b25037a | Triage

Submit
Reports

Overview

overview

Static

static

8

640687d5a7...7a.exe

windows7_x64

640687d5a7...7a.exe

windows10_x64

Sharing

General

Target

640687d5a7fca6dbdfb442c14ee0c20626318066e8259b48dee878cc2b25037a
Size

1.6MB
Sample

210302-ednlvnj4za
MD5

c6b5cb68874cfc88eabf9eb82fd18fec
SHA1

2ca265a162129ca5d9f73c8d9c6b6bde407f617e
SHA256

640687d5a7fca6dbdfb442c14ee0c20626318066e8259b48dee878cc2b25037a
SHA512

96cd86e5ca01a2fdd088545cc5d5b07afc11386a89510fc23fc00d44db9c5336870730f66d8b38a0bceffd313b49b7d9c3c491e42ca2b6aaa84c583efa7fdeb6

Score

10^/10

aspackv2 persistence

Static task

static1

Behavioral task

behavioral1

Sample

640687d5a7fca6dbdfb442c14ee0c20626318066e8259b48dee878cc2b25037a.exe

Resource

win7v20201028

aspackv2 persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

640687d5a7fca6dbdfb442c14ee0c20626318066e8259b48dee878cc2b25037a.exe

Resource

win10v20201028

aspackv2 persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  640687d5a7fca6dbdfb442c14ee0c20626318066e8259b48dee878cc2b25037a
- Size
  
  1.6MB
- MD5
  
  c6b5cb68874cfc88eabf9eb82fd18fec
- SHA1
  
  2ca265a162129ca5d9f73c8d9c6b6bde407f617e
- SHA256
  
  640687d5a7fca6dbdfb442c14ee0c20626318066e8259b48dee878cc2b25037a
- SHA512
  
  96cd86e5ca01a2fdd088545cc5d5b07afc11386a89510fc23fc00d44db9c5336870730f66d8b38a0bceffd313b49b7d9c3c491e42ca2b6aaa84c583efa7fdeb6
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy