9aa2e76fa787a0c167dc88cecb74d0925b3e7feda7bdc8c335d1d34541d002af | Triage

Submit
Reports

Overview

overview

Static

static

8

9aa2e76fa7...af.exe

windows7_x64

9aa2e76fa7...af.exe

windows10_x64

Sharing

General

Target

9aa2e76fa787a0c167dc88cecb74d0925b3e7feda7bdc8c335d1d34541d002af
Size

1.4MB
Sample

210302-l4qym3bz2j
MD5

89bce717796922351187a83879f6b6e0
SHA1

d78b111f0252929970edf746901f450b229355df
SHA256

9aa2e76fa787a0c167dc88cecb74d0925b3e7feda7bdc8c335d1d34541d002af
SHA512

8bdbcb0814b45511e7bdd523b91239c56d8cd4d605101948a3ff012124f1aa5d53e7c2dd5f7e41333cc5cb913b4e0d56891119d7650804cac2bae8d5c34d747e

Score

10^/10

aspackv2 persistence

Static task

static1

Behavioral task

behavioral1

Sample

9aa2e76fa787a0c167dc88cecb74d0925b3e7feda7bdc8c335d1d34541d002af.exe

Resource

win7v20201028

aspackv2 persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9aa2e76fa787a0c167dc88cecb74d0925b3e7feda7bdc8c335d1d34541d002af.exe

Resource

win10v20201028

aspackv2 persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  9aa2e76fa787a0c167dc88cecb74d0925b3e7feda7bdc8c335d1d34541d002af
- Size
  
  1.4MB
- MD5
  
  89bce717796922351187a83879f6b6e0
- SHA1
  
  d78b111f0252929970edf746901f450b229355df
- SHA256
  
  9aa2e76fa787a0c167dc88cecb74d0925b3e7feda7bdc8c335d1d34541d002af
- SHA512
  
  8bdbcb0814b45511e7bdd523b91239c56d8cd4d605101948a3ff012124f1aa5d53e7c2dd5f7e41333cc5cb913b4e0d56891119d7650804cac2bae8d5c34d747e
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy