2205e931fcca292889c4845eb2b0e961fc7b598c276b6abf71bb5cf6c59c1132

Target

8 (17).exe
Size

3.0MB
MD5

bb072cad921aa5ce8b97706ce01bc570
SHA1

18bf034906c1341b7817e7361ad27a4425d820bd
SHA256

817a50d00909383bbef41e6f4e61b527d55f0873bcf745b29dbba75f52fe2e97
SHA512

d40e5f77d882ed29bd9de5a6848072e2f81cd02176955e2b1a4aedcdf4eb687d77bebe33cef0c7d702bc828181755f86e2564523d476adbb785f396a5ce1d474

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 8 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\setup_install.exe	aspack_v212_v242
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\setup_install.exe	aspack_v212_v242
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\setup_install.exe	aspack_v212_v242
C:\Users\Admin\AppData\Local\Temp\7zS8A7A1484\setup_install.exe	aspack_v212_v242
C:\Users\Admin\AppData\Local\Temp\7zS8A7A1484\libcurlpp.dll	aspack_v212_v242
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\libcurlpp.dll	aspack_v212_v242
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\libcurl.dll	aspack_v212_v242
C:\Users\Admin\AppData\Local\Temp\7zS8A7A1484\libcurl.dll	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

setup_installer.exe

pid process

1960 setup_installer.exe
Loads dropped DLL 4 IoCs

Processes:

8 (17).exesetup_installer.exe

pid process

1020 8 (17).exe
1960 setup_installer.exe
1960 setup_installer.exe
1960 setup_installer.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
1960	setup_installer.exe

pid	process
1020	8 (17).exe
1960	setup_installer.exe
1960	setup_installer.exe
1960	setup_installer.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

8 (17).exe

description	pid	process	target process
PID 1020 wrote to memory of 1960	1020	8 (17).exe	setup_installer.exe
PID 1020 wrote to memory of 1960	1020	8 (17).exe	setup_installer.exe
PID 1020 wrote to memory of 1960	1020	8 (17).exe	setup_installer.exe
PID 1020 wrote to memory of 1960	1020	8 (17).exe	setup_installer.exe
PID 1020 wrote to memory of 1960	1020	8 (17).exe	setup_installer.exe
PID 1020 wrote to memory of 1960	1020	8 (17).exe	setup_installer.exe
PID 1020 wrote to memory of 1960	1020	8 (17).exe	setup_installer.exe

C:\Users\Admin\AppData\Local\Temp\8 (17).exe
"C:\Users\Admin\AppData\Local\Temp\8 (17).exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1020

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1960

C:\Users\Admin\AppData\Local\Temp\7zS8A7A1484\setup_install.exe
"C:\Users\Admin\AppData\Local\Temp\7zS8A7A1484\setup_install.exe"
3⤵
PID:1680

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS8A7A1484\libcurl.dll
MD5
d09be1f47fd6b827c81a4812b4f7296f

SHA1
028ae3596c0790e6d7f9f2f3c8e9591527d267f7

SHA256
0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e

SHA512
857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A7A1484\libcurlpp.dll
MD5
e6e578373c2e416289a8da55f1dc5e8e

SHA1
b601a229b66ec3d19c2369b36216c6f6eb1c063e

SHA256
43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f

SHA512
9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A7A1484\libgcc_s_dw2-1.dll
MD5
9aec524b616618b0d3d00b27b6f51da1

SHA1
64264300801a353db324d11738ffed876550e1d3

SHA256
59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e

SHA512
0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A7A1484\libstdc++-6.dll
MD5
0c09a2a620bd0d64e74fec58929c5bd3

SHA1
d7d3faa5fb09c15ee4f4522897ec6e52a941634d

SHA256
7995fed924d91399d7a65c3bc8effbbf8db8bc887e5250db4067b6090d2bf09d

SHA512
588073d885db6fba1ff8143c88ee7279c90a0f91e47df024855b5a01498a2e0f59b060304123a61e33efe2b9a3297863eae109dd05c566f75437c8f93c56affc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A7A1484\libwinpthread-1.dll
MD5
1e0d62c34ff2e649ebc5c372065732ee

SHA1
fcfaa36ba456159b26140a43e80fbd7e9d9af2de

SHA256
509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723

SHA512
3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A7A1484\setup_install.exe
MD5
a3ca32ebdba2c07c2d386bb31cbd6d51

SHA1
e7841e1f475f922d5264b5ce5d123a1b3927f9e6

SHA256
0ab2a0bdb8e7a72b5eacb1af5325036266987c5d00b13a981c95754a94f55b1b

SHA512
c8abd3a0c8004c11462bf139a873311333cbe6c26046810844199f67d6dd9d7196a7e168261013c50bcb9f24a6bdd37879f617d7aa2089d2a067cb6ca09cbaea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A7A1484\setup_install.exe
MD5
079e4cad2d43c06ec5f42e9289403431

SHA1
380807029144322b1e3750c4cbd4818079cb6458

SHA256
3754dd98924a8e0460c1524073597b8df06cdb85ce6ca76f927df6bd3cf37202

SHA512
70c266dd54e2c96944a4b5e59dd430b86c5127f822824a68ab23c500ebca23168da89946fefb2f9fa05332da5bdf95d2d20b046cb3a5df0024fb2fcd36e9b051

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
MD5
73c3a5b8e8c7d77ca43fea19e9ebb0aa

SHA1
c6f0d0a4177394080d278610d801e708c631fcfb

SHA256
7aa815b933d852acd7213e798b7d9f23bdf0de183be7e05860fff01e84d4c4d7

SHA512
de80861c6dabc675ba3dc1794148fb8ab792d9b5d411fd7b0c913ea1acd6a3c3dde585aebdb3451d87c167fef51485eca3016166b441cecdbc157c81f097789d

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
MD5
c9773e92cedc71c76254b4d22335461b

SHA1
ef6dc5e183230bfa9d24b9e6084f99d41e1f8390

SHA256
a54d5fa2d7a0c482ba02afc66e714db9ffd1a0b2b0c232593cc9933c753a6502

SHA512
442f91fd0be4600a74e69211d8f81d2a7e58188f69e8f2cefc5a5050abbf172ddd8f570b1205ba445c93cd86b9f05d8d5a82b491c21986254d24e8658169e681

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\libcurl.dll
MD5
d09be1f47fd6b827c81a4812b4f7296f

SHA1
028ae3596c0790e6d7f9f2f3c8e9591527d267f7

SHA256
0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e

SHA512
857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\libcurlpp.dll
MD5
e6e578373c2e416289a8da55f1dc5e8e

SHA1
b601a229b66ec3d19c2369b36216c6f6eb1c063e

SHA256
43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f

SHA512
9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\libgcc_s_dw2-1.dll
MD5
9aec524b616618b0d3d00b27b6f51da1

SHA1
64264300801a353db324d11738ffed876550e1d3

SHA256
59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e

SHA512
0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\libstdc++-6.dll
MD5
53bfe3b70f8be57f613fa411fb6b50d5

SHA1
2d05c9315aecc345a66fda59ccdc5d0c0b64e1ae

SHA256
0106bf3b4182eec2f4ae9d5d1cf24dd64136811b4551281103cf17af7686a4dd

SHA512
80f0c56065386249daef4cfe0b32e80b1f3d4b5bd765180aae64a1781c6b88f5ec4f3dc8419ab523e65bf830d3b1769e5d865be3cf184e6640564483018b4168

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\libwinpthread-1.dll
MD5
1e0d62c34ff2e649ebc5c372065732ee

SHA1
fcfaa36ba456159b26140a43e80fbd7e9d9af2de

SHA256
509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723

SHA512
3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\setup_install.exe
MD5
a3ca32ebdba2c07c2d386bb31cbd6d51

SHA1
e7841e1f475f922d5264b5ce5d123a1b3927f9e6

SHA256
0ab2a0bdb8e7a72b5eacb1af5325036266987c5d00b13a981c95754a94f55b1b

SHA512
c8abd3a0c8004c11462bf139a873311333cbe6c26046810844199f67d6dd9d7196a7e168261013c50bcb9f24a6bdd37879f617d7aa2089d2a067cb6ca09cbaea

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\setup_install.exe
MD5
a3ca32ebdba2c07c2d386bb31cbd6d51

SHA1
e7841e1f475f922d5264b5ce5d123a1b3927f9e6

SHA256
0ab2a0bdb8e7a72b5eacb1af5325036266987c5d00b13a981c95754a94f55b1b

SHA512
c8abd3a0c8004c11462bf139a873311333cbe6c26046810844199f67d6dd9d7196a7e168261013c50bcb9f24a6bdd37879f617d7aa2089d2a067cb6ca09cbaea

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\setup_install.exe
MD5
a3ca32ebdba2c07c2d386bb31cbd6d51

SHA1
e7841e1f475f922d5264b5ce5d123a1b3927f9e6

SHA256
0ab2a0bdb8e7a72b5eacb1af5325036266987c5d00b13a981c95754a94f55b1b

SHA512
c8abd3a0c8004c11462bf139a873311333cbe6c26046810844199f67d6dd9d7196a7e168261013c50bcb9f24a6bdd37879f617d7aa2089d2a067cb6ca09cbaea

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\setup_install.exe
MD5
079e4cad2d43c06ec5f42e9289403431

SHA1
380807029144322b1e3750c4cbd4818079cb6458

SHA256
3754dd98924a8e0460c1524073597b8df06cdb85ce6ca76f927df6bd3cf37202

SHA512
70c266dd54e2c96944a4b5e59dd430b86c5127f822824a68ab23c500ebca23168da89946fefb2f9fa05332da5bdf95d2d20b046cb3a5df0024fb2fcd36e9b051

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\setup_install.exe
MD5
586d199b2c10ede961bc99eda4ad65de

SHA1
caa76b986e3720d21f87cedb2798fd7b180f76ef

SHA256
171b1c48a57ec1888494a5792ab9ac9fc28fdd9b1c5dd57cc62370c37bc3108f

SHA512
6175f3358aa8d380584d3d8036ba6abf4b56386689703dd61abf0b1540708102a7e50e46819a3fc5b196091d30bffa37340ff65950833a430da47327cd6eead2

Download Submit
\Users\Admin\AppData\Local\Temp\7zS8A7A1484\setup_install.exe
MD5
0e3cd747b1614ff5dffc29e61d3da33d

SHA1
73791dcb26cf27ade12bea5849fb7cd67c56c43d

SHA256
2d79da54909b690b135efdb1a5e916417bc7f7c62e732e2b908f11ea9030a0f4

SHA512
65878c6109e4833a19a94ce781a138159f70caa302e4faeae972f199012c17f7b7a47c9c3c7cfaadc3f7d11bde5b0a3ebfdf89c43721e00a0d5e4340ca1979a6

Download Submit
\Users\Admin\AppData\Local\Temp\setup_installer.exe
MD5
74231678f536a19b3016840f56b845c7

SHA1
a5645777558a7d5905e101e54d61b0c8c1120de3

SHA256
cd53d44c68b4b58f88aa945ca38dd18e0a66c3f0854f5868fbea4345f7819fb4

SHA512
4117ad2bcdca9104ca8a53df0f7de102509ba6eb264d025ab1facd7a7ca0c14a1c4dd17de130521c4169aaaaeb6e779579dcb16d63a58b77feebfdc32d983d1f

Download Submit
\Users\Admin\AppData\Local\Temp\setup_installer.exe
MD5
42b91c3e64ed692a5a9d531fb8bd810a

SHA1
2a6d0a3f7fe89244e3a70e8eb097b38ec9628250

SHA256
8d9c68d351a98e8170411fa2dc9c6ca32cf19b2e22199ffa4d9d20e30d3e56b2

SHA512
cadc54ae34c8c94ab012eebe0bd85ea77721aacddb3f333f7bf15d3d5486f6e9af82980233b3410006d2f65833c40ae9d62c7c8e817c3efac09a7306daf71109

Download Submit
\Users\Admin\AppData\Local\Temp\setup_installer.exe
MD5
fd8a92d85d39b3db4791231131baa83a

SHA1
670bef4676b9a4f650b6245ddc9531aef3dfa62f

SHA256
22ccdbbb3a1d79539119b1d9cbdc3b068f7a80a13fb60d78b1bb238d6ac963a5

SHA512
82d1d9382bdfdf3f78f56b5cd265e061ab0b38daad3217904a5aea8a00dd216774de4d9e4dc3fb8f90fe7f310bc3c8ff66c8d3cbf3077881e15dd635f41e59d6

Download Submit
\Users\Admin\AppData\Local\Temp\setup_installer.exe
MD5
9a4895b00d26af601e553e3cc1a66051

SHA1
aac6a9953f96922aba77ab52c75d773a645dbca5

SHA256
b9d3ed7bce82e12f61f78eadda490ed8786c035e40da986e138829dddcb52ee0

SHA512
045b019c68b08fb89516fe5fb87f1c8b3ad372e8510ac36f5432bc5379b532f57df53de6567b36dce577cc090653d2bf72cf9514c1491ccb1d06389676a3990c

Download Submit
memory/1020-59-0x0000000075971000-0x0000000075973000-memory.dmp

Filesize
8KB

Download
memory/1680-71-0x0000000000000000-mapping.dmp

Download
memory/1960-61-0x0000000000000000-mapping.dmp

Download

Resubmissions

Analysis

Sharing

General