3c8f7aa58b97f7a85d25077efb7878abeeb6139933d628131905cf3608ef1c35 | Triage

Submit
Reports

Overview

overview

Static

static

8

3c8f7aa58b...35.exe

windows7_x64

3c8f7aa58b...35.exe

windows10-2004_x64

Sharing

General

Target

3c8f7aa58b97f7a85d25077efb7878abeeb6139933d628131905cf3608ef1c35
Size

1.1MB
Sample

220703-hvslcsbgd8
MD5

a8001b5a519ebe7df30284167dbef64b
SHA1

e8293eff20c67c414abcc7779b03564937a8b8b0
SHA256

3c8f7aa58b97f7a85d25077efb7878abeeb6139933d628131905cf3608ef1c35
SHA512

7d2fe0440465122c04f21af6171343c4c6aba408fee69d1450ee1db16987fb53275f896c79bfac8b362f504a68cdd4d8b4735fc9d14e1d1139a020abc366fe56

Score

10^/10

aspackv2 persistence

Static task

static1

Behavioral task

behavioral1

Sample

3c8f7aa58b97f7a85d25077efb7878abeeb6139933d628131905cf3608ef1c35.exe

Resource

win7-20220414-en

aspackv2 persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3c8f7aa58b97f7a85d25077efb7878abeeb6139933d628131905cf3608ef1c35.exe

Resource

win10v2004-20220414-en

aspackv2 persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3c8f7aa58b97f7a85d25077efb7878abeeb6139933d628131905cf3608ef1c35
- Size
  
  1.1MB
- MD5
  
  a8001b5a519ebe7df30284167dbef64b
- SHA1
  
  e8293eff20c67c414abcc7779b03564937a8b8b0
- SHA256
  
  3c8f7aa58b97f7a85d25077efb7878abeeb6139933d628131905cf3608ef1c35
- SHA512
  
  7d2fe0440465122c04f21af6171343c4c6aba408fee69d1450ee1db16987fb53275f896c79bfac8b362f504a68cdd4d8b4735fc9d14e1d1139a020abc366fe56
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy