3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448 | Triage

Submit
Reports

Overview

overview

Static

static

8

3c08d34d18...48.exe

windows7_x64

3c08d34d18...48.exe

windows10-2004_x64

Sharing

General

Target

3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448
Size

1.1MB
Sample

220703-kryz3scegp
MD5

700d5f491c4a2a65fdfdf9ff0cffd711
SHA1

7cbd8ec5351127aad93b1e7dd3ff553c640fed02
SHA256

3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448
SHA512

db6eb14569740b70148400eaa6b36036b62e7c30e073b48bbdd0c61ca993073f3341058624ffee12f417f9764d3a7bced02c487d0e6ade4224bb702192d6bb3e

Score

10^/10

aspackv2 persistence

Static task

static1

Behavioral task

behavioral1

Sample

3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe

Resource

win7-20220414-en

aspackv2 persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448.exe

Resource

win10v2004-20220414-en

aspackv2 persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448
- Size
  
  1.1MB
- MD5
  
  700d5f491c4a2a65fdfdf9ff0cffd711
- SHA1
  
  7cbd8ec5351127aad93b1e7dd3ff553c640fed02
- SHA256
  
  3c08d34d1872f701d5e497b62acb6a54feb5d67028c788e9315f0d47b898c448
- SHA512
  
  db6eb14569740b70148400eaa6b36036b62e7c30e073b48bbdd0c61ca993073f3341058624ffee12f417f9764d3a7bced02c487d0e6ade4224bb702192d6bb3e
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy