45d9883c9567fb3f5f2fc433f24b1428e51e431c66df53a230f6e2a63bd891dc | Triage

Submit
Reports

Overview

overview

Static

static

8

45d9883c95...dc.exe

windows7_x64

45d9883c95...dc.exe

windows10-2004_x64

Sharing

General

Target

45d9883c9567fb3f5f2fc433f24b1428e51e431c66df53a230f6e2a63bd891dc
Size

850KB
Sample

220707-mplm3sdddk
MD5

60fa79ac812a9c3d4c357a21fe42bb5f
SHA1

f0656de949d462d2ff5c2b809574c01bf3bc8da3
SHA256

45d9883c9567fb3f5f2fc433f24b1428e51e431c66df53a230f6e2a63bd891dc
SHA512

6bf22352f1b3dfb1958fb655826bc0a4199cfd7b7d898759ea2c7067767313782231b7f8aaabe2d05557e635c4afb6c3e1ebca94785f0f03e65f49b647f5e395

Score

10^/10

aspackv2 persistence

Static task

static1

Behavioral task

behavioral1

Sample

45d9883c9567fb3f5f2fc433f24b1428e51e431c66df53a230f6e2a63bd891dc.exe

Resource

win7-20220414-en

aspackv2 persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

45d9883c9567fb3f5f2fc433f24b1428e51e431c66df53a230f6e2a63bd891dc.exe

Resource

win10v2004-20220414-en

aspackv2 persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  45d9883c9567fb3f5f2fc433f24b1428e51e431c66df53a230f6e2a63bd891dc
- Size
  
  850KB
- MD5
  
  60fa79ac812a9c3d4c357a21fe42bb5f
- SHA1
  
  f0656de949d462d2ff5c2b809574c01bf3bc8da3
- SHA256
  
  45d9883c9567fb3f5f2fc433f24b1428e51e431c66df53a230f6e2a63bd891dc
- SHA512
  
  6bf22352f1b3dfb1958fb655826bc0a4199cfd7b7d898759ea2c7067767313782231b7f8aaabe2d05557e635c4afb6c3e1ebca94785f0f03e65f49b647f5e395
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy