Overview

overview

8

Static

static

8

081cde9085...72.exe

windows7-x64

8

081cde9085...72.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    34s
  • max time network
    39s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2022 12:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    081cde90854482cb1fca69485fcf1b670ccfc2b542e74832692729f18683ef72.exe

  • Size

    530KB

  • MD5

    66c61e92f162a25d08f65f60c8374f04

  • SHA1

    7919149d3145950dfd079e1d885bfd43f9ca9d73

  • SHA256

    081cde90854482cb1fca69485fcf1b670ccfc2b542e74832692729f18683ef72

  • SHA512

    718c648ba245e4621b304aa25673c85feb93ebf8bcb08458c0c94ee405cf63329f4c2a6295c222c138e700ac2097bd901adb100df9d6fbc75d577e6e69ebffb4

  • SSDEEP

    12288:90+0/gh1xFFk6l8+dtg3gl9L+JO0F3Z4mxx11GcJ4nhEtdrq:9Zh1xkGdfmO0QmX11GVsk

Score
8/10
aspackv2persistence

Malware Config

Signatures

  • ASPack v2.12-2.42 7 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\081cde90854482cb1fca69485fcf1b670ccfc2b542e74832692729f18683ef72.exe
    "C:\Users\Admin\AppData\Local\Temp\081cde90854482cb1fca69485fcf1b670ccfc2b542e74832692729f18683ef72.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vport.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vport.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      PID:1964
  • C:\Windows\SysWOW64\VPort1.1.exe
    C:\Windows\SysWOW64\VPort1.1.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:1576

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vport.exe
    Filesize

    174KB

    MD5

    53668497292e4386646815001fbfa3b5

    SHA1

    f7b3784cd7fd6c7506ce1272fe8329419e464447

    SHA256

    fcfcb35360c56d991e0068c869103a6d392e932398ef56704e1c6be97a5797eb

    SHA512

    004d54f34cc3e913d58116db872c8742b737e27a68530e744043de95a413f9f44417ecaafeae0718af299f38378955f4e0b45b239eb358be5aceda0a520c7a61

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vport.exe
    Filesize

    174KB

    MD5

    53668497292e4386646815001fbfa3b5

    SHA1

    f7b3784cd7fd6c7506ce1272fe8329419e464447

    SHA256

    fcfcb35360c56d991e0068c869103a6d392e932398ef56704e1c6be97a5797eb

    SHA512

    004d54f34cc3e913d58116db872c8742b737e27a68530e744043de95a413f9f44417ecaafeae0718af299f38378955f4e0b45b239eb358be5aceda0a520c7a61

    Download Submit

  • C:\Windows\SysWOW64\VPort1.1.exe
    Filesize

    174KB

    MD5

    53668497292e4386646815001fbfa3b5

    SHA1

    f7b3784cd7fd6c7506ce1272fe8329419e464447

    SHA256

    fcfcb35360c56d991e0068c869103a6d392e932398ef56704e1c6be97a5797eb

    SHA512

    004d54f34cc3e913d58116db872c8742b737e27a68530e744043de95a413f9f44417ecaafeae0718af299f38378955f4e0b45b239eb358be5aceda0a520c7a61

    Download Submit

  • C:\Windows\SysWOW64\VPort1.1.exe
    Filesize

    174KB

    MD5

    53668497292e4386646815001fbfa3b5

    SHA1

    f7b3784cd7fd6c7506ce1272fe8329419e464447

    SHA256

    fcfcb35360c56d991e0068c869103a6d392e932398ef56704e1c6be97a5797eb

    SHA512

    004d54f34cc3e913d58116db872c8742b737e27a68530e744043de95a413f9f44417ecaafeae0718af299f38378955f4e0b45b239eb358be5aceda0a520c7a61

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\Vport.exe
    Filesize

    174KB

    MD5

    53668497292e4386646815001fbfa3b5

    SHA1

    f7b3784cd7fd6c7506ce1272fe8329419e464447

    SHA256

    fcfcb35360c56d991e0068c869103a6d392e932398ef56704e1c6be97a5797eb

    SHA512

    004d54f34cc3e913d58116db872c8742b737e27a68530e744043de95a413f9f44417ecaafeae0718af299f38378955f4e0b45b239eb358be5aceda0a520c7a61

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\Vport.exe
    Filesize

    174KB

    MD5

    53668497292e4386646815001fbfa3b5

    SHA1

    f7b3784cd7fd6c7506ce1272fe8329419e464447

    SHA256

    fcfcb35360c56d991e0068c869103a6d392e932398ef56704e1c6be97a5797eb

    SHA512

    004d54f34cc3e913d58116db872c8742b737e27a68530e744043de95a413f9f44417ecaafeae0718af299f38378955f4e0b45b239eb358be5aceda0a520c7a61

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\Vport.exe
    Filesize

    174KB

    MD5

    53668497292e4386646815001fbfa3b5

    SHA1

    f7b3784cd7fd6c7506ce1272fe8329419e464447

    SHA256

    fcfcb35360c56d991e0068c869103a6d392e932398ef56704e1c6be97a5797eb

    SHA512

    004d54f34cc3e913d58116db872c8742b737e27a68530e744043de95a413f9f44417ecaafeae0718af299f38378955f4e0b45b239eb358be5aceda0a520c7a61

    Download Submit

  • memory/1488-56-0x0000000000280000-0x0000000000312000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1488-54-0x0000000001000000-0x0000000001092000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1488-57-0x0000000003250000-0x0000000003253000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1488-55-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1488-67-0x0000000001000000-0x0000000001092000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1964-60-0x0000000000000000-mapping.dmp

    Download