Overview

overview

8

Static

static

7468b3c64e...34.exe

windows7-x64

8

7468b3c64e...34.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 22:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7468b3c64e4616e2a0a5c5c343a56e65b7d8ecf166b3aa3c4d189debe4d78534.exe

  • Size

    144KB

  • MD5

    6e0f9818bce264cc35ab4668c8cae6b0

  • SHA1

    bae6c9905a27b4c03e3e1611bedcdb04dc1cae3f

  • SHA256

    7468b3c64e4616e2a0a5c5c343a56e65b7d8ecf166b3aa3c4d189debe4d78534

  • SHA512

    acc3c99e1abe814322ab893958cda74591e00408535acd01eef326dcec7d47b001597f667f3a16a7f95ce1749f13d5d97b1569a33789c8273a45ba94d8c5c700

  • SSDEEP

    768:Zr4pOx8e/aOVq413ixQGPL4vzZq2o9W7GsxBbPr:GpOx8eyOVD13i2GCq2iW7z

Score
8/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7468b3c64e4616e2a0a5c5c343a56e65b7d8ecf166b3aa3c4d189debe4d78534.exe
    "C:\Users\Admin\AppData\Local\Temp\7468b3c64e4616e2a0a5c5c343a56e65b7d8ecf166b3aa3c4d189debe4d78534.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Users\Admin\AppData\Local\Temp\EIhyxM.exe
      C:\Users\Admin\AppData\Local\Temp\EIhyxM.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:1776
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\5b523af7.bat" "
        3⤵
          PID:360

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\5b523af7.bat
            Filesize

            187B

            MD5

            f20634ed0c830855588d7f2bb4d8b3bb

            SHA1

            beb76ec3429e31e2fec5e159fd9fdee49c2467b4

            SHA256

            dfe2adb7fa413539ce656820ae1e28121c206e5b7224cb3db27b8a8e4d84e3c8

            SHA512

            42cb11095abcf40ebba6545905abaddee13fc242ba55783961459b300612a056180fce65ad59cabf93273b635ea5c0ea976033aec2bf02a86c4a67029c317051

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\EIhyxM.exe
            Filesize

            15KB

            MD5

            56b2c3810dba2e939a8bb9fa36d3cf96

            SHA1

            99ee31cd4b0d6a4b62779da36e0eeecdd80589fc

            SHA256

            4354970ccc7cd6bb16318f132c34f6a1b3d5c2ea7ff53e1c9271905527f2db07

            SHA512

            27812a9a034d7bd2ca73b337ae9e0b6dc79c38cfd1a2c6ac9d125d3cc8fa563c401a40d22155811d5054e5baa8cf8c8e7e03925f25fa856a9ba9dea708d15b4e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\EIhyxM.exe
            Filesize

            15KB

            MD5

            56b2c3810dba2e939a8bb9fa36d3cf96

            SHA1

            99ee31cd4b0d6a4b62779da36e0eeecdd80589fc

            SHA256

            4354970ccc7cd6bb16318f132c34f6a1b3d5c2ea7ff53e1c9271905527f2db07

            SHA512

            27812a9a034d7bd2ca73b337ae9e0b6dc79c38cfd1a2c6ac9d125d3cc8fa563c401a40d22155811d5054e5baa8cf8c8e7e03925f25fa856a9ba9dea708d15b4e

            Download Submit

          • \Users\Admin\AppData\Local\Temp\EIhyxM.exe
            Filesize

            15KB

            MD5

            56b2c3810dba2e939a8bb9fa36d3cf96

            SHA1

            99ee31cd4b0d6a4b62779da36e0eeecdd80589fc

            SHA256

            4354970ccc7cd6bb16318f132c34f6a1b3d5c2ea7ff53e1c9271905527f2db07

            SHA512

            27812a9a034d7bd2ca73b337ae9e0b6dc79c38cfd1a2c6ac9d125d3cc8fa563c401a40d22155811d5054e5baa8cf8c8e7e03925f25fa856a9ba9dea708d15b4e

            Download Submit

          • \Users\Admin\AppData\Local\Temp\EIhyxM.exe
            Filesize

            15KB

            MD5

            56b2c3810dba2e939a8bb9fa36d3cf96

            SHA1

            99ee31cd4b0d6a4b62779da36e0eeecdd80589fc

            SHA256

            4354970ccc7cd6bb16318f132c34f6a1b3d5c2ea7ff53e1c9271905527f2db07

            SHA512

            27812a9a034d7bd2ca73b337ae9e0b6dc79c38cfd1a2c6ac9d125d3cc8fa563c401a40d22155811d5054e5baa8cf8c8e7e03925f25fa856a9ba9dea708d15b4e

            Download Submit

          • memory/1776-58-0x00000000762E1000-0x00000000762E3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1776-63-0x00000000011D0000-0x00000000011D9000-memory.dmp

            Filesize

            36KB

            Download

          • memory/1776-65-0x00000000011D0000-0x00000000011D9000-memory.dmp

            Filesize

            36KB

            Download

          • memory/2036-61-0x0000000000340000-0x0000000000349000-memory.dmp

            Filesize

            36KB

            Download

          • memory/2036-60-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2036-62-0x0000000000340000-0x0000000000349000-memory.dmp

            Filesize

            36KB

            Download

          • memory/2036-67-0x0000000000400000-0x0000000000424000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2036-68-0x0000000000340000-0x0000000000349000-memory.dmp

            Filesize

            36KB

            Download

          • memory/2036-69-0x0000000000340000-0x0000000000349000-memory.dmp

            Filesize

            36KB

            Download