Overview

overview

8

Static

static

8

269ad3223f...6f.exe

windows7-x64

8

269ad3223f...6f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    157s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-10-2022 05:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    269ad3223f070739794f23d9a51aa6db58b4651c7f7efcdfb36d77080cba186f.exe

  • Size

    314KB

  • MD5

    6580cdc041a0c8413bcc226ed8e9ab93

  • SHA1

    09e8a4631d2357c7cbf954a228e4fc8a98d36c9c

  • SHA256

    269ad3223f070739794f23d9a51aa6db58b4651c7f7efcdfb36d77080cba186f

  • SHA512

    f43ae44d62a6408ad7c7895eddf60f8a27e308887f735dd0a1aa36c80b964be0257c8c6e1415465144eb1206f7e971788d952c3737c4efc77c08de786b8e9ecc

  • SSDEEP

    6144:xR2eO0DlCmrRJCxINLFZoNdofbcqqFbqqFdo:T29mrRJMINLFeNdofbcqqFqqc

Score
8/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\269ad3223f070739794f23d9a51aa6db58b4651c7f7efcdfb36d77080cba186f.exe
    "C:\Users\Admin\AppData\Local\Temp\269ad3223f070739794f23d9a51aa6db58b4651c7f7efcdfb36d77080cba186f.exe"
    1⤵
    • Drops file in System32 directory
    PID:812
  • C:\Windows\SysWOW64\rwnlws.exe
    C:\Windows\SysWOW64\rwnlws.exe
    1⤵
    • Executes dropped EXE
    • Checks processor information in registry
    PID:796

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\rwnlws.exe
    Filesize

    314KB

    MD5

    6580cdc041a0c8413bcc226ed8e9ab93

    SHA1

    09e8a4631d2357c7cbf954a228e4fc8a98d36c9c

    SHA256

    269ad3223f070739794f23d9a51aa6db58b4651c7f7efcdfb36d77080cba186f

    SHA512

    f43ae44d62a6408ad7c7895eddf60f8a27e308887f735dd0a1aa36c80b964be0257c8c6e1415465144eb1206f7e971788d952c3737c4efc77c08de786b8e9ecc

    Download Submit

  • C:\Windows\SysWOW64\rwnlws.exe
    Filesize

    314KB

    MD5

    6580cdc041a0c8413bcc226ed8e9ab93

    SHA1

    09e8a4631d2357c7cbf954a228e4fc8a98d36c9c

    SHA256

    269ad3223f070739794f23d9a51aa6db58b4651c7f7efcdfb36d77080cba186f

    SHA512

    f43ae44d62a6408ad7c7895eddf60f8a27e308887f735dd0a1aa36c80b964be0257c8c6e1415465144eb1206f7e971788d952c3737c4efc77c08de786b8e9ecc

    Download Submit

  • memory/796-137-0x0000000000400000-0x000000000054D000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/796-138-0x0000000000400000-0x000000000054D000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/796-139-0x0000000000400000-0x000000000054D000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/796-141-0x0000000000400000-0x000000000054D000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/812-132-0x0000000000400000-0x000000000054D000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/812-133-0x0000000000400000-0x000000000054D000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/812-134-0x0000000000400000-0x000000000054D000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/812-140-0x0000000000400000-0x000000000054D000-memory.dmp

    Filesize

    1.3MB

    Download