Overview

overview

8

Static

static

1ad8809347...cb.exe

windows7-x64

8

1ad8809347...cb.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    28s
  • max time network
    82s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 17:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ad8809347eeb6fd7cd6350229a5ed9dc4b5ca97c49671188c7c86c7e1c03dcb.exe

  • Size

    740KB

  • MD5

    54aa282bbc67aac4d462ddc76096c106

  • SHA1

    4cb55cdd8099ecb6cd697838ca72506bf23cac2e

  • SHA256

    1ad8809347eeb6fd7cd6350229a5ed9dc4b5ca97c49671188c7c86c7e1c03dcb

  • SHA512

    4fc9fbc55eafbc171748e2b91751091a0b644ae9ea8f4714affd8af1e1047504b80543d981c449748ec850c6175d6a3c9be3cca75b1b9264dcff012972993ead

  • SSDEEP

    12288:5TbEblEqvPedr2DQFN7DE9auJF+3nuBAqyvK5YISC048KZj/C6Zc492g8MhD9I7S:94blESedCDqlESxzKc4PHhD94tEMBU

Score
8/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ad8809347eeb6fd7cd6350229a5ed9dc4b5ca97c49671188c7c86c7e1c03dcb.exe
    "C:\Users\Admin\AppData\Local\Temp\1ad8809347eeb6fd7cd6350229a5ed9dc4b5ca97c49671188c7c86c7e1c03dcb.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\4a1a1b42.exe
      C:\4a1a1b42.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:1612
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\71551e75.bat" "
        3⤵
          PID:752

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\4a1a1b42.exe
      Filesize

      15KB

      MD5

      e351365b4bc9f244b8424288e2cdbcbd

      SHA1

      f2d70670f8d230a59b453ae4cf4738e7675221a2

      SHA256

      d511d476b6777335ed6d1bc3ce7efdf84a91bf04a6514c263c28caec186e09ee

      SHA512

      263f3db3f4d4d7e4d8cfef8663ab9dbebfa3f6606c1eca0fe0fbcaa867e0980617972d1e15c888fd7c849b4d17e457e877991c55ea82c10e8033662e26520864

      Download Submit

    • C:\4a1a1b42.exe
      Filesize

      15KB

      MD5

      e351365b4bc9f244b8424288e2cdbcbd

      SHA1

      f2d70670f8d230a59b453ae4cf4738e7675221a2

      SHA256

      d511d476b6777335ed6d1bc3ce7efdf84a91bf04a6514c263c28caec186e09ee

      SHA512

      263f3db3f4d4d7e4d8cfef8663ab9dbebfa3f6606c1eca0fe0fbcaa867e0980617972d1e15c888fd7c849b4d17e457e877991c55ea82c10e8033662e26520864

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\71551e75.bat
      Filesize

      129B

      MD5

      00cf25f66c49540d827960f6fe3e5d41

      SHA1

      977159c97334dd818ee6066284d3423b7ee0b6d3

      SHA256

      e022f4ec389726e2c429e169cda0d76d29ef6d7049f27550f3ca8584b7ae4d10

      SHA512

      d7e7e6a674b8147eb06bd1d2ea3f0f10837c39499a72f0275f49ef3db5b78bac7d48b5fb6ec119cb16db6295299b59d65f561ff9a42acad8eb459df92e26095e

      Download Submit

    • memory/1612-62-0x0000000000030000-0x0000000000039000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1612-71-0x0000000000030000-0x0000000000039000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2036-63-0x0000000000270000-0x000000000027A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2036-54-0x0000000075501000-0x0000000075503000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2036-64-0x0000000000270000-0x000000000027A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2036-65-0x0000000000400000-0x0000000000604000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2036-66-0x0000000000270000-0x000000000027A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2036-67-0x0000000000270000-0x000000000027A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2036-69-0x0000000000270000-0x0000000000276000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2036-68-0x0000000000400000-0x0000000000604000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2036-61-0x0000000000230000-0x0000000000239000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2036-60-0x0000000000230000-0x0000000000239000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2036-59-0x0000000000400000-0x0000000000604000-memory.dmp

      Filesize

      2.0MB

      Download