186053f58fcfa57a5aca0c0b0355081efaa11f0d73f192bcf65e992c14c43906 | Triage

Submit
Reports

Overview

overview

Static

static

8

186053f58f...06.exe

windows7-x64

186053f58f...06.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

186053f58fcfa57a5aca0c0b0355081efaa11f0d73f192bcf65e992c14c43906
Size

183KB
Sample

221030-3gfd4affan
MD5

91ef2268d1fa3b5d37b0bb9dad5857d7
SHA1

f45b02d9f312d6243ffe711b30882809198044ac
SHA256

186053f58fcfa57a5aca0c0b0355081efaa11f0d73f192bcf65e992c14c43906
SHA512

fa04d6fcf95a5b9a0d8f64adb6aeab57307cb5f9a1a920a3dec4c9d45ce13689b51898b805a517c3e31cf02834ec34b631c8db827a822f81ca3be5639deb98fe
SSDEEP

3072:rimsXXK9HRTOeriRfP6pXfSb0dspqc5oY0htVFAHT11Ual21Cxcs0HKAH057kyJM:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HWy

Score

10^/10

aspackv2 persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

186053f58fcfa57a5aca0c0b0355081efaa11f0d73f192bcf65e992c14c43906.exe

Resource

win7-20220901-en

aspackv2 persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

186053f58fcfa57a5aca0c0b0355081efaa11f0d73f192bcf65e992c14c43906.exe

Resource

win10v2004-20220901-en

aspackv2 persistence

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  186053f58fcfa57a5aca0c0b0355081efaa11f0d73f192bcf65e992c14c43906
- Size
  
  183KB
- MD5
  
  91ef2268d1fa3b5d37b0bb9dad5857d7
- SHA1
  
  f45b02d9f312d6243ffe711b30882809198044ac
- SHA256
  
  186053f58fcfa57a5aca0c0b0355081efaa11f0d73f192bcf65e992c14c43906
- SHA512
  
  fa04d6fcf95a5b9a0d8f64adb6aeab57307cb5f9a1a920a3dec4c9d45ce13689b51898b805a517c3e31cf02834ec34b631c8db827a822f81ca3be5639deb98fe
- SSDEEP
  
  3072:rimsXXK9HRTOeriRfP6pXfSb0dspqc5oY0htVFAHT11Ual21Cxcs0HKAH057kyJM:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HWy
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2025

Terms | Privacy