Overview

overview

8

Static

static

f979f72781...cf.exe

windows7-x64

8

f979f72781...cf.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/11/2022, 20:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f979f727817088a5445a829d9ad1e714d91d36f0446c1c9c6de0984e786600cf.exe

  • Size

    300KB

  • MD5

    0cd76fe9419489fa159343bbf83b3c21

  • SHA1

    ac9f25bf0ae29634d78fee255ead72def2fc6ac7

  • SHA256

    f979f727817088a5445a829d9ad1e714d91d36f0446c1c9c6de0984e786600cf

  • SHA512

    107b0d63b4be6e04b7c4bf94cfed41157b0b01f660c225e10005c430916b269b333ee4f2d375b40f78055c44a96c61a8f866fda84cf86ee4f197657cf3767118

  • SSDEEP

    6144:LQVJvzN5V+pOrVXl7HWrE+icB8aa36OCwb7eEk8vEE+M1P:L2JvEEXVHGbKaW60b7eX8vEkP

Score
8/10
aspackv2persistenceupx

Malware Config

Signatures

  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
    persistence
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f979f727817088a5445a829d9ad1e714d91d36f0446c1c9c6de0984e786600cf.exe
    "C:\Users\Admin\AppData\Local\Temp\f979f727817088a5445a829d9ad1e714d91d36f0446c1c9c6de0984e786600cf.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1476
    • C:\2e76488c.exe
      C:\2e76488c.exe
      2⤵
      • Executes dropped EXE
      • Sets DLL path for service in the registry
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      PID:2144
  • C:\Windows\SysWOW64\Svchost.exe
    C:\Windows\SysWOW64\Svchost.exe -k netsvcs -s FastUserSwitchingCompatibility
    1⤵
    • Loads dropped DLL
    PID:424

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\2e76488c.exe
          Filesize

          222KB

          MD5

          585c2390e02463e6711265e605eff0c7

          SHA1

          d076affdb51cb988509555f866d576aa309cf380

          SHA256

          09b7625008038ff223761acf9bac6bc4794700f336b99b1d1891b58c293bb082

          SHA512

          c829a8b6e70dcf42f6586a8cb0026b7289db55c56d39c7f712b3e43addb7a66eb83fd89cfa39fb306edc1b3db10c0dda7d05aeceddac94fe4a393427c60277f6

          Download Submit

        • C:\2e76488c.exe
          Filesize

          222KB

          MD5

          585c2390e02463e6711265e605eff0c7

          SHA1

          d076affdb51cb988509555f866d576aa309cf380

          SHA256

          09b7625008038ff223761acf9bac6bc4794700f336b99b1d1891b58c293bb082

          SHA512

          c829a8b6e70dcf42f6586a8cb0026b7289db55c56d39c7f712b3e43addb7a66eb83fd89cfa39fb306edc1b3db10c0dda7d05aeceddac94fe4a393427c60277f6

          Download Submit

        • C:\Users\Infotmp.txt
          Filesize

          724B

          MD5

          8f95272a4a78badace9eb5e0b04e6851

          SHA1

          884f1e33acb91756833564e7781f10ba9ba3a2fd

          SHA256

          c5a4681abaa216c960ebe31f7c58b408bdba66b6f7d026dbdaa37a811609aa0f

          SHA512

          9bf147a2e66ad3916b12224be71f003ddf23125ca0375b939849217e0fd3bd7488fe985e4718c92505660b65a50d24ff332c1992d6e9a9f3fd6996825fbe6a67

          Download Submit

        • C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll
          Filesize

          222KB

          MD5

          eca252e84ada8d896458393bfb62d022

          SHA1

          5f200c89df8d196e64987c3f6b61da52dcead693

          SHA256

          b0037b149a64cba1f5c382cd87e5d7a5ba6bf9ed1866c3af8cbf2c7e50bb5a1e

          SHA512

          dba28a7af38c222699405a98f34fabec2783a5842b3573cf432e050cf8f07013bc396b081842bd0625e33b6941ed90d2463eca8c66020db237cf61104fbb7484

          Download Submit

        • \??\c:\windows\SysWOW64\fastuserswitchingcompatibility.dll
          Filesize

          222KB

          MD5

          eca252e84ada8d896458393bfb62d022

          SHA1

          5f200c89df8d196e64987c3f6b61da52dcead693

          SHA256

          b0037b149a64cba1f5c382cd87e5d7a5ba6bf9ed1866c3af8cbf2c7e50bb5a1e

          SHA512

          dba28a7af38c222699405a98f34fabec2783a5842b3573cf432e050cf8f07013bc396b081842bd0625e33b6941ed90d2463eca8c66020db237cf61104fbb7484

          Download Submit

        • memory/424-143-0x0000000074CE0000-0x0000000074D28000-memory.dmp

          Filesize

          288KB

          Download

        • memory/424-141-0x0000000074CE0000-0x0000000074D28000-memory.dmp

          Filesize

          288KB

          Download

        • memory/1476-145-0x0000000000400000-0x000000000044D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/1476-136-0x0000000000400000-0x000000000044D000-memory.dmp

          Filesize

          308KB

          Download

        • memory/2144-135-0x0000000000980000-0x00000000009C8000-memory.dmp

          Filesize

          288KB

          Download

        • memory/2144-138-0x00000000026C0000-0x00000000066C0000-memory.dmp

          Filesize

          64.0MB

          Download

        • memory/2144-144-0x0000000000980000-0x00000000009C8000-memory.dmp

          Filesize

          288KB

          Download

        • memory/2144-137-0x0000000000980000-0x00000000009C8000-memory.dmp

          Filesize

          288KB

          Download