cf9e8537bc8d23e05f9899f00d8d5380969bfb135afc672bdd72c0c215bc1ed6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

cf9e8537bc...d6.exe

windows7-x64

cf9e8537bc...d6.exe

windows10-2004-x64

Sharing

General

Target

cf9e8537bc8d23e05f9899f00d8d5380969bfb135afc672bdd72c0c215bc1ed6
Size

194KB
Sample

221121-nk3lgacb41
MD5

3b2733f12a4f58a00300049b4d2de5b6
SHA1

195d6e02e684f59bc56d669fa1f75018d3027dad
SHA256

cf9e8537bc8d23e05f9899f00d8d5380969bfb135afc672bdd72c0c215bc1ed6
SHA512

b738156919ca3488b1edac7e4a1849e60d5f959aece6966e13b9b9d5778a1446256120f943e844a0064c61892331dc560c48a6401db26adeb70ba70981951f50
SSDEEP

6144:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApwk:ZMMpXKb0hNGh1kG0HWnA+k

Score

10^/10

aspackv2 persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cf9e8537bc8d23e05f9899f00d8d5380969bfb135afc672bdd72c0c215bc1ed6.exe

Resource

win7-20221111-en

aspackv2 persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

cf9e8537bc8d23e05f9899f00d8d5380969bfb135afc672bdd72c0c215bc1ed6.exe

Resource

win10v2004-20221111-en

aspackv2 persistence

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  cf9e8537bc8d23e05f9899f00d8d5380969bfb135afc672bdd72c0c215bc1ed6
- Size
  
  194KB
- MD5
  
  3b2733f12a4f58a00300049b4d2de5b6
- SHA1
  
  195d6e02e684f59bc56d669fa1f75018d3027dad
- SHA256
  
  cf9e8537bc8d23e05f9899f00d8d5380969bfb135afc672bdd72c0c215bc1ed6
- SHA512
  
  b738156919ca3488b1edac7e4a1849e60d5f959aece6966e13b9b9d5778a1446256120f943e844a0064c61892331dc560c48a6401db26adeb70ba70981951f50
- SSDEEP
  
  6144:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApwk:ZMMpXKb0hNGh1kG0HWnA+k
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2025

Terms | Privacy