f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba

Analysis

max time kernel
21s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba.exe
Size

24.2MB
MD5

36281f940a29257b111a4e58a6c392cf
SHA1

e0c6b16a2bcdef5ed3f58329f3381e92b0b8c801
SHA256

f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba
SHA512

c6c388ca003c5204a7aff805f62d1bb7945d69d2af3fa792c8505bac206f420cdb58a1129ac4d321f4e0fd5beac33676db81f366696449ae1572dd0ac54e1c46
SSDEEP

786432:MKRF+ZSU3PEuqNtHU3tkhwl9Cz4vZtkYABHb:MRZVcustHIqOsSkJBHb

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\~GMB26F.exe	aspack_v212_v242
C:\Users\Admin\AppData\Local\Temp\~GMB26F.exe	aspack_v212_v242
\Users\Admin\AppData\Local\Temp\~GMB26F.exe	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

~GMB26F.exe

pid process

1984 ~GMB26F.exe

pid	process
1984	~GMB26F.exe

Loads dropped DLL 2 IoCs

Processes:

f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba.exe

pid	process
2028	f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba.exe
2028	f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba.exe

description pid process

Token: SeDebugPrivilege 2028 f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba.exe

description	pid	process
Token: SeDebugPrivilege	2028	f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba.exe

description	pid	process	target process
PID 2028 wrote to memory of 1984	2028	f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba.exe	~GMB26F.exe
PID 2028 wrote to memory of 1984	2028	f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba.exe	~GMB26F.exe
PID 2028 wrote to memory of 1984	2028	f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba.exe	~GMB26F.exe
PID 2028 wrote to memory of 1984	2028	f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba.exe	~GMB26F.exe

C:\Users\Admin\AppData\Local\Temp\f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba.exe
"C:\Users\Admin\AppData\Local\Temp\f6c9cf74d4a6beae47af9b8f72013ac5328e03d7cade9dee5c33c6bed96a54ba.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2028

C:\Users\Admin\AppData\Local\Temp\~GMB26F.exe
"C:\Users\Admin\AppData\Local\Temp\~GMB26F.exe"
2⤵
- Executes dropped EXE
PID:1984

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~GMB26F.exe
Filesize
23.9MB

MD5
0119fff066ee4bfcc85c978b9f6edc95

SHA1
aa530b0f8a4b68409b3e6b340809ae00dfcf8af8

SHA256
24d6b5e24615bd785c1fa22bf3b06fd819ad058c0bb709b30e133e65179418e2

SHA512
434f7efcd1c242c0824f4896269855f1ec9bad0b38d377fd725b5f6405481dc74adbe4c9e0748a282186fe2c7149c553df10cb9ab3c68a2469f9887cb922e42a

Download Submit
\Users\Admin\AppData\Local\Temp\~GMB26F.exe
Filesize
23.9MB

MD5
0119fff066ee4bfcc85c978b9f6edc95

SHA1
aa530b0f8a4b68409b3e6b340809ae00dfcf8af8

SHA256
24d6b5e24615bd785c1fa22bf3b06fd819ad058c0bb709b30e133e65179418e2

SHA512
434f7efcd1c242c0824f4896269855f1ec9bad0b38d377fd725b5f6405481dc74adbe4c9e0748a282186fe2c7149c553df10cb9ab3c68a2469f9887cb922e42a

Download Submit
\Users\Admin\AppData\Local\Temp\~GMB26F.exe
Filesize
23.9MB

MD5
0119fff066ee4bfcc85c978b9f6edc95

SHA1
aa530b0f8a4b68409b3e6b340809ae00dfcf8af8

SHA256
24d6b5e24615bd785c1fa22bf3b06fd819ad058c0bb709b30e133e65179418e2

SHA512
434f7efcd1c242c0824f4896269855f1ec9bad0b38d377fd725b5f6405481dc74adbe4c9e0748a282186fe2c7149c553df10cb9ab3c68a2469f9887cb922e42a

Download Submit
memory/1984-57-0x0000000000000000-mapping.dmp

Download
memory/1984-62-0x0000000000400000-0x0000000003097000-memory.dmp

Filesize
44.6MB

Download
memory/1984-64-0x0000000000400000-0x0000000003097000-memory.dmp

Filesize
44.6MB

Download
memory/2028-54-0x00000000760B1000-0x00000000760B3000-memory.dmp

Filesize
8KB

Download
memory/2028-60-0x0000000002460000-0x00000000050F7000-memory.dmp

Filesize
44.6MB

Download
memory/2028-61-0x0000000002460000-0x00000000050F7000-memory.dmp

Filesize
44.6MB

Download
memory/2028-63-0x0000000002460000-0x00000000050F7000-memory.dmp

Filesize
44.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads