af627addc0146dfa2e5c4c60e755397245d74469b5898f1887ba8db82afb37c5

Analysis

max time kernel
89s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9dcf15542011cbfeb49c2081dc7b2cb5.exe
Size

7.3MB
MD5

9dcf15542011cbfeb49c2081dc7b2cb5
SHA1

639616c735fedda841f9ff6e366298181604e632
SHA256

af627addc0146dfa2e5c4c60e755397245d74469b5898f1887ba8db82afb37c5
SHA512

f992aaad4fb5af0e6843dc35230841880e33405220ed57fc4d508ca1b85f38d69fc78bce32c909422c6ee9a43da18439955186f10988b942b0a6db0779c3dc4e
SSDEEP

98304:3UCnHeAVCn1fRvLVUcw0MkFx7MkFx9MkFxCMkFxIMkFxCMkFxKMkFxJ7VFuAA4tq:dHI1XZjl7AGoMnfu+Lgjv

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\E_N60005\krnln.fnr	aspack_v212_v242
C:\Users\Admin\AppData\Local\Temp\E_N60005\eAPI.fne	aspack_v212_v242
C:\Users\Admin\AppData\Local\Temp\E_N60005\eAPI.fne	aspack_v212_v242

Loads dropped DLL 6 IoCs

Processes:

9dcf15542011cbfeb49c2081dc7b2cb5.exe

pid	process
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

9dcf15542011cbfeb49c2081dc7b2cb5.exe

pid	process
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

9dcf15542011cbfeb49c2081dc7b2cb5.exe

pid	process
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe
1952	9dcf15542011cbfeb49c2081dc7b2cb5.exe

C:\Users\Admin\AppData\Local\Temp\9dcf15542011cbfeb49c2081dc7b2cb5.exe
"C:\Users\Admin\AppData\Local\Temp\9dcf15542011cbfeb49c2081dc7b2cb5.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\E_N60005\ExuiKrnln.fne
Filesize
1.9MB

MD5
37366c1f3b98360ad781499cf90b02e9

SHA1
ac6c292a9528730c46c3e5c901fc98b4db687f1c

SHA256
6a6a1c72016470034c8ad3ce8abd4a2322e113fc500f0de40c5bb1100e4179f3

SHA512
530b80af23d75535f0aa9aebe7c84f3c09aee7a6075a338546a634efccbc675874e7ad7e46ca2bee523bba4deadf3a4e6fc70b3d549b7144a8667c0d19f607e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_N60005\eAPI.fne
Filesize
156KB

MD5
4bfd2196a035808bc2108909d70f40e0

SHA1
2055e2f5faebe89c39bb54000cabd77f2f684294

SHA256
b8c03b0f0dfdde3fe33ac63b9322a1f72ef56748c8cde860a320ac9d6f868adc

SHA512
b845d2b6309434600a5e922bebb43d9305d4316fff0b7d59aa0615e5aa68a3a112737f733d141e56a1b87b0631d6c66ca18a0273e16632598ccf3bee99d4da46

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_N60005\eAPI.fne
Filesize
156KB

MD5
4bfd2196a035808bc2108909d70f40e0

SHA1
2055e2f5faebe89c39bb54000cabd77f2f684294

SHA256
b8c03b0f0dfdde3fe33ac63b9322a1f72ef56748c8cde860a320ac9d6f868adc

SHA512
b845d2b6309434600a5e922bebb43d9305d4316fff0b7d59aa0615e5aa68a3a112737f733d141e56a1b87b0631d6c66ca18a0273e16632598ccf3bee99d4da46

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_N60005\krnln.fnr
Filesize
597KB

MD5
e20929ea2cd3cc34b3b6f30cc6a4d723

SHA1
31793f3f10f0964b50826e10df74e36002e2f9e5

SHA256
96e1778537df3ce9868806f4ff4b9b1eb682a7f52e33497cfa4f6fefbd164584

SHA512
cd6f7e914bdff45977c058b49a60cd25f6a8d12838096ff63fb433de23a3705a679ede6be628c298ede5c9a42465a26864b6bbff03fc4bca6128cec764614931

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_N60005\shellEx.fne
Filesize
14KB

MD5
cbe7b9dbe063b6f94b1b53e936f6c0a4

SHA1
9dc41d44da76f65f00bd74e59cfb2be07f19756a

SHA256
f7f2a1dee67bb04b990d04eae4fd5d83a4b415b0ccfba83d557f1373b0119f36

SHA512
81580a1beb8594ec8687b680338f2ff7cec5af312ff28cab4aaa63ce3aeac6d5cf26b00e8bd42cfce29439d65a41211bbb796f6d80498642de3271c834a7a129

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_N60005\shellEx.fne
Filesize
14KB

MD5
cbe7b9dbe063b6f94b1b53e936f6c0a4

SHA1
9dc41d44da76f65f00bd74e59cfb2be07f19756a

SHA256
f7f2a1dee67bb04b990d04eae4fd5d83a4b415b0ccfba83d557f1373b0119f36

SHA512
81580a1beb8594ec8687b680338f2ff7cec5af312ff28cab4aaa63ce3aeac6d5cf26b00e8bd42cfce29439d65a41211bbb796f6d80498642de3271c834a7a129

Download Submit
memory/1952-132-0x0000000000400000-0x000000000093D000-memory.dmp

Filesize
5.2MB

Download
memory/1952-134-0x0000000010000000-0x000000001014E000-memory.dmp

Filesize
1.3MB

Download
memory/1952-136-0x0000000002D70000-0x0000000002E7D000-memory.dmp

Filesize
1.1MB

Download
memory/1952-142-0x0000000009490000-0x00000000094F0000-memory.dmp

Filesize
384KB

Download
memory/1952-143-0x0000000000400000-0x000000000093D000-memory.dmp

Filesize
5.2MB

Download
memory/1952-146-0x0000000010000000-0x000000001014E000-memory.dmp

Filesize
1.3MB

Download