Overview

overview

8

Static

static

8

abbd647aed...bf.exe

windows7-x64

8

abbd647aed...bf.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    231s
  • max time network
    317s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 11:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    abbd647aed9c0d37aee8bfadb537b58d07f2755a24055cd19eb1aafda46ebfbf.exe

  • Size

    324KB

  • MD5

    e39759cd8fc3632605a1d89bbe0e752e

  • SHA1

    6ced5fb03b0fa20ecf98f44fa351e648a0f1977e

  • SHA256

    abbd647aed9c0d37aee8bfadb537b58d07f2755a24055cd19eb1aafda46ebfbf

  • SHA512

    b0f2c956bc8f706637a902daa1c02f549f2d43e24182c507f06fd6919e38d2e942727126d9518e3e48ea6c7e90115ea9064ba7f4be12e922ec4428121fc24651

  • SSDEEP

    6144:d/j5C+E13/4YIJ8m1MxUyRzoVOBlYQflIGE:d/s+qP4BJTM6++OBlYERE

Score
8/10
aspackv2persistenceupx

Malware Config

Signatures

  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Sets DLL path for service in the registry 2 TTPs 2 IoCs
    persistence
  • UPX packed file 13 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\abbd647aed9c0d37aee8bfadb537b58d07f2755a24055cd19eb1aafda46ebfbf.exe
    "C:\Users\Admin\AppData\Local\Temp\abbd647aed9c0d37aee8bfadb537b58d07f2755a24055cd19eb1aafda46ebfbf.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:936
    • C:\1dde6cba.exe
      C:\1dde6cba.exe
      2⤵
      • Executes dropped EXE
      • Sets DLL path for service in the registry
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      PID:872
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.macromedia.com/shockwave/download/?P1_Prod_Version=SWArchive10.0.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:880
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:880 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1464
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    1⤵
    • Loads dropped DLL
    PID:1560
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    1⤵
      PID:1448

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Registry Run Keys / Startup Folder

    1
    T1060

    Privilege Escalation

    Defense Evasion

    Modify Registry

    2
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\1dde6cba.exe
      Filesize

      240KB

      MD5

      f5d2a6e81cd9b23d4899371b296b8a8c

      SHA1

      7b095e73b522c5a1b12e26ae389464c5c123bc8e

      SHA256

      775082343ef68119bf9bf671c677c981b68ed6f627ff5b8b4de414e2e9d29a42

      SHA512

      77842aae633daac864c148fdc5d40b22cc1dc9e3e0c0e81df7694d2c6e95bfb02bc18bb34c047bbf4b12dc24d14eb1b89acf75f43f547e311fe63730b6a54662

      Download Submit
    • C:\1dde6cba.exe
      Filesize

      240KB

      MD5

      f5d2a6e81cd9b23d4899371b296b8a8c

      SHA1

      7b095e73b522c5a1b12e26ae389464c5c123bc8e

      SHA256

      775082343ef68119bf9bf671c677c981b68ed6f627ff5b8b4de414e2e9d29a42

      SHA512

      77842aae633daac864c148fdc5d40b22cc1dc9e3e0c0e81df7694d2c6e95bfb02bc18bb34c047bbf4b12dc24d14eb1b89acf75f43f547e311fe63730b6a54662

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e99698c1b5f0d92908cbb0e909b3b885

      SHA1

      07c75bef30db9b773402798e1c772159b24a2ce5

      SHA256

      af845b3f3b4445837cbd1ca7c7d78d8ad6788a7f3eb162f1a856bb4ac6819087

      SHA512

      bba6aaabd80b958138b63fb34a41ed72458ab3a67ea0bce06178107d69ab37546aebc90ef2a40a18ecfa94b0e992005d47ba301d98bf869db63b4b5f7bd609d8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      17f4a698912f35fd601ab91995e10d46

      SHA1

      e3a62573a4d87b38522c35857c0881eef423f8b8

      SHA256

      4c89e3bf4de7be5ae904013fa2e8ae5a50b9dacf698cdeaea40f1d928c393fa6

      SHA512

      81ab494d3dcff525261f4ba4f093fd0b33c53c0ad08bd97dd992f722776fb8b83fb4f956f9c1c4757dc9faee9f910c5adea3fa524c3ecc92b612bf6fb12f9b90

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\07XOBXR4.txt
      Filesize

      608B

      MD5

      0a24c73ebee17a41349d229970f92f80

      SHA1

      7a6c7f73847472553c00d1c3893c9315f5cfd2b1

      SHA256

      085381063487e73350d7f1f1b2fb96450d977f460bbfbf799345cd57890269f8

      SHA512

      1c47bfbcef1cdbcd7648b33679d6ddbda65699eb5ee51b7ae44d6f1137c7abb37942ac2a5cbe8c4265ad76df3cb03c14c08d61bc076c93a5874f04fcc763a911

      Download Submit
    • \??\c:\windows\SysWOW64\fastuserswitchingcompatibility.dll
      Filesize

      240KB

      MD5

      e48f830a89ba95daf7650bb9b05bd117

      SHA1

      304e6666ad4a8e0329f7aa4646c34c5fe57d19fe

      SHA256

      046338af97e20aaf13aa5aa3c550a139a5f41ee3f22592497ab1f9b7c82786c6

      SHA512

      a462bea2fedd9135dd9b226b5b20cfd8172581d03b2c06acae4018ba8fba1c1e5f2d68f7e0ff860fd9269a02e36cc6c59e33b8c02f8168cd83e674ee074b3095

      Download Submit
    • \Windows\SysWOW64\FastUserSwitchingCompatibility.dll
      Filesize

      240KB

      MD5

      e48f830a89ba95daf7650bb9b05bd117

      SHA1

      304e6666ad4a8e0329f7aa4646c34c5fe57d19fe

      SHA256

      046338af97e20aaf13aa5aa3c550a139a5f41ee3f22592497ab1f9b7c82786c6

      SHA512

      a462bea2fedd9135dd9b226b5b20cfd8172581d03b2c06acae4018ba8fba1c1e5f2d68f7e0ff860fd9269a02e36cc6c59e33b8c02f8168cd83e674ee074b3095

      Download Submit
    • memory/872-64-0x00000000026D0000-0x00000000066D0000-memory.dmp
      Filesize

      64.0MB

      Download
    • memory/872-62-0x0000000001280000-0x00000000012CE000-memory.dmp
      Filesize

      312KB

      Download
    • memory/872-63-0x0000000000080000-0x00000000000CE000-memory.dmp
      Filesize

      312KB

      Download
    • memory/872-56-0x0000000000000000-mapping.dmp
      Download
    • memory/872-65-0x00000000026D0000-0x00000000066D0000-memory.dmp
      Filesize

      64.0MB

      Download
    • memory/872-61-0x0000000001280000-0x00000000012CE000-memory.dmp
      Filesize

      312KB

      Download
    • memory/872-60-0x0000000001280000-0x00000000012CE000-memory.dmp
      Filesize

      312KB

      Download
    • memory/872-58-0x0000000076391000-0x0000000076393000-memory.dmp
      Filesize

      8KB

      Download
    • memory/936-73-0x0000000000220000-0x0000000000226000-memory.dmp
      Filesize

      24KB

      Download
    • memory/936-72-0x0000000020000000-0x0000000020053000-memory.dmp
      Filesize

      332KB

      Download
    • memory/936-54-0x0000000020000000-0x0000000020053000-memory.dmp
      Filesize

      332KB

      Download
    • memory/936-55-0x0000000000220000-0x000000000026E000-memory.dmp
      Filesize

      312KB

      Download
    • memory/1560-71-0x00000000747B0000-0x00000000747FE000-memory.dmp
      Filesize

      312KB

      Download
    • memory/1560-70-0x00000000747B0000-0x00000000747FE000-memory.dmp
      Filesize

      312KB

      Download
    • memory/1560-69-0x00000000747B0000-0x00000000747FE000-memory.dmp
      Filesize

      312KB

      Download