Overview

overview

8

Static

static

ced5bf4f2b...3e.exe

windows7-x64

8

ced5bf4f2b...3e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 19:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ced5bf4f2b075f7d9c0411cf5194cf31747d7618a85cc4a794a624c766915e3e.exe

  • Size

    372KB

  • MD5

    deb099b243b0700e8f230727eddd93a1

  • SHA1

    e9213d1fe1593a1b13d3f360676fd7487a97aec4

  • SHA256

    ced5bf4f2b075f7d9c0411cf5194cf31747d7618a85cc4a794a624c766915e3e

  • SHA512

    9267ee0cf13dd21720863b52c854e43a4cb19343a5543301c7a94bd08db285c3ef43029e6c474fff39e11391534da6dbd9d42a2d657aa4a302b5cab5ca03731b

  • SSDEEP

    6144:K/npA1BQ9DJZfca9HqCl6giRnGSSFDJK0zI04:GnpaODJZfcaxqAiRj0cZ

Score
8/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ced5bf4f2b075f7d9c0411cf5194cf31747d7618a85cc4a794a624c766915e3e.exe
    "C:\Users\Admin\AppData\Local\Temp\ced5bf4f2b075f7d9c0411cf5194cf31747d7618a85cc4a794a624c766915e3e.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4860
    • C:\Users\Admin\AppData\Local\Temp\~GM7AA3.exe
      "C:\Users\Admin\AppData\Local\Temp\~GM7AA3.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~GM7AA3.exe
    Filesize

    66KB

    MD5

    f7238e42746b458f5ab7250f164d3b85

    SHA1

    9e902ca4dfd3019fe22285d180dd1d0077f9aea3

    SHA256

    8ca44518ff00f55ac00b7d7e32d9b5a5c27a6b85c660ee4e651e4d4c20a9de3a

    SHA512

    21c17aff470477f3168285ac2160f75092998c5b99b89f07ddcf56e8a0312dcb565c7e90f7a7a0195bd443860b24ddc2789601af3d203f1428c38113462bf5db

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\~GM7AA3.exe
    Filesize

    66KB

    MD5

    f7238e42746b458f5ab7250f164d3b85

    SHA1

    9e902ca4dfd3019fe22285d180dd1d0077f9aea3

    SHA256

    8ca44518ff00f55ac00b7d7e32d9b5a5c27a6b85c660ee4e651e4d4c20a9de3a

    SHA512

    21c17aff470477f3168285ac2160f75092998c5b99b89f07ddcf56e8a0312dcb565c7e90f7a7a0195bd443860b24ddc2789601af3d203f1428c38113462bf5db

    Download Submit
  • memory/3708-132-0x0000000000000000-mapping.dmp
    Download
  • memory/3708-138-0x0000000001240000-0x000000000126B000-memory.dmp
    Filesize

    172KB

    Download