15f18f4a282600bcdcd79f314d836968307ae48b65e1ac4b78cef00d48eba4ed

Analysis

max time kernel
71s
max time network
63s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28-11-2022 03:42

Target

15f18f4a282600bcdcd79f314d836968307ae48b65e1ac4b78cef00d48eba4ed.exe
Size

107KB
MD5

2b534514250571a9eb43fe3543ec6cae
SHA1

c44b470f22ba8a499e955b180f6a623c5771c015
SHA256

15f18f4a282600bcdcd79f314d836968307ae48b65e1ac4b78cef00d48eba4ed
SHA512

47ab25478f25d60af7ee0a9615d34b10b9a14147bedddd1d25ba3f5d30156fe22c6f474914ed1c6460729fd0bb4f5c9e91fc1c447a703ca13ca9352749a85936
SSDEEP

1536:cvZbtD4xvS+L3SNb06A0dxUIx3aBtvNyy+/oWBp/Vor8XLhrwUmvzOv54Rm9U:kZbJiL3SNvrLUgaXNyvRRVooXtAvwY

Score

8^/10

aspackv2

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

Processes:

resource	yara_rule
C:\Windows\smss.exe	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

smss.exe

pid process

1176 smss.exe
Drops file in System32 directory 1 IoCs

Processes:

smss.exe

description ioc process

File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\sLT.exf smss.exe

pid	process
1176	smss.exe

description	ioc	process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\sLT.exf	smss.exe

Drops file in Windows directory 2 IoCs

Processes:

15f18f4a282600bcdcd79f314d836968307ae48b65e1ac4b78cef00d48eba4ed.exe

description	ioc	process
File created	C:\Windows\smss.exe	15f18f4a282600bcdcd79f314d836968307ae48b65e1ac4b78cef00d48eba4ed.exe
File opened for modification	C:\Windows\smss.exe	15f18f4a282600bcdcd79f314d836968307ae48b65e1ac4b78cef00d48eba4ed.exe

C:\Users\Admin\AppData\Local\Temp\15f18f4a282600bcdcd79f314d836968307ae48b65e1ac4b78cef00d48eba4ed.exe
"C:\Users\Admin\AppData\Local\Temp\15f18f4a282600bcdcd79f314d836968307ae48b65e1ac4b78cef00d48eba4ed.exe"
1⤵
- Drops file in Windows directory
PID:1788

C:\Windows\smss.exe
Filesize
107KB

MD5
2b534514250571a9eb43fe3543ec6cae

SHA1
c44b470f22ba8a499e955b180f6a623c5771c015

SHA256
15f18f4a282600bcdcd79f314d836968307ae48b65e1ac4b78cef00d48eba4ed

SHA512
47ab25478f25d60af7ee0a9615d34b10b9a14147bedddd1d25ba3f5d30156fe22c6f474914ed1c6460729fd0bb4f5c9e91fc1c447a703ca13ca9352749a85936

Download Submit
memory/1176-61-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1176-65-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1176-66-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1788-54-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1788-55-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1788-56-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1788-57-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1788-58-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1788-64-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download