8ac93dc76c6425ebdecefd0527c0adb36db99521d1afb46e50cd32a3649fefa0

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2022, 04:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ac93dc76c6425ebdecefd0527c0adb36db99521d1afb46e50cd32a3649fefa0.exe
Size

504KB
MD5

28ea52ca2afc4793b0f6ae73f63303f1
SHA1

119de73e4e79a167ad4d8e4eeae7b7abc2cc07ab
SHA256

8ac93dc76c6425ebdecefd0527c0adb36db99521d1afb46e50cd32a3649fefa0
SHA512

44ef886837a4fc0b5530b4d4e994e3f67949ee7eaf24f4fbf2028ad05494e34e894067c395db017a7f87f9340ad9d347224f9b1b3d8540e7a4087b49f6a5e19f
SSDEEP

12288:Rcqbtwl3awW8uMEUIGZb9wxhMiCwR+WkBm6nT0GLtnJG+:RTsKwWB4bqEWVksST0GLtA+

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x0002000000022e03-136.dat	aspack_v212_v242
behavioral2/files/0x0002000000022e03-137.dat	aspack_v212_v242

Executes dropped EXE 2 IoCs

pid	Process
4796	sy1.exe
1316	sy2.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 4796	4936	8ac93dc76c6425ebdecefd0527c0adb36db99521d1afb46e50cd32a3649fefa0.exe	81
PID 4936 wrote to memory of 4796	4936	8ac93dc76c6425ebdecefd0527c0adb36db99521d1afb46e50cd32a3649fefa0.exe	81
PID 4936 wrote to memory of 4796	4936	8ac93dc76c6425ebdecefd0527c0adb36db99521d1afb46e50cd32a3649fefa0.exe	81
PID 4936 wrote to memory of 1316	4936	8ac93dc76c6425ebdecefd0527c0adb36db99521d1afb46e50cd32a3649fefa0.exe	82
PID 4936 wrote to memory of 1316	4936	8ac93dc76c6425ebdecefd0527c0adb36db99521d1afb46e50cd32a3649fefa0.exe	82
PID 4936 wrote to memory of 1316	4936	8ac93dc76c6425ebdecefd0527c0adb36db99521d1afb46e50cd32a3649fefa0.exe	82
PID 4936 wrote to memory of 3980	4936	8ac93dc76c6425ebdecefd0527c0adb36db99521d1afb46e50cd32a3649fefa0.exe	83
PID 4936 wrote to memory of 3980	4936	8ac93dc76c6425ebdecefd0527c0adb36db99521d1afb46e50cd32a3649fefa0.exe	83
PID 4936 wrote to memory of 3980	4936	8ac93dc76c6425ebdecefd0527c0adb36db99521d1afb46e50cd32a3649fefa0.exe	83

C:\Users\Admin\AppData\Local\Temp\8ac93dc76c6425ebdecefd0527c0adb36db99521d1afb46e50cd32a3649fefa0.exe
"C:\Users\Admin\AppData\Local\Temp\8ac93dc76c6425ebdecefd0527c0adb36db99521d1afb46e50cd32a3649fefa0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Users\Admin\AppData\Local\Temp\sy1.exe
  C:\Users\Admin\AppData\Local\Temp\sy1.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Users\Admin\AppData\Local\Temp\sy2.exe
  C:\Users\Admin\AppData\Local\Temp\sy2.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ds.bat
  2⤵
  PID:3980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ds.bat

Filesize
230B

MD5
f444747e3975cadd41c9454334f8a39d

SHA1
6ee7133329f9767e26e29bdb7452de85bb4e1d12

SHA256
e1fd696b6b27790a892627d3f2cb0850f6effd8eddd25f99a4efb111fc21c59a

SHA512
a5f243e2caec2153945a30876a0e836b2d4b6f22c3829bb8b6eeb8adbbb498818490e54c93c32b75e74c57a1cc4d946eb6ec1b6382d78c7f3cd7cb3d46ada4fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\sy1.exe

Filesize
303KB

MD5
e0851f653d505accf5665b2838483392

SHA1
0524b862c95b2163098abc424a955a98e712abbd

SHA256
08a22068b4f70051629ca2ac1140b8ec7d51b18520205c357917b26c3de3ac18

SHA512
581005c135d9cade102252c07110cd02fc2ad803f6bac47712ce1b30eaca636c3f2c38d074c3891a43932df214a330313ec0eb5e07d104b1ada8b84c3338d6be

Download Submit
C:\Users\Admin\AppData\Local\Temp\sy1.exe

Filesize
303KB

MD5
e0851f653d505accf5665b2838483392

SHA1
0524b862c95b2163098abc424a955a98e712abbd

SHA256
08a22068b4f70051629ca2ac1140b8ec7d51b18520205c357917b26c3de3ac18

SHA512
581005c135d9cade102252c07110cd02fc2ad803f6bac47712ce1b30eaca636c3f2c38d074c3891a43932df214a330313ec0eb5e07d104b1ada8b84c3338d6be

Download Submit
C:\Users\Admin\AppData\Local\Temp\sy2.exe

Filesize
166KB

MD5
859fc686ad0556742fc24b9392ebce38

SHA1
f77d98382a380297f874fe75f754f45bb4efe5b2

SHA256
057b53dbe5f4d6d24228029fd745b78860f596bdee2833edea732e82e5a7b333

SHA512
1ef2824e80949f4a618194905384d94e2e68a350ba9e5d37ee735831a47e9b69d3135a6527f654da386a36e13f59d4ce5609006be35ca9a8feb85e13651c6be7

Download Submit
C:\Users\Admin\AppData\Local\Temp\sy2.exe

Filesize
166KB

MD5
859fc686ad0556742fc24b9392ebce38

SHA1
f77d98382a380297f874fe75f754f45bb4efe5b2

SHA256
057b53dbe5f4d6d24228029fd745b78860f596bdee2833edea732e82e5a7b333

SHA512
1ef2824e80949f4a618194905384d94e2e68a350ba9e5d37ee735831a47e9b69d3135a6527f654da386a36e13f59d4ce5609006be35ca9a8feb85e13651c6be7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads