Overview

overview

8

Static

static

8

89f90529cc...9e.exe

windows7-x64

3

89f90529cc...9e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    185s
  • max time network
    195s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 05:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    89f90529ccbdb45d89149dec5f889676b390ff92c5797347f4df38c1fcf79a9e.exe

  • Size

    128KB

  • MD5

    8dd13c211f10d02fe4ae569f83f1f53e

  • SHA1

    02502084bf6eecda8a5d6c111049f8ce6d30f15b

  • SHA256

    89f90529ccbdb45d89149dec5f889676b390ff92c5797347f4df38c1fcf79a9e

  • SHA512

    95f6ad709bd7a963b5527b40925c1aa92c7f0e738b9a9a4f9fed64c89121dd4efbf07c615494314ab1227a25de34daf86fd61ea8c489f407da13b1c366b00763

  • SSDEEP

    3072:t9MFwWCekB/iJX/Xo6mNdVLUvUgk4xmxA83DI6:XrpuXSdVQsgk4gxA8l

Score
8/10
aspackv2persistence

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:2744
      • C:\Users\Admin\AppData\Local\Temp\89f90529ccbdb45d89149dec5f889676b390ff92c5797347f4df38c1fcf79a9e.exe
        "C:\Users\Admin\AppData\Local\Temp\89f90529ccbdb45d89149dec5f889676b390ff92c5797347f4df38c1fcf79a9e.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1400
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 472
          3⤵
          • Program crash
          PID:1996
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1400 -ip 1400
      1⤵
        PID:1116

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Windows\SysWOW64\post0.dll
              Filesize

              87KB

              MD5

              e76552523760e6ba3ceb98e77cba5c87

              SHA1

              f65bd1daadff939be4ace16b629c472a591ebba0

              SHA256

              cdf35f214ccb97ae6f3e98921fd89ff59158416d2c3a6b48ad17b2a5c492c5e8

              SHA512

              cb0edc6875b821c16b73adb1fdd69fd340d883d68f38231a9a92837d7accf08476f655ea4c0dfef5525e80c9df069fdf68bce7276e8bae9433aa05cd751211d4

              Download Submit

            • memory/1400-132-0x0000000000400000-0x0000000000487000-memory.dmp

              Filesize

              540KB

              Download

            • memory/1400-134-0x0000000010000000-0x0000000010086000-memory.dmp

              Filesize

              536KB

              Download

            • memory/1400-135-0x0000000000400000-0x0000000000487000-memory.dmp

              Filesize

              540KB

              Download