a844e5860389b87e60a565b323f9d9169f9da830b86511a915c60138216bf7ed | Triage

Submit
Reports

Overview

overview

9

Static

static

1

a844e58603...ed.exe

windows7-x64

9

a844e58603...ed.exe

windows10-2004-x64

9

Sharing

General

Target

a844e5860389b87e60a565b323f9d9169f9da830b86511a915c60138216bf7ed
Size

1.3MB
Sample

221129-jcg8cacb61
MD5

1d65a944e60eac80a076eecc7d222555
SHA1

0187abaf44d48599790bc0a64f2d5744d381a617
SHA256

a844e5860389b87e60a565b323f9d9169f9da830b86511a915c60138216bf7ed
SHA512

fc1d6e7e3861714c65138235363d43dbabbf666d06aa64385ee535297f1760eed48fb2874d1b8f249d97f2fb3bb4c121c429de26416692b8674235e55d800193
SSDEEP

24576:olaw7r+jVcpnMbWuRvI9ZnGJnLy4AwwWMsTr09L3hyqDtTk4E:osSpMbNRQ9UJG4AwZybhyqDJFE

Score

9^/10

aspackv2 persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a844e5860389b87e60a565b323f9d9169f9da830b86511a915c60138216bf7ed.exe

Resource

win7-20220812-en

aspackv2 persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a844e5860389b87e60a565b323f9d9169f9da830b86511a915c60138216bf7ed.exe

Resource

win10v2004-20220812-en

aspackv2 persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  a844e5860389b87e60a565b323f9d9169f9da830b86511a915c60138216bf7ed
- Size
  
  1.3MB
- MD5
  
  1d65a944e60eac80a076eecc7d222555
- SHA1
  
  0187abaf44d48599790bc0a64f2d5744d381a617
- SHA256
  
  a844e5860389b87e60a565b323f9d9169f9da830b86511a915c60138216bf7ed
- SHA512
  
  fc1d6e7e3861714c65138235363d43dbabbf666d06aa64385ee535297f1760eed48fb2874d1b8f249d97f2fb3bb4c121c429de26416692b8674235e55d800193
- SSDEEP
  
  24576:olaw7r+jVcpnMbWuRvI9ZnGJnLy4AwwWMsTr09L3hyqDtTk4E:osSpMbNRQ9UJG4AwZybhyqDJFE
Score

9^/10

aspackv2 persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy