a438add2f0609d81dcae0e4cb18581aa1ab0a8dd006e17f9047c8750605c522a | Triage

Submit
Reports

Overview

overview

Static

static

8

a438add2f0...2a.exe

windows7-x64

a438add2f0...2a.exe

windows10-2004-x64

Sharing

General

Target

a438add2f0609d81dcae0e4cb18581aa1ab0a8dd006e17f9047c8750605c522a
Size

188KB
Sample

221129-jz3skaba82
MD5

0e70e25d265e5a926a49089a0c3c9878
SHA1

109b81d500e34bcb8460274212d15fb9c97d01a3
SHA256

a438add2f0609d81dcae0e4cb18581aa1ab0a8dd006e17f9047c8750605c522a
SHA512

ea12de35c7e697d3c2a1d8a2c39efa122fdc8276c4fe82a292c17a61608d23a4055df07877f758fb87b2e03f359632076b6bfed73a901e8237deda1026231441
SSDEEP

3072:rimsXXK9HRTOeriRfP6pXfSb0dspqc5oY0htVFAHT11Ual21Cxcs0HKAH057kyJ4:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HWq

Score

10^/10

aspackv2 persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a438add2f0609d81dcae0e4cb18581aa1ab0a8dd006e17f9047c8750605c522a.exe

Resource

win7-20221111-en

aspackv2 persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

a438add2f0609d81dcae0e4cb18581aa1ab0a8dd006e17f9047c8750605c522a.exe

Resource

win10v2004-20220812-en

aspackv2 persistence

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  a438add2f0609d81dcae0e4cb18581aa1ab0a8dd006e17f9047c8750605c522a
- Size
  
  188KB
- MD5
  
  0e70e25d265e5a926a49089a0c3c9878
- SHA1
  
  109b81d500e34bcb8460274212d15fb9c97d01a3
- SHA256
  
  a438add2f0609d81dcae0e4cb18581aa1ab0a8dd006e17f9047c8750605c522a
- SHA512
  
  ea12de35c7e697d3c2a1d8a2c39efa122fdc8276c4fe82a292c17a61608d23a4055df07877f758fb87b2e03f359632076b6bfed73a901e8237deda1026231441
- SSDEEP
  
  3072:rimsXXK9HRTOeriRfP6pXfSb0dspqc5oY0htVFAHT11Ual21Cxcs0HKAH057kyJ4:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HWq
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy