c68517612314284756b0a16dae19002b126a4e88d03a4d1a2e1ede75aa09a17e | Triage

Submit
Reports

Overview

overview

Static

static

8

c685176123...7e.exe

windows7-x64

c685176123...7e.exe

windows10-2004-x64

Sharing

General

Target

c68517612314284756b0a16dae19002b126a4e88d03a4d1a2e1ede75aa09a17e
Size

183KB
Sample

221129-jzxljsba69
MD5

780c3616ca3d0c6853f006a2fff09dd4
SHA1

c1a7c4d0d1521fbcac532eb652645d8851d12dbd
SHA256

c68517612314284756b0a16dae19002b126a4e88d03a4d1a2e1ede75aa09a17e
SHA512

6eab73b3938929fb724482604fef4f58196eea9014538c6ad9bc834080982e73f8329911f726e30c78e61312d879bab8b97e9374b4b1928058df460df85a139c
SSDEEP

3072:rimsXXK9HRTOeriRfP6pXfSb0dspqc5oY0htVFAHT11Ual21Cxcs0HKAH057kyJx:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HWL

Score

10^/10

aspackv2 persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c68517612314284756b0a16dae19002b126a4e88d03a4d1a2e1ede75aa09a17e.exe

Resource

win7-20220812-en

aspackv2 persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c68517612314284756b0a16dae19002b126a4e88d03a4d1a2e1ede75aa09a17e.exe

Resource

win10v2004-20220812-en

aspackv2 persistence

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  c68517612314284756b0a16dae19002b126a4e88d03a4d1a2e1ede75aa09a17e
- Size
  
  183KB
- MD5
  
  780c3616ca3d0c6853f006a2fff09dd4
- SHA1
  
  c1a7c4d0d1521fbcac532eb652645d8851d12dbd
- SHA256
  
  c68517612314284756b0a16dae19002b126a4e88d03a4d1a2e1ede75aa09a17e
- SHA512
  
  6eab73b3938929fb724482604fef4f58196eea9014538c6ad9bc834080982e73f8329911f726e30c78e61312d879bab8b97e9374b4b1928058df460df85a139c
- SSDEEP
  
  3072:rimsXXK9HRTOeriRfP6pXfSb0dspqc5oY0htVFAHT11Ual21Cxcs0HKAH057kyJx:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HWL
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy