ee30a8204ff7096221cf79b0f54fadcfbb5a839071d675c5db7e87d9b1e2f373

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 16:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ee30a8204ff7096221cf79b0f54fadcfbb5a839071d675c5db7e87d9b1e2f373.exe
Size

2.4MB
MD5

0006673117c6fa60580c941259db6251
SHA1

997f491fdc1a8d4a3fb40adab974dbe8da65251b
SHA256

ee30a8204ff7096221cf79b0f54fadcfbb5a839071d675c5db7e87d9b1e2f373
SHA512

19f8efbc8f1c7dbacfd7fd48606816f67071d9883f7b71c7dec12f7be7d902390cc531fa2974948573d728a6224941200ffa113e390135a3294ae3b0503381de
SSDEEP

24576:cuUTmNOrDY84Dt/XdYzBdu+CNIK2wad3Jd8Jyn7Z7JzC8DsHoMTMtbixxH0GP+CO:cUN849wxy3UfhqYOlDMvZ

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x00090000000122fa-56.dat	aspack_v212_v242
behavioral1/files/0x00090000000122fa-59.dat	aspack_v212_v242
behavioral1/files/0x00090000000122fa-57.dat	aspack_v212_v242
behavioral1/files/0x00090000000122fa-61.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
1212	6bf27a.exe

Loads dropped DLL 2 IoCs

pid	Process
1096	ee30a8204ff7096221cf79b0f54fadcfbb5a839071d675c5db7e87d9b1e2f373.exe
1096	ee30a8204ff7096221cf79b0f54fadcfbb5a839071d675c5db7e87d9b1e2f373.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1212	6bf27a.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1212	6bf27a.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1096	ee30a8204ff7096221cf79b0f54fadcfbb5a839071d675c5db7e87d9b1e2f373.exe
1096	ee30a8204ff7096221cf79b0f54fadcfbb5a839071d675c5db7e87d9b1e2f373.exe
1212	6bf27a.exe
1212	6bf27a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 1212	1096	ee30a8204ff7096221cf79b0f54fadcfbb5a839071d675c5db7e87d9b1e2f373.exe	28
PID 1096 wrote to memory of 1212	1096	ee30a8204ff7096221cf79b0f54fadcfbb5a839071d675c5db7e87d9b1e2f373.exe	28
PID 1096 wrote to memory of 1212	1096	ee30a8204ff7096221cf79b0f54fadcfbb5a839071d675c5db7e87d9b1e2f373.exe	28
PID 1096 wrote to memory of 1212	1096	ee30a8204ff7096221cf79b0f54fadcfbb5a839071d675c5db7e87d9b1e2f373.exe	28

C:\Users\Admin\AppData\Local\Temp\ee30a8204ff7096221cf79b0f54fadcfbb5a839071d675c5db7e87d9b1e2f373.exe
"C:\Users\Admin\AppData\Local\Temp\ee30a8204ff7096221cf79b0f54fadcfbb5a839071d675c5db7e87d9b1e2f373.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6bf27a.exe
  C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6bf27a.exe 7074458
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6bf27a.exe

Filesize
2.4MB

MD5
571e2f6e60ac622fe5e0e32a2eec553e

SHA1
37e84ecfc50b1cc84dd66581e1a52fd404d04a4a

SHA256
0dae56b95243104b190179487023abe49da5a338ab1817e01df63d5c08eae907

SHA512
ce116f2c27fd7330c27d8bc3cce4560f5797deb4c708668c3eb3a4bb206f5753d528e3654ea80a03055069f53fdc873c87c816316f852a6b3106abd7b80d78f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6bf27a.exe

Filesize
2.4MB

MD5
571e2f6e60ac622fe5e0e32a2eec553e

SHA1
37e84ecfc50b1cc84dd66581e1a52fd404d04a4a

SHA256
0dae56b95243104b190179487023abe49da5a338ab1817e01df63d5c08eae907

SHA512
ce116f2c27fd7330c27d8bc3cce4560f5797deb4c708668c3eb3a4bb206f5753d528e3654ea80a03055069f53fdc873c87c816316f852a6b3106abd7b80d78f0

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6bf27a.exe

Filesize
2.4MB

MD5
571e2f6e60ac622fe5e0e32a2eec553e

SHA1
37e84ecfc50b1cc84dd66581e1a52fd404d04a4a

SHA256
0dae56b95243104b190179487023abe49da5a338ab1817e01df63d5c08eae907

SHA512
ce116f2c27fd7330c27d8bc3cce4560f5797deb4c708668c3eb3a4bb206f5753d528e3654ea80a03055069f53fdc873c87c816316f852a6b3106abd7b80d78f0

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6bf27a.exe

Filesize
2.4MB

MD5
571e2f6e60ac622fe5e0e32a2eec553e

SHA1
37e84ecfc50b1cc84dd66581e1a52fd404d04a4a

SHA256
0dae56b95243104b190179487023abe49da5a338ab1817e01df63d5c08eae907

SHA512
ce116f2c27fd7330c27d8bc3cce4560f5797deb4c708668c3eb3a4bb206f5753d528e3654ea80a03055069f53fdc873c87c816316f852a6b3106abd7b80d78f0

Download Submit
memory/1096-55-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download
memory/1096-54-0x0000000075211000-0x0000000075213000-memory.dmp

Filesize
8KB

Download
memory/1096-62-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download
memory/1212-63-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download
memory/1212-64-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download