fdffaee438a34b12c3ad1426a8c3dbcaa5649734868c68a785ed36f3c45c1e20

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdffaee438a34b12c3ad1426a8c3dbcaa5649734868c68a785ed36f3c45c1e20.exe
Size

2.4MB
MD5

1af6299e2caa0527d8120c7a963b6654
SHA1

be75093a4ebba211f8a183c8b2759d8cbd33622f
SHA256

fdffaee438a34b12c3ad1426a8c3dbcaa5649734868c68a785ed36f3c45c1e20
SHA512

7f53274b341a6262269f746463b3fd512a186ef178b2e3435166b39347f4456d469f49dbfa2cb83043515c665ef559e91afa2112840fd39ae1a1949cfa1c081a
SSDEEP

24576:cuUTmNOrDY84Dt/XdYzBdu+CNIK2wad3Jd8Jyn7Z7JzC8DsHoMTMtbixxH0GP+CV:cUN849wxy3UfhqYOlDMv6

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x0008000000013382-56.dat	aspack_v212_v242
behavioral1/files/0x0008000000013382-57.dat	aspack_v212_v242
behavioral1/files/0x0008000000013382-59.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
1964	6c713b.exe

Loads dropped DLL 2 IoCs

pid	Process
1452	fdffaee438a34b12c3ad1426a8c3dbcaa5649734868c68a785ed36f3c45c1e20.exe
1452	fdffaee438a34b12c3ad1426a8c3dbcaa5649734868c68a785ed36f3c45c1e20.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1964	6c713b.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1964	6c713b.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1452	fdffaee438a34b12c3ad1426a8c3dbcaa5649734868c68a785ed36f3c45c1e20.exe
1452	fdffaee438a34b12c3ad1426a8c3dbcaa5649734868c68a785ed36f3c45c1e20.exe
1964	6c713b.exe
1964	6c713b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 1964	1452	fdffaee438a34b12c3ad1426a8c3dbcaa5649734868c68a785ed36f3c45c1e20.exe	26
PID 1452 wrote to memory of 1964	1452	fdffaee438a34b12c3ad1426a8c3dbcaa5649734868c68a785ed36f3c45c1e20.exe	26
PID 1452 wrote to memory of 1964	1452	fdffaee438a34b12c3ad1426a8c3dbcaa5649734868c68a785ed36f3c45c1e20.exe	26
PID 1452 wrote to memory of 1964	1452	fdffaee438a34b12c3ad1426a8c3dbcaa5649734868c68a785ed36f3c45c1e20.exe	26

C:\Users\Admin\AppData\Local\Temp\fdffaee438a34b12c3ad1426a8c3dbcaa5649734868c68a785ed36f3c45c1e20.exe
"C:\Users\Admin\AppData\Local\Temp\fdffaee438a34b12c3ad1426a8c3dbcaa5649734868c68a785ed36f3c45c1e20.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6c713b.exe
  C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6c713b.exe 7106890
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6c713b.exe

Filesize
2.4MB

MD5
e347d2fab0dd266212f5333d6f1ebc00

SHA1
55bec7d957761a73d6d126f89de8ea892f3aa4ca

SHA256
922bb3281b6e293ffa99be952c0a1418d77bd55b7787a82fec37f67bc7e9fa57

SHA512
f5224a7a071ef572882e50ccbf490e50bd7654cd44df7f854ff5fae945722da0536398d7db990999a11a0bcb6bd06701a9408e99e43b8f5d7241c7ec4f570c77

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6c713b.exe

Filesize
2.4MB

MD5
e347d2fab0dd266212f5333d6f1ebc00

SHA1
55bec7d957761a73d6d126f89de8ea892f3aa4ca

SHA256
922bb3281b6e293ffa99be952c0a1418d77bd55b7787a82fec37f67bc7e9fa57

SHA512
f5224a7a071ef572882e50ccbf490e50bd7654cd44df7f854ff5fae945722da0536398d7db990999a11a0bcb6bd06701a9408e99e43b8f5d7241c7ec4f570c77

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6c713b.exe

Filesize
2.4MB

MD5
e347d2fab0dd266212f5333d6f1ebc00

SHA1
55bec7d957761a73d6d126f89de8ea892f3aa4ca

SHA256
922bb3281b6e293ffa99be952c0a1418d77bd55b7787a82fec37f67bc7e9fa57

SHA512
f5224a7a071ef572882e50ccbf490e50bd7654cd44df7f854ff5fae945722da0536398d7db990999a11a0bcb6bd06701a9408e99e43b8f5d7241c7ec4f570c77

Download Submit
memory/1452-54-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download
memory/1452-55-0x0000000075041000-0x0000000075043000-memory.dmp

Filesize
8KB

Download
memory/1452-61-0x00000000024A0000-0x0000000002767000-memory.dmp

Filesize
2.8MB

Download
memory/1452-62-0x00000000024A0000-0x0000000002767000-memory.dmp

Filesize
2.8MB

Download
memory/1452-64-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download
memory/1964-63-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download
memory/1964-65-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download