aa0e3e97575ff281fdf0126f71880a10102f67d6f8ac67c23697e01b375c1ff0

Analysis

max time kernel
43s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 16:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa0e3e97575ff281fdf0126f71880a10102f67d6f8ac67c23697e01b375c1ff0.exe
Size

2.4MB
MD5

11f1a78117c2ac18abcc172e94bf10ca
SHA1

b56f992bb960b169809c8ef5edf9a06781f6c85d
SHA256

aa0e3e97575ff281fdf0126f71880a10102f67d6f8ac67c23697e01b375c1ff0
SHA512

0c83498e9490a8538659a72d68d6f33a041884dbabf530b363146b8e42cb5ffaf1947dbd6a223d6f37e28a502b3d2fc0d740ea5bad10b85a6c01da5c4d82971e
SSDEEP

24576:cuUTmNOrDY84Dt/XdYzBdu+CNIK2wad3Jd8Jyn7Z7JzC8DsHoMTMtbixxH0GP+Cc:cUN849wxy3UfhqYOlDMvX

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x00060000000149b7-55.dat	aspack_v212_v242
behavioral1/files/0x00060000000149b7-56.dat	aspack_v212_v242
behavioral1/files/0x00060000000149b7-58.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
1380	6c5986.exe

Loads dropped DLL 2 IoCs

pid	Process
908	aa0e3e97575ff281fdf0126f71880a10102f67d6f8ac67c23697e01b375c1ff0.exe
908	aa0e3e97575ff281fdf0126f71880a10102f67d6f8ac67c23697e01b375c1ff0.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1380	6c5986.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1380	6c5986.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
908	aa0e3e97575ff281fdf0126f71880a10102f67d6f8ac67c23697e01b375c1ff0.exe
908	aa0e3e97575ff281fdf0126f71880a10102f67d6f8ac67c23697e01b375c1ff0.exe
1380	6c5986.exe
1380	6c5986.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 908 wrote to memory of 1380	908	aa0e3e97575ff281fdf0126f71880a10102f67d6f8ac67c23697e01b375c1ff0.exe	27
PID 908 wrote to memory of 1380	908	aa0e3e97575ff281fdf0126f71880a10102f67d6f8ac67c23697e01b375c1ff0.exe	27
PID 908 wrote to memory of 1380	908	aa0e3e97575ff281fdf0126f71880a10102f67d6f8ac67c23697e01b375c1ff0.exe	27
PID 908 wrote to memory of 1380	908	aa0e3e97575ff281fdf0126f71880a10102f67d6f8ac67c23697e01b375c1ff0.exe	27

C:\Users\Admin\AppData\Local\Temp\aa0e3e97575ff281fdf0126f71880a10102f67d6f8ac67c23697e01b375c1ff0.exe
"C:\Users\Admin\AppData\Local\Temp\aa0e3e97575ff281fdf0126f71880a10102f67d6f8ac67c23697e01b375c1ff0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:908
- C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6c5986.exe
  C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6c5986.exe 7100822
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6c5986.exe

Filesize
2.4MB

MD5
069d421acdcba2104b237f4c55d102c2

SHA1
04c957413a3968e88e41dd29f371751649d5ef7c

SHA256
0a4125ca930966b76b0ffe663ccb611c19d91cb601d377b4a8faf7a8a57fb815

SHA512
e07e8f61cb7f2c8f3b67216185206dd3f5ef2914b72c90d58bbd5151966944f2a900b8454453cb926b235f9f8d5c6c2420cca663dd1e11af0bcd0ae9bcd75536

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6c5986.exe

Filesize
2.4MB

MD5
069d421acdcba2104b237f4c55d102c2

SHA1
04c957413a3968e88e41dd29f371751649d5ef7c

SHA256
0a4125ca930966b76b0ffe663ccb611c19d91cb601d377b4a8faf7a8a57fb815

SHA512
e07e8f61cb7f2c8f3b67216185206dd3f5ef2914b72c90d58bbd5151966944f2a900b8454453cb926b235f9f8d5c6c2420cca663dd1e11af0bcd0ae9bcd75536

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6c5986.exe

Filesize
2.4MB

MD5
069d421acdcba2104b237f4c55d102c2

SHA1
04c957413a3968e88e41dd29f371751649d5ef7c

SHA256
0a4125ca930966b76b0ffe663ccb611c19d91cb601d377b4a8faf7a8a57fb815

SHA512
e07e8f61cb7f2c8f3b67216185206dd3f5ef2914b72c90d58bbd5151966944f2a900b8454453cb926b235f9f8d5c6c2420cca663dd1e11af0bcd0ae9bcd75536

Download Submit
memory/908-54-0x0000000075021000-0x0000000075023000-memory.dmp

Filesize
8KB

Download
memory/908-60-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download
memory/1380-61-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download
memory/1380-62-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download