a502c953caa76c6b309aef293b4d4f5b78e2ecf5b72a4dd196a0abf8875b48ad

Analysis

max time kernel
39s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 16:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a502c953caa76c6b309aef293b4d4f5b78e2ecf5b72a4dd196a0abf8875b48ad.exe
Size

2.4MB
MD5

06905c43b1117a9eed829916e6827aa6
SHA1

5090a6ff8f6371538c4bc173d0bfbd894edae85c
SHA256

a502c953caa76c6b309aef293b4d4f5b78e2ecf5b72a4dd196a0abf8875b48ad
SHA512

0f674734ec0f700dc82d1b0c8d32d778e5434ae5abf4eb207a45bcf20602e771f82345b366fba12e9aa42fb4d3371b166b0ccbef21339d79683232eff134bbbd
SSDEEP

24576:cuUTmNOrDY84Dt/XdYzBdu+CNIK2wad3Jd8Jyn7Z7JzC8DsHoMTMtbixxH0GP+Cr:cUN849wxy3UfhqYOlDMvA

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x00090000000122bd-56.dat	aspack_v212_v242
behavioral1/files/0x00090000000122bd-57.dat	aspack_v212_v242
behavioral1/files/0x00090000000122bd-59.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
1392	6c31cb.exe

Loads dropped DLL 2 IoCs

pid	Process
1476	a502c953caa76c6b309aef293b4d4f5b78e2ecf5b72a4dd196a0abf8875b48ad.exe
1476	a502c953caa76c6b309aef293b4d4f5b78e2ecf5b72a4dd196a0abf8875b48ad.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1392	6c31cb.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1392	6c31cb.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1476	a502c953caa76c6b309aef293b4d4f5b78e2ecf5b72a4dd196a0abf8875b48ad.exe
1476	a502c953caa76c6b309aef293b4d4f5b78e2ecf5b72a4dd196a0abf8875b48ad.exe
1392	6c31cb.exe
1392	6c31cb.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 1392	1476	a502c953caa76c6b309aef293b4d4f5b78e2ecf5b72a4dd196a0abf8875b48ad.exe	27
PID 1476 wrote to memory of 1392	1476	a502c953caa76c6b309aef293b4d4f5b78e2ecf5b72a4dd196a0abf8875b48ad.exe	27
PID 1476 wrote to memory of 1392	1476	a502c953caa76c6b309aef293b4d4f5b78e2ecf5b72a4dd196a0abf8875b48ad.exe	27
PID 1476 wrote to memory of 1392	1476	a502c953caa76c6b309aef293b4d4f5b78e2ecf5b72a4dd196a0abf8875b48ad.exe	27

C:\Users\Admin\AppData\Local\Temp\a502c953caa76c6b309aef293b4d4f5b78e2ecf5b72a4dd196a0abf8875b48ad.exe
"C:\Users\Admin\AppData\Local\Temp\a502c953caa76c6b309aef293b4d4f5b78e2ecf5b72a4dd196a0abf8875b48ad.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6c31cb.exe
  C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6c31cb.exe 7090978
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6c31cb.exe

Filesize
2.4MB

MD5
2456b957dedc0676a671e22d3342d32a

SHA1
486a8b9738dbefa3c9103721f338b994d674196b

SHA256
bc9febae3a8ed563da395f08cc6c424371fb2fff05004907178cdc40266688aa

SHA512
456bc551a45fc7e1ec79f5850b30f5d28233871c9cb037f7ccb0bb102bea848718343f32eb02e5bff61209aea891b3fb979abbcf2f3dfcc3058b36f32f03859a

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6c31cb.exe

Filesize
2.4MB

MD5
2456b957dedc0676a671e22d3342d32a

SHA1
486a8b9738dbefa3c9103721f338b994d674196b

SHA256
bc9febae3a8ed563da395f08cc6c424371fb2fff05004907178cdc40266688aa

SHA512
456bc551a45fc7e1ec79f5850b30f5d28233871c9cb037f7ccb0bb102bea848718343f32eb02e5bff61209aea891b3fb979abbcf2f3dfcc3058b36f32f03859a

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6c31cb.exe

Filesize
2.4MB

MD5
2456b957dedc0676a671e22d3342d32a

SHA1
486a8b9738dbefa3c9103721f338b994d674196b

SHA256
bc9febae3a8ed563da395f08cc6c424371fb2fff05004907178cdc40266688aa

SHA512
456bc551a45fc7e1ec79f5850b30f5d28233871c9cb037f7ccb0bb102bea848718343f32eb02e5bff61209aea891b3fb979abbcf2f3dfcc3058b36f32f03859a

Download Submit
memory/1392-62-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download
memory/1392-63-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download
memory/1476-54-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download
memory/1476-55-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download
memory/1476-61-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download