efcf41bf62412bec388f985381f7a486914a2ed5bf7baab584d4a9c13ddf4d77

Analysis

max time kernel
29s
max time network
36s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efcf41bf62412bec388f985381f7a486914a2ed5bf7baab584d4a9c13ddf4d77.exe
Size

2.4MB
MD5

1531d8d691c6196db14015778ca9e94d
SHA1

845c0343d09838b4ffffceae7699c21a0c358cfe
SHA256

efcf41bf62412bec388f985381f7a486914a2ed5bf7baab584d4a9c13ddf4d77
SHA512

762c96d7cdd19a902983bf847dfd9433d6bca64717c2f53eb0fb8a30f5c4bbcdae3a87be2b5fe3a4d54bdc647db61a2644190aaa0423643618592993e9fa26fa
SSDEEP

24576:cuUTmNOrDY84Dt/XdYzBdu+CNIK2wad3Jd8Jyn7Z7JzC8DsHoMTMtbixxH0GP+Ck:cUN849wxy3UfhqYOlDMvv

Score

8^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x00070000000139f4-55.dat	aspack_v212_v242
behavioral1/files/0x00070000000139f4-56.dat	aspack_v212_v242
behavioral1/files/0x00070000000139f4-58.dat	aspack_v212_v242
behavioral1/files/0x00070000000139f4-63.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
1216	6cbbc2.exe

Loads dropped DLL 2 IoCs

pid	Process
1792	efcf41bf62412bec388f985381f7a486914a2ed5bf7baab584d4a9c13ddf4d77.exe
1792	efcf41bf62412bec388f985381f7a486914a2ed5bf7baab584d4a9c13ddf4d77.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1216	6cbbc2.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1216	6cbbc2.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1792	efcf41bf62412bec388f985381f7a486914a2ed5bf7baab584d4a9c13ddf4d77.exe
1792	efcf41bf62412bec388f985381f7a486914a2ed5bf7baab584d4a9c13ddf4d77.exe
1216	6cbbc2.exe
1216	6cbbc2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 1216	1792	efcf41bf62412bec388f985381f7a486914a2ed5bf7baab584d4a9c13ddf4d77.exe	28
PID 1792 wrote to memory of 1216	1792	efcf41bf62412bec388f985381f7a486914a2ed5bf7baab584d4a9c13ddf4d77.exe	28
PID 1792 wrote to memory of 1216	1792	efcf41bf62412bec388f985381f7a486914a2ed5bf7baab584d4a9c13ddf4d77.exe	28
PID 1792 wrote to memory of 1216	1792	efcf41bf62412bec388f985381f7a486914a2ed5bf7baab584d4a9c13ddf4d77.exe	28

C:\Users\Admin\AppData\Local\Temp\efcf41bf62412bec388f985381f7a486914a2ed5bf7baab584d4a9c13ddf4d77.exe
"C:\Users\Admin\AppData\Local\Temp\efcf41bf62412bec388f985381f7a486914a2ed5bf7baab584d4a9c13ddf4d77.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6cbbc2.exe
  C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6cbbc2.exe 7125969
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6cbbc2.exe

Filesize
2.4MB

MD5
28a69bb65f09c54a4c374e14799d073e

SHA1
e1e825bb66f51addc4b81ecb5a73f285012366ab

SHA256
0499f32ed94ed945fa164c6c3791e3cdf0adcd2a990c12e4ed870ca49d3bd5be

SHA512
88c0b113e7bf8d6825acffb540824d3348ef2d7f9d79938364c42ee2205cbf3ec2750d37aee5b93d0f0d17f93c5776b85816b3c0fd254fa5d3a27f0994e442da

Download Submit
C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6cbbc2.exe

Filesize
2.4MB

MD5
28a69bb65f09c54a4c374e14799d073e

SHA1
e1e825bb66f51addc4b81ecb5a73f285012366ab

SHA256
0499f32ed94ed945fa164c6c3791e3cdf0adcd2a990c12e4ed870ca49d3bd5be

SHA512
88c0b113e7bf8d6825acffb540824d3348ef2d7f9d79938364c42ee2205cbf3ec2750d37aee5b93d0f0d17f93c5776b85816b3c0fd254fa5d3a27f0994e442da

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6cbbc2.exe

Filesize
2.4MB

MD5
28a69bb65f09c54a4c374e14799d073e

SHA1
e1e825bb66f51addc4b81ecb5a73f285012366ab

SHA256
0499f32ed94ed945fa164c6c3791e3cdf0adcd2a990c12e4ed870ca49d3bd5be

SHA512
88c0b113e7bf8d6825acffb540824d3348ef2d7f9d79938364c42ee2205cbf3ec2750d37aee5b93d0f0d17f93c5776b85816b3c0fd254fa5d3a27f0994e442da

Download Submit
\Users\Admin\AppData\Local\Temp\ÅäÖÃ\6cbbc2.exe

Filesize
2.4MB

MD5
28a69bb65f09c54a4c374e14799d073e

SHA1
e1e825bb66f51addc4b81ecb5a73f285012366ab

SHA256
0499f32ed94ed945fa164c6c3791e3cdf0adcd2a990c12e4ed870ca49d3bd5be

SHA512
88c0b113e7bf8d6825acffb540824d3348ef2d7f9d79938364c42ee2205cbf3ec2750d37aee5b93d0f0d17f93c5776b85816b3c0fd254fa5d3a27f0994e442da

Download Submit
memory/1216-62-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download
memory/1216-65-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download
memory/1792-54-0x00000000760A1000-0x00000000760A3000-memory.dmp

Filesize
8KB

Download
memory/1792-60-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download
memory/1792-61-0x0000000002450000-0x0000000002717000-memory.dmp

Filesize
2.8MB

Download
memory/1792-64-0x0000000000400000-0x00000000006C6028-memory.dmp

Filesize
2.8MB

Download