Overview

overview

8

Static

static

8

ef81017f88...f1.exe

windows7-x64

8

ef81017f88...f1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    190s
  • max time network
    247s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2022 22:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ef81017f88896181aabd1b7235d356740688793224395b44755f401e7726e4f1.exe

  • Size

    2.4MB

  • MD5

    0cb9c475173a60e8bb414a3e168a83c0

  • SHA1

    6b2583e24809820ddf38d702161cfa3e257b607c

  • SHA256

    ef81017f88896181aabd1b7235d356740688793224395b44755f401e7726e4f1

  • SHA512

    213a58ef19201bef60cd4ee32348c35e96180ef7d87ee18d9c25c11fc74110a28f7ca270d695f7d74ee485f2a81bcd727f06a2a92e788f6a3da14e94fc161432

  • SSDEEP

    24576:cuUTmNOrDY84Dt/XdYzBdu+CNIK2wad3Jd8Jyn7Z7JzC8DsHoMTMtbixxH0GP+CW:cUN849wxy3UfhqYOlDMvh

Score
8/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ef81017f88896181aabd1b7235d356740688793224395b44755f401e7726e4f1.exe
    "C:\Users\Admin\AppData\Local\Temp\ef81017f88896181aabd1b7235d356740688793224395b44755f401e7726e4f1.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e57d88d.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e57d88d.exe 240638140
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e57d88d.exe
    Filesize

    2.4MB

    MD5

    c27a8078a618121d393fea1601948f75

    SHA1

    280e835878db7fc42a93d27d5dd905e342e5572b

    SHA256

    62c2b838b130c6e60dbfdd16ac3c699964b879a511a756dbcd81df06c20ef8a0

    SHA512

    e0cd973ab6d103506f6b4a3b210fb76ad2b5ca4100d5d4101e965ca3a1fafaeaadb9b592bd18a6441d39905ef5479781642a691689a7a3551de0ae2147397af8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e57d88d.exe
    Filesize

    2.4MB

    MD5

    c27a8078a618121d393fea1601948f75

    SHA1

    280e835878db7fc42a93d27d5dd905e342e5572b

    SHA256

    62c2b838b130c6e60dbfdd16ac3c699964b879a511a756dbcd81df06c20ef8a0

    SHA512

    e0cd973ab6d103506f6b4a3b210fb76ad2b5ca4100d5d4101e965ca3a1fafaeaadb9b592bd18a6441d39905ef5479781642a691689a7a3551de0ae2147397af8

    Download Submit

  • memory/212-133-0x0000000000000000-mapping.dmp

    Download

  • memory/212-136-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/212-138-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2544-132-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2544-137-0x0000000000400000-0x00000000006C6028-memory.dmp

    Filesize

    2.8MB

    Download