c76a2b2c274c4a6f52687a7d80ef1c9dd61bfc0b5613160182f203f4c03dac31

Analysis

max time kernel
186s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c76a2b2c274c4a6f52687a7d80ef1c9dd61bfc0b5613160182f203f4c03dac31.exe
Size

34KB
MD5

3acfcb56aa4b3c4aa10ded3403465479
SHA1

907c351f3cec9279cbd57a8b8c151c149e9e32b6
SHA256

c76a2b2c274c4a6f52687a7d80ef1c9dd61bfc0b5613160182f203f4c03dac31
SHA512

616fa485c668c9789e1ad51392b2ea13990d5e1c78d9c27e02653f2e9d2ad58d86a1fbb70e3f05abf31ae6e28de236cc42cc5e1ecb37a2c0a540b025cbb4df7e
SSDEEP

768:ridu14eob3h+LmSZ7xOha5k1wrK/FYIvOdRngssruMKMZMxuha5:reu1MV+LmSZQ1wrKFY/dRngssrrKM3

Score

8^/10

aspackv2 persistence

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x000900000002307d-133.dat	aspack_v212_v242
behavioral2/files/0x000900000002307d-134.dat	aspack_v212_v242

Loads dropped DLL 2 IoCs

pid	Process
2044	c76a2b2c274c4a6f52687a7d80ef1c9dd61bfc0b5613160182f203f4c03dac31.exe
2044	c76a2b2c274c4a6f52687a7d80ef1c9dd61bfc0b5613160182f203f4c03dac31.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	c76a2b2c274c4a6f52687a7d80ef1c9dd61bfc0b5613160182f203f4c03dac31.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\SCANREGW.EXE	c76a2b2c274c4a6f52687a7d80ef1c9dd61bfc0b5613160182f203f4c03dac31.exe
File created	C:\Windows\SysWOW64\DXInput.dll	c76a2b2c274c4a6f52687a7d80ef1c9dd61bfc0b5613160182f203f4c03dac31.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2044	c76a2b2c274c4a6f52687a7d80ef1c9dd61bfc0b5613160182f203f4c03dac31.exe

C:\Users\Admin\AppData\Local\Temp\c76a2b2c274c4a6f52687a7d80ef1c9dd61bfc0b5613160182f203f4c03dac31.exe
"C:\Users\Admin\AppData\Local\Temp\c76a2b2c274c4a6f52687a7d80ef1c9dd61bfc0b5613160182f203f4c03dac31.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2044

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\DXInput.dll

Filesize
20KB

MD5
d3b044217375babdbd5847cef3c2f9ea

SHA1
d180d0d71ba5bb250551359dee1992107bd7a925

SHA256
765f5901efa34f4d2de53a50e2ab052b2104f2ed10116400e328bb56dd1e9f6c

SHA512
534ac4ff058e347dc36c0ee104034b268370f0b845699e869c30bbf56803026e684e30a79bad7e4a4ac17b20cd031449d4782136bff39a59f76b052f2af22354

Download Submit
C:\Windows\SysWOW64\DXInput.dll

Filesize
20KB

MD5
d3b044217375babdbd5847cef3c2f9ea

SHA1
d180d0d71ba5bb250551359dee1992107bd7a925

SHA256
765f5901efa34f4d2de53a50e2ab052b2104f2ed10116400e328bb56dd1e9f6c

SHA512
534ac4ff058e347dc36c0ee104034b268370f0b845699e869c30bbf56803026e684e30a79bad7e4a4ac17b20cd031449d4782136bff39a59f76b052f2af22354

Download Submit