Overview

overview

7

Static

static

7

8e95662f91...ae.exe

windows7-x64

7

8e95662f91...ae.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    111s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-02-2023 20:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e95662f91072d3c95aa126e7ad3c7fd094390029200cd0fa1c3a20a87b9eeae.exe

  • Size

    4.4MB

  • MD5

    5155f6e7f8362c85a6d0fa09f76bbd20

  • SHA1

    a44bd20487e1e8ce6b2c0307289318c2876f6417

  • SHA256

    8e95662f91072d3c95aa126e7ad3c7fd094390029200cd0fa1c3a20a87b9eeae

  • SHA512

    45b26844d1d06d42aeeeeec72ac72f54332bf30f7c2e0e4d6a85240c36b970dacf423a74eeaac4292ba741d6bd28c5eeb756bcef46a28ff114568eb4917c4bb3

  • SSDEEP

    98304:Wl4xQfRdFhh2Xl5QuB4ZSmF5oPSSz9tyF/pr/Tc97TCWa+cA:Wl4xQfjFb2IRqPSS3GBr2WA

Score
7/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e95662f91072d3c95aa126e7ad3c7fd094390029200cd0fa1c3a20a87b9eeae.exe
    "C:\Users\Admin\AppData\Local\Temp\8e95662f91072d3c95aa126e7ad3c7fd094390029200cd0fa1c3a20a87b9eeae.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Users\Admin\AppData\Local\Temp\temp0\3DVIAPlayer.exe
      C:\Users\Admin\AppData\Local\Temp\temp0\3DVIAPlayer.exe "C:\Users\Admin\AppData\Local\Temp\temp0\380AL_KongTiaoHuanQiXiTong.smg"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3360

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\temp0\3DVIAPlayer.exe
    Filesize

    3.3MB

    MD5

    17ca7ab45cbdc724f1db8a1b16270fe6

    SHA1

    7f7cc9f76a7e1edf7bc501b8fd6b099e04354d30

    SHA256

    e28b3915bc4ef2191c9ce480742cc3f403903a068bf2b32e66e21da8c55c9b00

    SHA512

    b51ee7bf684e97e0e1036c1f23fa41388d7c81974914df5312059ed402a755d62b1c91860ad50351158cb6f47374b5f1202b66ddb9ce32b1599e6a383483fb4e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\temp0\3DVIAPlayer.exe
    Filesize

    3.3MB

    MD5

    17ca7ab45cbdc724f1db8a1b16270fe6

    SHA1

    7f7cc9f76a7e1edf7bc501b8fd6b099e04354d30

    SHA256

    e28b3915bc4ef2191c9ce480742cc3f403903a068bf2b32e66e21da8c55c9b00

    SHA512

    b51ee7bf684e97e0e1036c1f23fa41388d7c81974914df5312059ed402a755d62b1c91860ad50351158cb6f47374b5f1202b66ddb9ce32b1599e6a383483fb4e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\temp0\3DVIAPlayerCHS.dll
    Filesize

    2.8MB

    MD5

    b09496cfd04e9b5b703694ff957c6200

    SHA1

    93584840aeeb325c70320554c8fa340e15770cfb

    SHA256

    5dc17f3c76e03c73fb942e8b6221fd51a5074f787003cc498a6a7ee0ceb85ed8

    SHA512

    fc41dfe70b909cb4cfffd96b51d046c3d4ef6e9be0c1e7fa3c36665e5128ddac6a2a03a41d75975977c5f2b765c53fda58eb8903efea5d92a76b657368cd4107

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\temp0\3DVIAPlayerCHS.dll
    Filesize

    2.8MB

    MD5

    b09496cfd04e9b5b703694ff957c6200

    SHA1

    93584840aeeb325c70320554c8fa340e15770cfb

    SHA256

    5dc17f3c76e03c73fb942e8b6221fd51a5074f787003cc498a6a7ee0ceb85ed8

    SHA512

    fc41dfe70b909cb4cfffd96b51d046c3d4ef6e9be0c1e7fa3c36665e5128ddac6a2a03a41d75975977c5f2b765c53fda58eb8903efea5d92a76b657368cd4107

    Download Submit
  • memory/2124-133-0x0000000000400000-0x00000000004C1000-memory.dmp
    Filesize

    772KB

    Download
  • memory/2124-134-0x0000000000400000-0x00000000004C1000-memory.dmp
    Filesize

    772KB

    Download
  • memory/2124-135-0x0000000000400000-0x00000000004C1000-memory.dmp
    Filesize

    772KB

    Download
  • memory/2124-132-0x0000000000400000-0x00000000004C1000-memory.dmp
    Filesize

    772KB

    Download
  • memory/2124-146-0x0000000000400000-0x00000000004C1000-memory.dmp
    Filesize

    772KB

    Download
  • memory/3360-136-0x0000000000000000-mapping.dmp
    Download
  • memory/3360-142-0x0000000000400000-0x0000000001043000-memory.dmp
    Filesize

    12.3MB

    Download
  • memory/3360-143-0x0000000000400000-0x0000000001043000-memory.dmp
    Filesize

    12.3MB

    Download
  • memory/3360-141-0x0000000000400000-0x0000000001043000-memory.dmp
    Filesize

    12.3MB

    Download
  • memory/3360-140-0x0000000000400000-0x0000000001043000-memory.dmp
    Filesize

    12.3MB

    Download
  • memory/3360-139-0x0000000000400000-0x0000000001043000-memory.dmp
    Filesize

    12.3MB

    Download
  • memory/3360-147-0x0000000000400000-0x0000000001043000-memory.dmp
    Filesize

    12.3MB

    Download