58f3470c668fc59c92cd682d5360c8de66bfe0206746f2de132c93cf62bc5c04

Analysis

max time kernel
118s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2023 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58f3470c668fc59c92cd682d5360c8de66bfe0206746f2de132c93cf62bc5c04.exe
Size

4.5MB
MD5

1e477731b04d6fe5b720014c32dc1555
SHA1

191a3b471d83f25e65a568438aacf65d282459db
SHA256

58f3470c668fc59c92cd682d5360c8de66bfe0206746f2de132c93cf62bc5c04
SHA512

6e2c6d7df3af9395733f7950c30f04c441077736453b515ba73bdc6c2b5d7b12edae9f646aa2581fbe1289607dc6d2da5dfde4e1025d6d12316835bf957962dd
SSDEEP

98304:atTIAl6gWLhtAjWWVwvajBQBgphQoethWvX8cmzt0Cm:FAl6gWOw8Bwg7QoebWvs+Cm

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\~pmetprv\~v16172\unrar.dll	aspack_v212_v242
C:\Users\Admin\AppData\Local\Temp\~pmetprv\~v16172\unrar.dll	aspack_v212_v242
C:\Users\Admin\AppData\Local\Temp\~pmetprv\~v16172\unrar.dll	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

unrar.exe

pid process

3572 unrar.exe
Loads dropped DLL 2 IoCs

Processes:

unrar.exe

pid process

3572 unrar.exe
3572 unrar.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

58f3470c668fc59c92cd682d5360c8de66bfe0206746f2de132c93cf62bc5c04.exeunrar.exe

pid process

5076 58f3470c668fc59c92cd682d5360c8de66bfe0206746f2de132c93cf62bc5c04.exe
3572 unrar.exe

pid	process
3572	unrar.exe

pid	process
3572	unrar.exe
3572	unrar.exe

pid	process
5076	58f3470c668fc59c92cd682d5360c8de66bfe0206746f2de132c93cf62bc5c04.exe
3572	unrar.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

58f3470c668fc59c92cd682d5360c8de66bfe0206746f2de132c93cf62bc5c04.exe

description	pid	process	target process
PID 5076 wrote to memory of 3572	5076	58f3470c668fc59c92cd682d5360c8de66bfe0206746f2de132c93cf62bc5c04.exe	unrar.exe
PID 5076 wrote to memory of 3572	5076	58f3470c668fc59c92cd682d5360c8de66bfe0206746f2de132c93cf62bc5c04.exe	unrar.exe
PID 5076 wrote to memory of 3572	5076	58f3470c668fc59c92cd682d5360c8de66bfe0206746f2de132c93cf62bc5c04.exe	unrar.exe

C:\Users\Admin\AppData\Local\Temp\58f3470c668fc59c92cd682d5360c8de66bfe0206746f2de132c93cf62bc5c04.exe
"C:\Users\Admin\AppData\Local\Temp\58f3470c668fc59c92cd682d5360c8de66bfe0206746f2de132c93cf62bc5c04.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5076

C:\Users\Admin\AppData\Local\Temp\~pmetprv\~v16172\unrar.exe
C:\Users\Admin\AppData\Local\Temp\~pmetprv\~v16172\unrar.exe "C:\Users\Admin\AppData\Local\Temp\58f3470c668fc59c92cd682d5360c8de66bfe0206746f2de132c93cf62bc5c04.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~pmetprv\~v16172\unrar.dll
Filesize
79KB

MD5
dfdf11bfc95bbbcb3845c57da028d09c

SHA1
cfe07c7a0978907bb2e94f6896fa392cc335e7ea

SHA256
f4b6a434ec894a9b77090ef8a46306b1826ebdc9e58d1d3b505f97473c229f28

SHA512
d713a7aa2fb17f037bfda4625c9bd1bfc6ee5836d1637d5703d7316d89c950559b04346f142cfea935d4837f68ec98c24a353a096e6963ea9baee707e68e6097

Download Submit
C:\Users\Admin\AppData\Local\Temp\~pmetprv\~v16172\unrar.dll
Filesize
79KB

MD5
dfdf11bfc95bbbcb3845c57da028d09c

SHA1
cfe07c7a0978907bb2e94f6896fa392cc335e7ea

SHA256
f4b6a434ec894a9b77090ef8a46306b1826ebdc9e58d1d3b505f97473c229f28

SHA512
d713a7aa2fb17f037bfda4625c9bd1bfc6ee5836d1637d5703d7316d89c950559b04346f142cfea935d4837f68ec98c24a353a096e6963ea9baee707e68e6097

Download Submit
C:\Users\Admin\AppData\Local\Temp\~pmetprv\~v16172\unrar.dll
Filesize
79KB

MD5
dfdf11bfc95bbbcb3845c57da028d09c

SHA1
cfe07c7a0978907bb2e94f6896fa392cc335e7ea

SHA256
f4b6a434ec894a9b77090ef8a46306b1826ebdc9e58d1d3b505f97473c229f28

SHA512
d713a7aa2fb17f037bfda4625c9bd1bfc6ee5836d1637d5703d7316d89c950559b04346f142cfea935d4837f68ec98c24a353a096e6963ea9baee707e68e6097

Download Submit
C:\Users\Admin\AppData\Local\Temp\~pmetprv\~v16172\unrar.exe
Filesize
28KB

MD5
a8624711a27de70f57041da33a18767d

SHA1
fe4f1e4a1e454a9842c845535419ca1834270ffc

SHA256
c00f448d8464e824ca046be14f129d4201cdcaab034f41361ada6c01d2a4fdf5

SHA512
a6d51ee59d82e232d39b908fac3ed3d6bc1b5dfbec51cf88b45cc1d161b1e0773e1fa1bc821b36834eff0c9b7e17f409537831f9c700d8e902a8611958054627

Download Submit
C:\Users\Admin\AppData\Local\Temp\~pmetprv\~v16172\unrar.exe
Filesize
28KB

MD5
a8624711a27de70f57041da33a18767d

SHA1
fe4f1e4a1e454a9842c845535419ca1834270ffc

SHA256
c00f448d8464e824ca046be14f129d4201cdcaab034f41361ada6c01d2a4fdf5

SHA512
a6d51ee59d82e232d39b908fac3ed3d6bc1b5dfbec51cf88b45cc1d161b1e0773e1fa1bc821b36834eff0c9b7e17f409537831f9c700d8e902a8611958054627

Download Submit
memory/3572-177-0x00000000004E0000-0x0000000000515000-memory.dmp

Filesize
212KB

Download
memory/3572-238-0x00000000004E0000-0x0000000000515000-memory.dmp

Filesize
212KB

Download