Overview

overview

7

Static

static

7

8fd81bdad6...88.exe

windows7-x64

7

8fd81bdad6...88.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-02-2023 20:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8fd81bdad67c1d9086b39035abdbc3de8239df962706f3e1b910ff8ec41db088.exe

  • Size

    4.1MB

  • MD5

    6482fd3a9b5bbe3eac010392b7ed41d0

  • SHA1

    f3fe12e0e123671a46495c55307f319c9adb10a6

  • SHA256

    8fd81bdad67c1d9086b39035abdbc3de8239df962706f3e1b910ff8ec41db088

  • SHA512

    3c1ba388bdc745804901e3d80cdbd0ceae402ff837b61966b2c1c0f3126e1fb5e68ed138d320d7656c9fc9492af3c99422c0b4717cbeb6cb540ae9f39351dd23

  • SSDEEP

    98304:Gl450Lqso3c58Q5rhgPPpjiKwYDAMFwzfm3oUeEYBCcnZf2Ow56So70TwT:Gl4+qfc5BrePFtCdUCZfgcSU0O

Score
7/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8fd81bdad67c1d9086b39035abdbc3de8239df962706f3e1b910ff8ec41db088.exe
    "C:\Users\Admin\AppData\Local\Temp\8fd81bdad67c1d9086b39035abdbc3de8239df962706f3e1b910ff8ec41db088.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:776
    • C:\Users\Admin\AppData\Local\Temp\temp0\3DVIAPlayer.exe
      C:\Users\Admin\AppData\Local\Temp\temp0\3DVIAPlayer.exe "C:\Users\Admin\AppData\Local\Temp\temp0\BEJ-LC(2).smg"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3568

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\temp0\3DVIAPlayer.exe
    Filesize

    3.3MB

    MD5

    577463cefa0570d4d37fa0b228de4096

    SHA1

    26cda5d898e6eef46c9e7374877be0bf60bd8a07

    SHA256

    358bb5a736f996b6292c47ae8bd093d23d93876c8f3fef80f4a8524cfe62c468

    SHA512

    ed5f7dbc37e61c35cc9ae3bad0b62a1da7ea08ecd4dd328a2331630ca1ded72b93cce0637a882135e59a7859a717c98a2e32c4af8900e63160eb3e737fc17d7f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\temp0\3DVIAPlayer.exe
    Filesize

    3.3MB

    MD5

    577463cefa0570d4d37fa0b228de4096

    SHA1

    26cda5d898e6eef46c9e7374877be0bf60bd8a07

    SHA256

    358bb5a736f996b6292c47ae8bd093d23d93876c8f3fef80f4a8524cfe62c468

    SHA512

    ed5f7dbc37e61c35cc9ae3bad0b62a1da7ea08ecd4dd328a2331630ca1ded72b93cce0637a882135e59a7859a717c98a2e32c4af8900e63160eb3e737fc17d7f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\temp0\3DVIAPlayerCHS.dll
    Filesize

    2.8MB

    MD5

    5ad190135631a751c63605ddfcbba45c

    SHA1

    4f0fa1877df5c3abb640a6a0474773fb3acbc79e

    SHA256

    8a20f83aaec633213758d4c7e2cdf6f2ce5d030c0625c405f0d40d9c6a39d018

    SHA512

    ead40c586c46686d291990a5c660e74ac995f28826a4d6d579a14ce87e4f45a7d0e2030341e9c674c102cf45ccfa57e9d0fe39a6b8a2627d068ee90aa0ef8410

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\temp0\3DVIAPlayerCHS.dll
    Filesize

    2.8MB

    MD5

    5ad190135631a751c63605ddfcbba45c

    SHA1

    4f0fa1877df5c3abb640a6a0474773fb3acbc79e

    SHA256

    8a20f83aaec633213758d4c7e2cdf6f2ce5d030c0625c405f0d40d9c6a39d018

    SHA512

    ead40c586c46686d291990a5c660e74ac995f28826a4d6d579a14ce87e4f45a7d0e2030341e9c674c102cf45ccfa57e9d0fe39a6b8a2627d068ee90aa0ef8410

    Download Submit
  • memory/776-134-0x0000000000400000-0x00000000004C1000-memory.dmp
    Filesize

    772KB

    Download
  • memory/776-135-0x0000000000400000-0x00000000004C1000-memory.dmp
    Filesize

    772KB

    Download
  • memory/776-160-0x0000000000400000-0x00000000004C1000-memory.dmp
    Filesize

    772KB

    Download
  • memory/776-136-0x0000000000400000-0x00000000004C1000-memory.dmp
    Filesize

    772KB

    Download
  • memory/776-133-0x0000000000400000-0x00000000004C1000-memory.dmp
    Filesize

    772KB

    Download
  • memory/3568-153-0x0000000000400000-0x0000000001044000-memory.dmp
    Filesize

    12.3MB

    Download
  • memory/3568-156-0x0000000000400000-0x0000000001044000-memory.dmp
    Filesize

    12.3MB

    Download
  • memory/3568-155-0x0000000000400000-0x0000000001044000-memory.dmp
    Filesize

    12.3MB

    Download
  • memory/3568-154-0x0000000000400000-0x0000000001044000-memory.dmp
    Filesize

    12.3MB

    Download
  • memory/3568-152-0x0000000000400000-0x0000000001044000-memory.dmp
    Filesize

    12.3MB

    Download
  • memory/3568-161-0x0000000000400000-0x0000000001044000-memory.dmp
    Filesize

    12.3MB

    Download
  • memory/3568-169-0x0000000000400000-0x0000000001044000-memory.dmp
    Filesize

    12.3MB

    Download
  • memory/3568-171-0x0000000000400000-0x0000000001044000-memory.dmp
    Filesize

    12.3MB

    Download
  • memory/3568-183-0x0000000000400000-0x0000000001044000-memory.dmp
    Filesize

    12.3MB

    Download