a1ee855e975db8957456fc60c33eb040b7bdc2ff79dbd9799f379a4dcade71bf | Triage

Submit
Reports

Overview

overview

8

Static

static

1

工作报表.exe

windows7-x64

8

工作报表.exe

windows10-2004-x64

8

Sharing

General

Target

工作报表.exe
Size

802KB
Sample

230331-tctaqabc65
MD5

43dc1d7eeef9b4ca0d455404b12c34c8
SHA1

2e618174d09b00abc16d34bff7b646e036adf253
SHA256

a1ee855e975db8957456fc60c33eb040b7bdc2ff79dbd9799f379a4dcade71bf
SHA512

b65a6542520ae094d8f9101d062339a997aa2eaed426e3aaa4c79145d97debf75062df334df4c02d874ebe15731e035bbf7b7cd0f55c248d4b6a45294c5c70c7
SSDEEP

24576:Sny/f9uCOXP25JiBvuXwKhbBh4iv/IVVWX77Sj+ithPW1:XF0IJSmgaVhvv/IVKyj+d

Score

8^/10

aspackv2

Static task

static1

Behavioral task

behavioral1

Sample

工作报表.exe

Resource

win7-20230220-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

工作报表.exe

Resource

win10v2004-20230221-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  工作报表.exe
- Size
  
  802KB
- MD5
  
  43dc1d7eeef9b4ca0d455404b12c34c8
- SHA1
  
  2e618174d09b00abc16d34bff7b646e036adf253
- SHA256
  
  a1ee855e975db8957456fc60c33eb040b7bdc2ff79dbd9799f379a4dcade71bf
- SHA512
  
  b65a6542520ae094d8f9101d062339a997aa2eaed426e3aaa4c79145d97debf75062df334df4c02d874ebe15731e035bbf7b7cd0f55c248d4b6a45294c5c70c7
- SSDEEP
  
  24576:Sny/f9uCOXP25JiBvuXwKhbBh4iv/IVVWX77Sj+ithPW1:XF0IJSmgaVhvv/IVKyj+d
Score

8^/10

aspackv2
- Downloads MZ/PE file
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy