Overview

overview

7

Static

static

3

登录器�...��.exe

windows7-x64

7

登录器�...��.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    27s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2023 06:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    登录器配置器.exe

  • Size

    6.1MB

  • MD5

    98bff83ff9b0e5216d3d6a3cba12906a

  • SHA1

    ffec014a12e35e5f0ca2e83b1fe3292fb94ab47e

  • SHA256

    a9361f6e81c1dc5f30012ece35c04c75d5e772424a522ce6addbf0d5df5e0933

  • SHA512

    d86b9a29b3715699bb0d3a0f7921a2e7175102d4bd5195d167dcb5d24dd6d387f3d62a8a6a3a4f312820942661adfd77a24c8f2d420560046ca20515e87ec3fd

  • SSDEEP

    98304:S+c0hRUbtkCnPgF2ABKJH6DhHU06OT3Z1B+zzow/rmshM62OaN:FDUbtkCPTyHUx0JizJF2OaN

Score
7/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 5 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\登录器配置器.exe
    "C:\Users\Admin\AppData\Local\Temp\登录器配置器.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:936
    • C:\Users\Admin\AppData\Local\Temp\BelFhN.exe
      C:\Users\Admin\AppData\Local\Temp\BelFhN.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:1772
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\00a47674.bat" "
        3⤵
          PID:1120

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\00a47674.bat
      Filesize

      187B

      MD5

      0f54c0ec8501181f8020e4856682631a

      SHA1

      5078c0b682f3db2483b8b7ad205c9d1e2ce5b2f4

      SHA256

      082d74aef640ff1767da8205c21b9aacb06ab3c1892d6efc10793a3cbc936c2f

      SHA512

      8d3ea99236259ae7401c8d568d45e0d3fa8e336f4577876cea9fec5de07ca56512f75832c1d10628bd8a6394825d02b9a8a215880ec8a882b6e56be969040eb3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\00a47674.bat
      Filesize

      187B

      MD5

      0f54c0ec8501181f8020e4856682631a

      SHA1

      5078c0b682f3db2483b8b7ad205c9d1e2ce5b2f4

      SHA256

      082d74aef640ff1767da8205c21b9aacb06ab3c1892d6efc10793a3cbc936c2f

      SHA512

      8d3ea99236259ae7401c8d568d45e0d3fa8e336f4577876cea9fec5de07ca56512f75832c1d10628bd8a6394825d02b9a8a215880ec8a882b6e56be969040eb3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\438654FF.exe
      Filesize

      4B

      MD5

      d3b07384d113edec49eaa6238ad5ff00

      SHA1

      f1d2d2f924e986ac86fdf7b36c94bcdf32beec15

      SHA256

      b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c

      SHA512

      0cf9180a764aba863a67b6d72f0918bc131c6772642cb2dce5a34f0a702f9470ddc2bf125c12198b1995c233c34b4afd346c54a2334c350a948a51b6e8b4e6b6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\438654FF.exe
      Filesize

      4B

      MD5

      20879c987e2f9a916e578386d499f629

      SHA1

      c7b33ddcc42361fdb847036fc07e880b81935d5d

      SHA256

      9f2981a7cc4d40a2a409dc895de64253acd819d7c0011c8e80b86fe899464e31

      SHA512

      bcdde1625364dd6dd143b45bdcec8d59cf8982aff33790d390b839f3869e0e815684568b14b555a596d616252aeeaa98dac2e6e551c9095ea11a575ff25ff84f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\BelFhN.exe
      Filesize

      15KB

      MD5

      56b2c3810dba2e939a8bb9fa36d3cf96

      SHA1

      99ee31cd4b0d6a4b62779da36e0eeecdd80589fc

      SHA256

      4354970ccc7cd6bb16318f132c34f6a1b3d5c2ea7ff53e1c9271905527f2db07

      SHA512

      27812a9a034d7bd2ca73b337ae9e0b6dc79c38cfd1a2c6ac9d125d3cc8fa563c401a40d22155811d5054e5baa8cf8c8e7e03925f25fa856a9ba9dea708d15b4e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\BelFhN.exe
      Filesize

      15KB

      MD5

      56b2c3810dba2e939a8bb9fa36d3cf96

      SHA1

      99ee31cd4b0d6a4b62779da36e0eeecdd80589fc

      SHA256

      4354970ccc7cd6bb16318f132c34f6a1b3d5c2ea7ff53e1c9271905527f2db07

      SHA512

      27812a9a034d7bd2ca73b337ae9e0b6dc79c38cfd1a2c6ac9d125d3cc8fa563c401a40d22155811d5054e5baa8cf8c8e7e03925f25fa856a9ba9dea708d15b4e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\BelFhN.exe
      Filesize

      15KB

      MD5

      56b2c3810dba2e939a8bb9fa36d3cf96

      SHA1

      99ee31cd4b0d6a4b62779da36e0eeecdd80589fc

      SHA256

      4354970ccc7cd6bb16318f132c34f6a1b3d5c2ea7ff53e1c9271905527f2db07

      SHA512

      27812a9a034d7bd2ca73b337ae9e0b6dc79c38cfd1a2c6ac9d125d3cc8fa563c401a40d22155811d5054e5baa8cf8c8e7e03925f25fa856a9ba9dea708d15b4e

      Download Submit

    • \Users\Admin\AppData\Local\Temp\BelFhN.exe
      Filesize

      15KB

      MD5

      56b2c3810dba2e939a8bb9fa36d3cf96

      SHA1

      99ee31cd4b0d6a4b62779da36e0eeecdd80589fc

      SHA256

      4354970ccc7cd6bb16318f132c34f6a1b3d5c2ea7ff53e1c9271905527f2db07

      SHA512

      27812a9a034d7bd2ca73b337ae9e0b6dc79c38cfd1a2c6ac9d125d3cc8fa563c401a40d22155811d5054e5baa8cf8c8e7e03925f25fa856a9ba9dea708d15b4e

      Download Submit

    • \Users\Admin\AppData\Local\Temp\BelFhN.exe
      Filesize

      15KB

      MD5

      56b2c3810dba2e939a8bb9fa36d3cf96

      SHA1

      99ee31cd4b0d6a4b62779da36e0eeecdd80589fc

      SHA256

      4354970ccc7cd6bb16318f132c34f6a1b3d5c2ea7ff53e1c9271905527f2db07

      SHA512

      27812a9a034d7bd2ca73b337ae9e0b6dc79c38cfd1a2c6ac9d125d3cc8fa563c401a40d22155811d5054e5baa8cf8c8e7e03925f25fa856a9ba9dea708d15b4e

      Download Submit

    • memory/936-66-0x00000000001B0000-0x00000000001B9000-memory.dmp

      Filesize

      36KB

      Download

    • memory/936-99-0x0000000000400000-0x0000000001041000-memory.dmp

      Filesize

      12.3MB

      Download

    • memory/936-100-0x00000000001B0000-0x00000000001B6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/936-64-0x0000000000400000-0x0000000001041000-memory.dmp

      Filesize

      12.3MB

      Download

    • memory/1772-67-0x0000000000C20000-0x0000000000C29000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1772-108-0x0000000000C20000-0x0000000000C29000-memory.dmp

      Filesize

      36KB

      Download