f6a79c53c47dc2656df56dff26d24b3b4403ad082dcaa00d425f4ca4bd579877

Analysis

max time kernel
141s
max time network
31s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
24-06-2023 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6a79c53c47dc2656df56dff26d24b3b4403ad082dcaa00d425f4ca4bd579877.exe
Size

1.9MB
MD5

6c03deee41ba485de5f38e524879ed24
SHA1

bf08f04f062ffd2684242d34c6d5f048b60d3aae
SHA256

f6a79c53c47dc2656df56dff26d24b3b4403ad082dcaa00d425f4ca4bd579877
SHA512

192c99f97b5c41a894e38498f25b53393359c35c94949c9cd5627b784aa502b343e414271ad5686dd81b2eb2cea097ac559c1f3b7e6eb0179cece4af2480aaff
SSDEEP

49152:II9fJYs3uf7Ja+u/jDx6iOD+IVuWRaNeZn5Sj3fL:7is3UJa+u/jl6rD+IVuWpsL

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
\bdck\bdck.exe	aspack_v212_v242
\bdck\bdck.exe	aspack_v212_v242
C:\bdck\bdck.exe	aspack_v212_v242
C:\bdck\bdck.exe	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

bdck.exe

pid process

1952 bdck.exe

pid	process
1952	bdck.exe

Loads dropped DLL 2 IoCs

Processes:

f6a79c53c47dc2656df56dff26d24b3b4403ad082dcaa00d425f4ca4bd579877.exe

pid	process
2008	f6a79c53c47dc2656df56dff26d24b3b4403ad082dcaa00d425f4ca4bd579877.exe
2008	f6a79c53c47dc2656df56dff26d24b3b4403ad082dcaa00d425f4ca4bd579877.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

f6a79c53c47dc2656df56dff26d24b3b4403ad082dcaa00d425f4ca4bd579877.exe

description	pid	process	target process
PID 2008 wrote to memory of 1952	2008	f6a79c53c47dc2656df56dff26d24b3b4403ad082dcaa00d425f4ca4bd579877.exe	bdck.exe
PID 2008 wrote to memory of 1952	2008	f6a79c53c47dc2656df56dff26d24b3b4403ad082dcaa00d425f4ca4bd579877.exe	bdck.exe
PID 2008 wrote to memory of 1952	2008	f6a79c53c47dc2656df56dff26d24b3b4403ad082dcaa00d425f4ca4bd579877.exe	bdck.exe
PID 2008 wrote to memory of 1952	2008	f6a79c53c47dc2656df56dff26d24b3b4403ad082dcaa00d425f4ca4bd579877.exe	bdck.exe

C:\Users\Admin\AppData\Local\Temp\f6a79c53c47dc2656df56dff26d24b3b4403ad082dcaa00d425f4ca4bd579877.exe
"C:\Users\Admin\AppData\Local\Temp\f6a79c53c47dc2656df56dff26d24b3b4403ad082dcaa00d425f4ca4bd579877.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2008

C:\bdck\bdck.exe
"C:\bdck\bdck.exe"
2⤵
- Executes dropped EXE
PID:1952

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\bdck\bdck.exe
Filesize
1.8MB

MD5
4d4d6781c024c289482f0a7586a0a15e

SHA1
a930699d1ad4d8cf67dc07f7590a5eddeed47a17

SHA256
de0e700141803b331c21718fad81342e18eff87ba42d3b4bce9d9191040ac1bf

SHA512
56681c9f2a320fc1e0fa022500714ff9a5c667a05c9612ea34a45beb2d0bda4c11b893604aeecd0aa23716dcfcea2e9cca9b3d9e5cb473c55dec4415284d2283

Download Submit
C:\bdck\bdck.exe
Filesize
1.8MB

MD5
4d4d6781c024c289482f0a7586a0a15e

SHA1
a930699d1ad4d8cf67dc07f7590a5eddeed47a17

SHA256
de0e700141803b331c21718fad81342e18eff87ba42d3b4bce9d9191040ac1bf

SHA512
56681c9f2a320fc1e0fa022500714ff9a5c667a05c9612ea34a45beb2d0bda4c11b893604aeecd0aa23716dcfcea2e9cca9b3d9e5cb473c55dec4415284d2283

Download Submit
\bdck\bdck.exe
Filesize
1.8MB

MD5
4d4d6781c024c289482f0a7586a0a15e

SHA1
a930699d1ad4d8cf67dc07f7590a5eddeed47a17

SHA256
de0e700141803b331c21718fad81342e18eff87ba42d3b4bce9d9191040ac1bf

SHA512
56681c9f2a320fc1e0fa022500714ff9a5c667a05c9612ea34a45beb2d0bda4c11b893604aeecd0aa23716dcfcea2e9cca9b3d9e5cb473c55dec4415284d2283

Download Submit
\bdck\bdck.exe
Filesize
1.8MB

MD5
4d4d6781c024c289482f0a7586a0a15e

SHA1
a930699d1ad4d8cf67dc07f7590a5eddeed47a17

SHA256
de0e700141803b331c21718fad81342e18eff87ba42d3b4bce9d9191040ac1bf

SHA512
56681c9f2a320fc1e0fa022500714ff9a5c667a05c9612ea34a45beb2d0bda4c11b893604aeecd0aa23716dcfcea2e9cca9b3d9e5cb473c55dec4415284d2283

Download Submit
memory/1952-65-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1952-66-0x0000000000400000-0x0000000000A62000-memory.dmp

Filesize
6.4MB

Download
memory/2008-64-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads