Overview

overview

10

Static

static

7

easy_Malic...22.exe

windows7-x64

10

easy_Malic...22.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2023, 15:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    easy_Malicious_30a4193ad7d4218d6eb5dfcc94d97eb2801b1bfa3029b59ec631665f17ea1d22.exe

  • Size

    884KB

  • MD5

    2ab7091214b0ae5add03b6e353297986

  • SHA1

    145de4be7e4206c6ad0fcb0419487fa86353579e

  • SHA256

    c4fe37c4c08845f69dd5489287aea066ad8e13747d82f140b24ecc24c7cde105

  • SHA512

    6e34681e3d9ac0f6a69b98df3ac4253c440a04eaefbb8baef68e61e50d06bb891aadc19937accbcaaf9c611c0e9d63a0e178cc6281499cb7f9650aced1ae5014

  • SSDEEP

    24576:ZMMpXS0hN0V0HiCSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0J:Kwi0L0qi2

Score
10/10
aspackv2persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Drops startup file 2 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\easy_Malicious_30a4193ad7d4218d6eb5dfcc94d97eb2801b1bfa3029b59ec631665f17ea1d22.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_30a4193ad7d4218d6eb5dfcc94d97eb2801b1bfa3029b59ec631665f17ea1d22.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:3912
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p
    1⤵
    • Drops file in System32 directory
    PID:1348

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1722984668-1829624581-3022101259-1000\desktop.ini.exe
    Filesize

    884KB

    MD5

    107249c383f6dc71665abea8a2988de2

    SHA1

    fc9cbf3b8f48694d26257a9bf4e28631602b4b5d

    SHA256

    ad21ac97827e7f6b4b68e55155570a8245a100025c3e8d7523de366a8dce4b84

    SHA512

    cd72303718398b66dbb8d6317dce40239fd19ae0824f9d9a1454326cebdbd8c9688c3db2d3509213d126e11490c65032ba6fa7fadbeddb9dd4a7320f57c51c72

    Download Submit

  • C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe
    Filesize

    1.7MB

    MD5

    3cd158c7feed91de137e2a016453d899

    SHA1

    65b698dc0d0c6a2612da3f74bc9f364880d8e315

    SHA256

    ab13a884f35251866ac1f6fee81f103246016a7831c5b1ddcc4d16b4cf6b9078

    SHA512

    c026d8731fc29fb853d07d087a8405b967dd057910fa2959a4d1114b023bbcc9a7f7eac356a45b6f1388eae0cfcb0b676f63824b667109169e0753c300faf274

    Download Submit

  • F:\AUTORUN.INF
    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

    Download Submit

  • memory/3912-4567-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3912-7019-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3912-1314-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3912-2094-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3912-3366-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3912-139-0x00000000022F0000-0x00000000022F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3912-5930-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3912-596-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3912-7995-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3912-8782-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3912-9365-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3912-10116-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3912-11125-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3912-11476-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/3912-11780-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download