Overview

overview

10

Static

static

7

easyMalici...d4.exe

windows7-x64

10

easyMalici...d4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    75s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2023, 17:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    easyMalicious30a4193ad7d4.exe

  • Size

    884KB

  • MD5

    2ab7091214b0ae5add03b6e353297986

  • SHA1

    145de4be7e4206c6ad0fcb0419487fa86353579e

  • SHA256

    c4fe37c4c08845f69dd5489287aea066ad8e13747d82f140b24ecc24c7cde105

  • SHA512

    6e34681e3d9ac0f6a69b98df3ac4253c440a04eaefbb8baef68e61e50d06bb891aadc19937accbcaaf9c611c0e9d63a0e178cc6281499cb7f9650aced1ae5014

  • SSDEEP

    24576:ZMMpXS0hN0V0HiCSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0J:Kwi0L0qi2

Score
10/10
aspackv2persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Drops startup file 2 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 1 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\easyMalicious30a4193ad7d4.exe
    "C:\Users\Admin\AppData\Local\Temp\easyMalicious30a4193ad7d4.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:860

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1305762978-1813183296-1799492538-1000\desktop.ini.exe
    Filesize

    884KB

    MD5

    91878bcfcc38acc3d96b2e27c2e038f3

    SHA1

    77971113f332769a83d1294387153cebeb91963a

    SHA256

    3d39a7bb50d582cd3e721c61aa48df3e13aac8b5deb864241136f4c9df284f8e

    SHA512

    fa14af556b72bb53c58d93631b58d1792bc06cf8d558e397ca53567623ed0297c3bb32b5243b550586561b650aa947b52d2fce2805e88fa825d5f2a04ef933dd

    Download Submit

  • C:\AUTORUN.INF
    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

    Download Submit

  • C:\Program Files (x86)\Internet Explorer\iexplore.exe.exe
    Filesize

    1.6MB

    MD5

    d52fe7407fdf0c5293c8b4621f51ab95

    SHA1

    dd0d65257ab7d286784e78581a5d6a7cdd840a6f

    SHA256

    8ce9cec18ad0c72d59e11677a9495ba17b534963d486ce6e17537138968f33eb

    SHA512

    5fb389af8fa1a82c29917f09f488c6d95c2a3efe504c087bd5490cdef1f7c18c31242c604b5f928cee12b46db5faa7f37b00d61da709ee76a36bf58fd99f8c9b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1KB

    MD5

    9aef903d9475e7b8ee6281a1a6920b93

    SHA1

    031bd38e7771122e9258ab44a7b81e168c74f380

    SHA256

    776f06d3ad117b1147c505f19f78f473ff4fc091f4b055b1c152b7acd620e0d3

    SHA512

    0f35b412889030f7cfdbe77560782b73704689f202cbaf2c4bebaf1927f79f9f8c4808f230b3e45ee657f54c775a59b9a7a16ca275d8c231215c81734a5ed812

    Download Submit

  • memory/860-269-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/860-278-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/860-153-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/860-265-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/860-60-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/860-272-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/860-275-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/860-262-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/860-281-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/860-284-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/860-287-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/860-290-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/860-292-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/860-295-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/860-298-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download