d28b5ac49d1df2d04f5c918c3584772efea9260ee514cf0062ea7936ffbc1195 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

Revision114exe.exe

windows7-x64

7

Revision114exe.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

Revision114exe.exe
Size

10.4MB
Sample

230704-w52tnsgb74
MD5

e25e39744775a8a636866cc7bc446640
SHA1

9258197f2960a19f6412861fcdee2eb65ea33704
SHA256

d28b5ac49d1df2d04f5c918c3584772efea9260ee514cf0062ea7936ffbc1195
SHA512

b567e820813c78dc7a0864b557cdb8ff9846915fb1d2e6a3c3ddf031a77c4a2b376d6973b35b117ff97a00e690fed432bfbb236da526c824247ab331f6870c86
SSDEEP

196608:WMz28dVl/fzCdDNU/9onJ5hrZEK3e9tGPqKM48RmU/qZlsPv4TbqM/xBfmxMoK5j:km9c5hlEK/PNMtNqZW43rDoK5BN

Score

8^/10

aspackv2 discovery exploit persistence pyinstaller

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Revision114exe.exe

Resource

win7-20230703-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Revision114exe.exe

Resource

win10v2004-20230703-en

aspackv2 discovery exploit persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Revision114exe.exe
- Size
  
  10.4MB
- MD5
  
  e25e39744775a8a636866cc7bc446640
- SHA1
  
  9258197f2960a19f6412861fcdee2eb65ea33704
- SHA256
  
  d28b5ac49d1df2d04f5c918c3584772efea9260ee514cf0062ea7936ffbc1195
- SHA512
  
  b567e820813c78dc7a0864b557cdb8ff9846915fb1d2e6a3c3ddf031a77c4a2b376d6973b35b117ff97a00e690fed432bfbb236da526c824247ab331f6870c86
- SSDEEP
  
  196608:WMz28dVl/fzCdDNU/9onJ5hrZEK3e9tGPqKM48RmU/qZlsPv4TbqM/xBfmxMoK5j:km9c5hlEK/PNMtNqZW43rDoK5BN
Score

8^/10

aspackv2 discovery exploit persistence
- Possible privilege escalation attempt
  exploit
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

aspackv2discoveryexploitpersistence

© 2018-2025

Terms | Privacy