dfaec40a2b1c69323ba20b6c91f7d2697080921fb2e698e7a8df1abb14b8b7d4

Analysis

max time kernel
53s
max time network
87s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2023, 22:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfaec40a2b1c69323ba20b6c91f7d2697080921fb2e698e7a8df1abb14b8b7d4.exe
Size

14.7MB
MD5

911da2ae0c3fd1644da45c8243a522ed
SHA1

63f128a4d43a8db068c455295fe0a98ebc1f85e0
SHA256

dfaec40a2b1c69323ba20b6c91f7d2697080921fb2e698e7a8df1abb14b8b7d4
SHA512

00b13dd696384c469885f038178d01635ce3f920782204d492ce45b3db9cc77bf25bf7acd29ab04b5b40a3312f3af48860a41dfdd5f19e4e7c8b4012179a9910
SSDEEP

393216:ocZg26UtBwV4ZCuZxUVg5DZRGKGujoU5p3:E26oBweA4xUVgZMKlj

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x00070000000231af-7.dat	aspack_v212_v242
behavioral2/files/0x00070000000231af-4.dat	aspack_v212_v242

Loads dropped DLL 1 IoCs

pid	Process
1284	dfaec40a2b1c69323ba20b6c91f7d2697080921fb2e698e7a8df1abb14b8b7d4.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1284	dfaec40a2b1c69323ba20b6c91f7d2697080921fb2e698e7a8df1abb14b8b7d4.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1284	dfaec40a2b1c69323ba20b6c91f7d2697080921fb2e698e7a8df1abb14b8b7d4.exe
1284	dfaec40a2b1c69323ba20b6c91f7d2697080921fb2e698e7a8df1abb14b8b7d4.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1284	dfaec40a2b1c69323ba20b6c91f7d2697080921fb2e698e7a8df1abb14b8b7d4.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1284	dfaec40a2b1c69323ba20b6c91f7d2697080921fb2e698e7a8df1abb14b8b7d4.exe
1284	dfaec40a2b1c69323ba20b6c91f7d2697080921fb2e698e7a8df1abb14b8b7d4.exe
1284	dfaec40a2b1c69323ba20b6c91f7d2697080921fb2e698e7a8df1abb14b8b7d4.exe
1284	dfaec40a2b1c69323ba20b6c91f7d2697080921fb2e698e7a8df1abb14b8b7d4.exe

C:\Users\Admin\AppData\Local\Temp\dfaec40a2b1c69323ba20b6c91f7d2697080921fb2e698e7a8df1abb14b8b7d4.exe
"C:\Users\Admin\AppData\Local\Temp\dfaec40a2b1c69323ba20b6c91f7d2697080921fb2e698e7a8df1abb14b8b7d4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wincvtp.dll

Filesize
53KB

MD5
0eed4533257c57e70dfb96753e2d7afa

SHA1
b876936f10597e2f1b15a0af35da644076030376

SHA256
94fe80ee719e02e036902cc661b2ba07172de611afc3a2b8da45f1ec87bfde46

SHA512
66644a6bb211a7e3999c5ffe5301ded2e5b5f29ef1be098d3d38719758fd4f3b49fdc76623381e3d14619bf66afba65ce36ad20e299a1f63b8cdd79eee306445

Download Submit
C:\Users\Admin\AppData\Local\Temp\wincvtp.dll

Filesize
53KB

MD5
0eed4533257c57e70dfb96753e2d7afa

SHA1
b876936f10597e2f1b15a0af35da644076030376

SHA256
94fe80ee719e02e036902cc661b2ba07172de611afc3a2b8da45f1ec87bfde46

SHA512
66644a6bb211a7e3999c5ffe5301ded2e5b5f29ef1be098d3d38719758fd4f3b49fdc76623381e3d14619bf66afba65ce36ad20e299a1f63b8cdd79eee306445

Download Submit
memory/1284-24-0x0000000005D00000-0x0000000005D01000-memory.dmp

Filesize
4KB

Download
memory/1284-30-0x0000000005D10000-0x0000000005D11000-memory.dmp

Filesize
4KB

Download
memory/1284-1-0x0000000077334000-0x0000000077336000-memory.dmp

Filesize
8KB

Download
memory/1284-10-0x0000000000400000-0x000000000193D000-memory.dmp

Filesize
21.2MB

Download
memory/1284-12-0x0000000005B80000-0x0000000005B81000-memory.dmp

Filesize
4KB

Download
memory/1284-11-0x0000000005B60000-0x0000000005B61000-memory.dmp

Filesize
4KB

Download
memory/1284-13-0x0000000005C30000-0x0000000005C31000-memory.dmp

Filesize
4KB

Download
memory/1284-20-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/1284-21-0x0000000005CA0000-0x0000000005CA1000-memory.dmp

Filesize
4KB

Download
memory/1284-22-0x0000000005EC0000-0x0000000005EC2000-memory.dmp

Filesize
8KB

Download
memory/1284-19-0x0000000005B70000-0x0000000005B71000-memory.dmp

Filesize
4KB

Download
memory/1284-18-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/1284-16-0x0000000005BA0000-0x0000000005BA2000-memory.dmp

Filesize
8KB

Download
memory/1284-17-0x0000000005B90000-0x0000000005B91000-memory.dmp

Filesize
4KB

Download
memory/1284-15-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/1284-14-0x0000000005C00000-0x0000000005C01000-memory.dmp

Filesize
4KB

Download
memory/1284-23-0x0000000005C10000-0x0000000005C11000-memory.dmp

Filesize
4KB

Download
memory/1284-25-0x0000000005BE0000-0x0000000005BE1000-memory.dmp

Filesize
4KB

Download
memory/1284-0-0x0000000000400000-0x000000000193D000-memory.dmp

Filesize
21.2MB

Download
memory/1284-26-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download
memory/1284-8-0x0000000074780000-0x000000007479A000-memory.dmp

Filesize
104KB

Download
memory/1284-29-0x0000000005BF0000-0x0000000005BF1000-memory.dmp

Filesize
4KB

Download
memory/1284-28-0x0000000077334000-0x0000000077335000-memory.dmp

Filesize
4KB

Download
memory/1284-27-0x0000000074780000-0x000000007479A000-memory.dmp

Filesize
104KB

Download
memory/1284-31-0x0000000005C90000-0x0000000005C91000-memory.dmp

Filesize
4KB

Download
memory/1284-33-0x0000000005CE0000-0x0000000005CE1000-memory.dmp

Filesize
4KB

Download
memory/1284-32-0x0000000005C70000-0x0000000005C71000-memory.dmp

Filesize
4KB

Download
memory/1284-34-0x0000000005D30000-0x0000000005D31000-memory.dmp

Filesize
4KB

Download
memory/1284-35-0x0000000000400000-0x000000000193D000-memory.dmp

Filesize
21.2MB

Download
memory/1284-36-0x0000000005CD0000-0x0000000005CD1000-memory.dmp

Filesize
4KB

Download
memory/1284-37-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/1284-38-0x0000000000400000-0x000000000193D000-memory.dmp

Filesize
21.2MB

Download
memory/1284-39-0x0000000005C20000-0x0000000005C21000-memory.dmp

Filesize
4KB

Download
memory/1284-505-0x0000000000400000-0x000000000193D000-memory.dmp

Filesize
21.2MB

Download
memory/1284-716-0x0000000074780000-0x000000007479A000-memory.dmp

Filesize
104KB

Download
memory/1284-1606-0x0000000000400000-0x000000000193D000-memory.dmp

Filesize
21.2MB

Download
memory/1284-1607-0x0000000074780000-0x000000007479A000-memory.dmp

Filesize
104KB

Download
memory/1284-1608-0x0000000000400000-0x000000000193D000-memory.dmp

Filesize
21.2MB

Download
memory/1284-1609-0x0000000074780000-0x000000007479A000-memory.dmp

Filesize
104KB

Download
memory/1284-1610-0x0000000000400000-0x000000000193D000-memory.dmp

Filesize
21.2MB

Download
memory/1284-1612-0x0000000000400000-0x000000000193D000-memory.dmp

Filesize
21.2MB

Download