aab74be3f33dd7c8783bef4c91b761bd31a7d83f260f7999e2789fb06f7705e2

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 23:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0717b88c408cb3f738f71e817cff6e34.exe
Size

3.6MB
MD5

0717b88c408cb3f738f71e817cff6e34
SHA1

a7fd35c1000320c20f9cedc5a90a9ec1e3a41dab
SHA256

aab74be3f33dd7c8783bef4c91b761bd31a7d83f260f7999e2789fb06f7705e2
SHA512

1ab013d1bc152eeaa8db051fa1b1133cdb7d81685b9e1f0e856ef6553b9a63c83b8afa3e255d4762ecf5dac2485bc092b4801ca3c1ad1aedb1b2298c1b0ada62
SSDEEP

98304:2oiH7QkwJH4++uZrBAOYSyXIXsB0cgpaZr:l+7QT9+SrBc+cspOr

Score

7^/10

aspackv2 discovery

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x000800000002320a-67.dat	aspack_v212_v242
behavioral2/files/0x000800000002320a-65.dat	aspack_v212_v242

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	0717b88c408cb3f738f71e817cff6e34.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	0717b88c408cb3f738f71e817cff6e34.exe

Loads dropped DLL 6 IoCs

pid	Process
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	0717b88c408cb3f738f71e817cff6e34.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	0717b88c408cb3f738f71e817cff6e34.exe
Key security queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	0717b88c408cb3f738f71e817cff6e34.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	0717b88c408cb3f738f71e817cff6e34.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe
4568	0717b88c408cb3f738f71e817cff6e34.exe

C:\Users\Admin\AppData\Local\Temp\0717b88c408cb3f738f71e817cff6e34.exe
"C:\Users\Admin\AppData\Local\Temp\0717b88c408cb3f738f71e817cff6e34.exe"
1⤵
- Checks system information in the registry
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsc64F5.tmp\mspdb144.dll

Filesize
92KB

MD5
d4d67e8e27bcf2c1c4a4b4d3e75adba7

SHA1
a1f05f115cd112432bf84f35d2eff2871bed5799

SHA256
0ce355e670dea5bd81e323f5be0ea509c02e4ed80a85d9643da167ebac8938ea

SHA512
f1baf39b7a5cf13301c60373c347e010e97a43dde376295a477bced6f5822caba17a9661b0efe7a116ab1e54ac35d9a0f50e986dc90f5f9c02bd8267ce0d7b3c

Download Submit
memory/4568-0-0x0000000000400000-0x00000000008A6000-memory.dmp

Filesize
4.6MB

Download
memory/4568-8-0x00000000037E0000-0x00000000037E1000-memory.dmp

Filesize
4KB

Download
memory/4568-17-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/4568-16-0x0000000002940000-0x0000000002941000-memory.dmp

Filesize
4KB

Download
memory/4568-19-0x0000000003E10000-0x0000000003E11000-memory.dmp

Filesize
4KB

Download
memory/4568-18-0x0000000003E50000-0x0000000003E51000-memory.dmp

Filesize
4KB

Download
memory/4568-21-0x0000000003E60000-0x0000000003E61000-memory.dmp

Filesize
4KB

Download
memory/4568-23-0x0000000003E80000-0x0000000003E81000-memory.dmp

Filesize
4KB

Download
memory/4568-22-0x0000000003E90000-0x0000000003E91000-memory.dmp

Filesize
4KB

Download
memory/4568-20-0x0000000003E70000-0x0000000003E71000-memory.dmp

Filesize
4KB

Download
memory/4568-15-0x00000000037F0000-0x00000000037F1000-memory.dmp

Filesize
4KB

Download
memory/4568-14-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/4568-13-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/4568-12-0x0000000003830000-0x0000000003831000-memory.dmp

Filesize
4KB

Download
memory/4568-11-0x00000000037C0000-0x00000000037C6000-memory.dmp

Filesize
24KB

Download
memory/4568-10-0x0000000003820000-0x0000000003821000-memory.dmp

Filesize
4KB

Download
memory/4568-9-0x00000000037D0000-0x00000000037D2000-memory.dmp

Filesize
8KB

Download
memory/4568-7-0x0000000002930000-0x0000000002931000-memory.dmp

Filesize
4KB

Download
memory/4568-6-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/4568-5-0x00000000028C0000-0x00000000028C1000-memory.dmp

Filesize
4KB

Download
memory/4568-4-0x0000000002890000-0x0000000002891000-memory.dmp

Filesize
4KB

Download
memory/4568-3-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download
memory/4568-2-0x00000000028E0000-0x00000000028E1000-memory.dmp

Filesize
4KB

Download
memory/4568-1-0x0000000002680000-0x00000000026E0000-memory.dmp

Filesize
384KB

Download
memory/4568-45-0x0000000003FB0000-0x0000000003FB1000-memory.dmp

Filesize
4KB

Download
memory/4568-44-0x0000000003F90000-0x0000000003F91000-memory.dmp

Filesize
4KB

Download
memory/4568-43-0x0000000003F50000-0x0000000003F51000-memory.dmp

Filesize
4KB

Download
memory/4568-42-0x0000000003FE0000-0x0000000003FE1000-memory.dmp

Filesize
4KB

Download
memory/4568-41-0x0000000003FF0000-0x0000000003FF1000-memory.dmp

Filesize
4KB

Download
memory/4568-40-0x0000000003FC0000-0x0000000003FC1000-memory.dmp

Filesize
4KB

Download
memory/4568-39-0x0000000003FD0000-0x0000000003FD1000-memory.dmp

Filesize
4KB

Download
memory/4568-60-0x0000000005420000-0x0000000005421000-memory.dmp

Filesize
4KB

Download
memory/4568-59-0x0000000005430000-0x0000000005431000-memory.dmp

Filesize
4KB

Download
memory/4568-64-0x0000000006A30000-0x0000000006A31000-memory.dmp

Filesize
4KB

Download
memory/4568-63-0x0000000006A40000-0x0000000006A41000-memory.dmp

Filesize
4KB

Download
memory/4568-62-0x0000000000400000-0x00000000008A6000-memory.dmp

Filesize
4.6MB

Download
memory/4568-58-0x0000000005400000-0x0000000005401000-memory.dmp

Filesize
4KB

Download
memory/4568-57-0x0000000005410000-0x0000000005411000-memory.dmp

Filesize
4KB

Download
memory/4568-56-0x00000000053E0000-0x00000000053E1000-memory.dmp

Filesize
4KB

Download
memory/4568-55-0x00000000053F0000-0x00000000053F1000-memory.dmp

Filesize
4KB

Download
memory/4568-38-0x0000000003FA0000-0x0000000003FA1000-memory.dmp

Filesize
4KB

Download
memory/4568-37-0x0000000003F80000-0x0000000003F81000-memory.dmp

Filesize
4KB

Download
memory/4568-72-0x0000000006A50000-0x0000000006CAF000-memory.dmp

Filesize
2.4MB

Download
memory/4568-73-0x0000000006EE0000-0x0000000006EE1000-memory.dmp

Filesize
4KB

Download
memory/4568-74-0x00000000070F0000-0x00000000070F1000-memory.dmp

Filesize
4KB

Download
memory/4568-75-0x0000000007040000-0x0000000007041000-memory.dmp

Filesize
4KB

Download
memory/4568-77-0x00000000071A0000-0x00000000071A1000-memory.dmp

Filesize
4KB

Download
memory/4568-79-0x0000000007E80000-0x0000000007E81000-memory.dmp

Filesize
4KB

Download
memory/4568-78-0x0000000007E90000-0x0000000007E91000-memory.dmp

Filesize
4KB

Download
memory/4568-81-0x0000000007EA0000-0x0000000007EA1000-memory.dmp

Filesize
4KB

Download
memory/4568-80-0x0000000007EB0000-0x0000000007EB1000-memory.dmp

Filesize
4KB

Download
memory/4568-76-0x0000000007E70000-0x0000000007E71000-memory.dmp

Filesize
4KB

Download
memory/4568-71-0x0000000006A50000-0x0000000006CAF000-memory.dmp

Filesize
2.4MB

Download
memory/4568-36-0x0000000003F60000-0x0000000003F61000-memory.dmp

Filesize
4KB

Download
memory/4568-35-0x0000000003F70000-0x0000000003F71000-memory.dmp

Filesize
4KB

Download
memory/4568-34-0x0000000003F40000-0x0000000003F41000-memory.dmp

Filesize
4KB

Download
memory/4568-33-0x0000000003F20000-0x0000000003F21000-memory.dmp

Filesize
4KB

Download
memory/4568-32-0x0000000003F30000-0x0000000003F31000-memory.dmp

Filesize
4KB

Download
memory/4568-29-0x0000000003EE0000-0x0000000003EE1000-memory.dmp

Filesize
4KB

Download
memory/4568-28-0x0000000003EF0000-0x0000000003EF1000-memory.dmp

Filesize
4KB

Download
memory/4568-27-0x0000000003EC0000-0x0000000003EC1000-memory.dmp

Filesize
4KB

Download
memory/4568-26-0x0000000003ED0000-0x0000000003ED1000-memory.dmp

Filesize
4KB

Download
memory/4568-25-0x0000000003EA0000-0x0000000003EA1000-memory.dmp

Filesize
4KB

Download
memory/4568-24-0x0000000003EB0000-0x0000000003EB1000-memory.dmp

Filesize
4KB

Download
memory/4568-187-0x0000000006A50000-0x0000000006CAF000-memory.dmp

Filesize
2.4MB

Download
memory/4568-186-0x0000000000400000-0x00000000008A6000-memory.dmp

Filesize
4.6MB

Download
memory/4568-189-0x0000000000400000-0x00000000008A6000-memory.dmp

Filesize
4.6MB

Download