Overview

overview

7

Static

static

7

1d501bb383...44.exe

windows7-x64

7

1d501bb383...44.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 21:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d501bb383ed069f74657f920edb8044.exe

  • Size

    474KB

  • MD5

    1d501bb383ed069f74657f920edb8044

  • SHA1

    6fc4f449db13b8c4faf97fe1d623e9e11f40e29d

  • SHA256

    36c39f878a51e74083e90d2e1d350bb14c8b32f2b6db4af0f164475cc8e1ce73

  • SHA512

    bed342e4d6a179b821b53b6db745991a9ac55248409c5401e8bf0e22f464d77824f62062b20eb9097998812c3c3a31620330eed330d05de79c148bb8ec4a19b6

  • SSDEEP

    12288:Eb1NwuGkcEah4/auHFkrfKOeBhjXsJcLkc1S:EbRpO4/aulKpUrsJIkcs

Score
7/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • AutoIT Executable 21 IoCs

    AutoIT scripts compiled to PE executables.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d501bb383ed069f74657f920edb8044.exe
    "C:\Users\Admin\AppData\Local\Temp\1d501bb383ed069f74657f920edb8044.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4136
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c schtasks /create /sc minute /mo 5 /tn affeUpdates /tr 'C:\Users\Admin\AppData\Local\Microsoft\Windows\1d501bb383ed069f74657f920edb8044.exe'
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1628
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /create /sc minute /mo 5 /tn affeUpdates /tr 'C:\Users\Admin\AppData\Local\Microsoft\Windows\1d501bb383ed069f74657f920edb8044.exe'
        3⤵
        • Creates scheduled task(s)
        PID:3720
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\1d501bb383ed069f74657f920edb8044.exe
      C:\Users\Admin\AppData\Local\Microsoft\Windows\1d501bb383ed069f74657f920edb8044.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:4140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\1d501bb383ed069f74657f920edb8044.exe
    Filesize

    210KB

    MD5

    bd3fa7eacd32e2d611398f0d518e9d7d

    SHA1

    14fa8a57926523806225d2bc5b2e81187d0e1166

    SHA256

    01e7cfdf7169a462a98425f3c8bed064d9ca862a6aec7e23723c2108186c3a01

    SHA512

    1ad395ac087a103aa9ce49add0c44ec724ebfbbdd0b22c150c878108fd4899221cc45af0c7b26197a1f5eebf5ac3b1f4adfa1b049e8c848ca76662f33d1b952e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\1d501bb383ed069f74657f920edb8044.exe
    Filesize

    474KB

    MD5

    1d501bb383ed069f74657f920edb8044

    SHA1

    6fc4f449db13b8c4faf97fe1d623e9e11f40e29d

    SHA256

    36c39f878a51e74083e90d2e1d350bb14c8b32f2b6db4af0f164475cc8e1ce73

    SHA512

    bed342e4d6a179b821b53b6db745991a9ac55248409c5401e8bf0e22f464d77824f62062b20eb9097998812c3c3a31620330eed330d05de79c148bb8ec4a19b6

    Download Submit

  • memory/4136-6-0x0000000000270000-0x0000000000369000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4136-2-0x0000000000270000-0x0000000000369000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4136-4-0x0000000000270000-0x0000000000369000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4136-5-0x0000000000270000-0x0000000000369000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4136-0-0x0000000000270000-0x0000000000369000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4136-3-0x0000000000270000-0x0000000000369000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4136-11-0x0000000000270000-0x0000000000369000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4136-1-0x0000000000270000-0x0000000000369000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4140-16-0x00000000009B0000-0x0000000000AA9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4140-20-0x00000000009B0000-0x0000000000AA9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4140-14-0x00000000009B0000-0x0000000000AA9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4140-13-0x00000000009B0000-0x0000000000AA9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4140-12-0x00000000009B0000-0x0000000000AA9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4140-18-0x00000000009B0000-0x0000000000AA9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4140-19-0x00000000009B0000-0x0000000000AA9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4140-17-0x00000000009B0000-0x0000000000AA9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4140-21-0x00000000009B0000-0x0000000000AA9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4140-22-0x00000000009B0000-0x0000000000AA9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4140-23-0x00000000009B0000-0x0000000000AA9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4140-24-0x00000000009B0000-0x0000000000AA9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4140-25-0x00000000009B0000-0x0000000000AA9000-memory.dmp

    Filesize

    996KB

    Download

  • memory/4140-26-0x00000000009B0000-0x0000000000AA9000-memory.dmp

    Filesize

    996KB

    Download