60d99a108f5c55c4d7ac9249dbab33a033d1e5147a40c4f8060e093264742f80 | Triage

Submit
Reports

Overview

overview

Static

static

7

2571390ec2...ad.exe

windows7-x64

2571390ec2...ad.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

2571390ec24b267838808706fd0e18ad
Size

1005KB
Sample

231231-df8a2scfbm
MD5

2571390ec24b267838808706fd0e18ad
SHA1

ff11dfec2886e6068149a35373697f6141e6c506
SHA256

60d99a108f5c55c4d7ac9249dbab33a033d1e5147a40c4f8060e093264742f80
SHA512

e8640210bfa1e02506480b5d67820c1745d2cb038d2783a6988b22a7e83d57ad9f6500e051e1140fc1dd117749ff49ffb2af5cacebfb8a5ad76b06d29f2ecda3
SSDEEP

6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRAjZGrWmsu4lnEqR6BD9:5MMpXKb0hNGh1kG0HWnALbkih

Score

10^/10

aspackv2 persistence ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2571390ec24b267838808706fd0e18ad.exe

Resource

win7-20231215-en

aspackv2 persistence ransomware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2571390ec24b267838808706fd0e18ad.exe

Resource

win10v2004-20231215-en

aspackv2 persistence ransomware

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2571390ec24b267838808706fd0e18ad
- Size
  
  1005KB
- MD5
  
  2571390ec24b267838808706fd0e18ad
- SHA1
  
  ff11dfec2886e6068149a35373697f6141e6c506
- SHA256
  
  60d99a108f5c55c4d7ac9249dbab33a033d1e5147a40c4f8060e093264742f80
- SHA512
  
  e8640210bfa1e02506480b5d67820c1745d2cb038d2783a6988b22a7e83d57ad9f6500e051e1140fc1dd117749ff49ffb2af5cacebfb8a5ad76b06d29f2ecda3
- SSDEEP
  
  6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRAjZGrWmsu4lnEqR6BD9:5MMpXKb0hNGh1kG0HWnALbkih
Score

10^/10

aspackv2 persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Renames multiple (91) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2persistenceransomware

behavioral2

aspackv2persistenceransomware

© 2018-2025

Terms | Privacy