3e754ac2a8c73c26b699a70e80a014e319e6478a725078e0e820399b6b8d492b | Triage

Submit
Reports

Overview

overview

Static

static

7

2ac7a5731e...4d.exe

windows7-x64

2ac7a5731e...4d.exe

windows10-2004-x64

Sharing

General

Target

2ac7a5731e80be73960279d7f1f19a4d
Size

3.3MB
Sample

231231-glspbscae9
MD5

2ac7a5731e80be73960279d7f1f19a4d
SHA1

dc01b5ff794472aa9d684c7bba6e0a69e20e71a3
SHA256

3e754ac2a8c73c26b699a70e80a014e319e6478a725078e0e820399b6b8d492b
SHA512

022d31c08881c74f5a782b6e1af8cb8607e3fbaf7daedd5d4936119431914c65695a627bd79719c927e849dd15354d81ac189f16266950c5b37dd25f13bf2eaf
SSDEEP

49152:Kwi0L0q8bUB8NIMI8Sfpwotkzaxc1OGz8/:Vi0yhIMzKpXOMGQ/

Score

10^/10

aspackv2 persistence ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2ac7a5731e80be73960279d7f1f19a4d.exe

Resource

win7-20231215-en

aspackv2 persistence ransomware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2ac7a5731e80be73960279d7f1f19a4d.exe

Resource

win10v2004-20231215-en

aspackv2 persistence ransomware

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2ac7a5731e80be73960279d7f1f19a4d
- Size
  
  3.3MB
- MD5
  
  2ac7a5731e80be73960279d7f1f19a4d
- SHA1
  
  dc01b5ff794472aa9d684c7bba6e0a69e20e71a3
- SHA256
  
  3e754ac2a8c73c26b699a70e80a014e319e6478a725078e0e820399b6b8d492b
- SHA512
  
  022d31c08881c74f5a782b6e1af8cb8607e3fbaf7daedd5d4936119431914c65695a627bd79719c927e849dd15354d81ac189f16266950c5b37dd25f13bf2eaf
- SSDEEP
  
  49152:Kwi0L0q8bUB8NIMI8Sfpwotkzaxc1OGz8/:Vi0yhIMzKpXOMGQ/
Score

10^/10

aspackv2 persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Renames multiple (91) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2persistenceransomware

behavioral2

aspackv2persistenceransomware

© 2018-2025

Terms | Privacy