71b8d84aafac418501468bb2895a2e0a84451a55e130f986bff1df12ba6b7897 | Triage

Submit
Reports

Overview

overview

Static

static

7

3767423334...9e.exe

windows7-x64

3767423334...9e.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

37674233341137db0a6e2e058ba1da9e
Size

500KB
Sample

231231-qexjdagbfp
MD5

37674233341137db0a6e2e058ba1da9e
SHA1

0ee187d3fe5950891794de55ca28f3c50fa459d3
SHA256

71b8d84aafac418501468bb2895a2e0a84451a55e130f986bff1df12ba6b7897
SHA512

5998cc04e23df31ce6b171d699f9a6c3e13c6643d4b1748351eb4319acf9cf5a646430e8dffd32052975c01dca686975d1eeee3e1269122852023573d76f0963
SSDEEP

6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRAExJex5gfzDVlVXgaVU:5MMpXKb0hNGh1kG0HWnALbix5GpX/U

Score

10^/10

aspackv2 persistence ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

37674233341137db0a6e2e058ba1da9e.exe

Resource

win7-20231215-en

aspackv2 persistence ransomware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

37674233341137db0a6e2e058ba1da9e.exe

Resource

win10v2004-20231222-en

aspackv2 persistence ransomware

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  37674233341137db0a6e2e058ba1da9e
- Size
  
  500KB
- MD5
  
  37674233341137db0a6e2e058ba1da9e
- SHA1
  
  0ee187d3fe5950891794de55ca28f3c50fa459d3
- SHA256
  
  71b8d84aafac418501468bb2895a2e0a84451a55e130f986bff1df12ba6b7897
- SHA512
  
  5998cc04e23df31ce6b171d699f9a6c3e13c6643d4b1748351eb4319acf9cf5a646430e8dffd32052975c01dca686975d1eeee3e1269122852023573d76f0963
- SSDEEP
  
  6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRAExJex5gfzDVlVXgaVU:5MMpXKb0hNGh1kG0HWnALbix5GpX/U
Score

10^/10

aspackv2 persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Renames multiple (91) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2persistenceransomware

behavioral2

aspackv2persistenceransomware

© 2018-2025

Terms | Privacy