Overview

overview

10

Static

static

7

3b0a534703...05.exe

windows7-x64

10

3b0a534703...05.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 21:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3b0a5347033eda5eea82c327e55cb705.exe

  • Size

    844KB

  • MD5

    3b0a5347033eda5eea82c327e55cb705

  • SHA1

    293f29e770e9d7f6b55edef4e6a631c29909a026

  • SHA256

    3ba5771e48eb87e3cc85c5011ee606728c4e5f6e837b29be3728e82d30129007

  • SHA512

    89958cd161e2dd167bb9499b7a441799a3a341b8e2d1e54d99c66c815b4e39bc0dcc88333e5fada265c41c0f4a64d785575467726cfdf149cf7d2cb7606e904b

  • SSDEEP

    12288:5MMpXKb0hNGh1kG0HWnALbCKB8NIpYJTCihq82WFpXKEVFA2MC6Nv:5MMpXS0hN0V0H+KB8NIyXbacAff

Score
10/10
aspackv2persistenceransomware

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Renames multiple (91) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • ASPack v2.12-2.42 3 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b0a5347033eda5eea82c327e55cb705.exe
    "C:\Users\Admin\AppData\Local\Temp\3b0a5347033eda5eea82c327e55cb705.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      PID:2436

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1268429524-3929314613-1992311491-1000\desktop.ini.exe
          Filesize

          845KB

          MD5

          f8bef170f101214d54727b3b0f435a0c

          SHA1

          649f9da0fe582d2ef3cfc31ea272282097a378cb

          SHA256

          ff1b06506b27b5e465f76b487d9d5717716bd1faa16bc966bc23a22489a5822f

          SHA512

          605feb13f060582d6bd10f42b8663ad6f24b168dda11d8273a7a284be08cfaaf3fb12f3611fbcf46688aad8c6b19dc1abe83aab8b021ddda47ae53ecaebd6b73

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
          Filesize

          1KB

          MD5

          09d750d4b6c1139bd6be7e99fce52808

          SHA1

          efad45bc53a91a230d9f97eb8970816e5dabcbe5

          SHA256

          247083d3d0d326c7987cad22000d30c049ec4247b3c34545f76cf661f1fc335e

          SHA512

          3f6de0e4e2874bb8d82139e75012ca0e789c59b561755df1a7c4bed987b0a808594f6173eb52ef9c8639367bb74e035513fc8a63c55ba39c81dc4664f005543c

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
          Filesize

          954B

          MD5

          a6dc6e30b31ce6e02c8384a63d97c3e0

          SHA1

          fb0c02ae5cf75fc6e1ace8b5ca3fcd5cb824ff18

          SHA256

          aeeabed9557cff573ace9db4c5fbf97181e58bc375cec1f61ea1248d89acd986

          SHA512

          ae4142f5c2e23aa5757ffe9c63be1d29ae7eacc93361d688f4b7178ad916a3e6174bcf9febcff8d5a8ef6f1a381fcbcb02403e077906463637394482094c9d6e

          Download Submit

        • F:\AUTORUN.INF
          Filesize

          145B

          MD5

          ca13857b2fd3895a39f09d9dde3cca97

          SHA1

          8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

          SHA256

          cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

          SHA512

          55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

          Download Submit

        • F:\AutoRun.exe
          Filesize

          844KB

          MD5

          3b0a5347033eda5eea82c327e55cb705

          SHA1

          293f29e770e9d7f6b55edef4e6a631c29909a026

          SHA256

          3ba5771e48eb87e3cc85c5011ee606728c4e5f6e837b29be3728e82d30129007

          SHA512

          89958cd161e2dd167bb9499b7a441799a3a341b8e2d1e54d99c66c815b4e39bc0dcc88333e5fada265c41c0f4a64d785575467726cfdf149cf7d2cb7606e904b

          Download Submit

        • \Windows\SysWOW64\HelpMe.exe
          Filesize

          843KB

          MD5

          b0bd6cf243e7818e4860dd2a9eaa5580

          SHA1

          d24f4ff7c10c63e3becd1e59f07c53b465e9dece

          SHA256

          c4089fa2b21b8604567fbdcc8dbaf2684c4b45f8bdde230c0cad1b8d97ef5b1a

          SHA512

          c7c28520efa9da52f74c5e0a9eb93598d87a6cb512aba2f994ca7d52270e1b1c97529b38a3af5741440019137d781d9907b3ce213e9c485b307bf44d1df1464f

          Download Submit

        • memory/2408-0-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2408-104-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2436-10-0x0000000000300000-0x0000000000301000-memory.dmp

          Filesize

          4KB

          Download