0f188958848c75dc31fe6baf03bce4430cd48331046519df20ed14fd6341b039

Analysis

max time kernel
46s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 20:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4c5f86160bcce6e8c2c44700d0147e75.exe
Size

60KB
MD5

4c5f86160bcce6e8c2c44700d0147e75
SHA1

2ff3ef74efdec954fdd32bb0adff96a76966226a
SHA256

0f188958848c75dc31fe6baf03bce4430cd48331046519df20ed14fd6341b039
SHA512

a093ed1e1698d7822308cb27bba0edd4194d222d16db833720dfe42e3b7f9b7425f2df7e560ec8b0cef4ab719464da7c27b8232001eb1730f17370c920ec3748
SSDEEP

768:g5NInO/1B3z5jKIpI/GWwv6wKOM5/XYSRa27rioj5HHJNYX8kIfXcaFJKOy:kNr4Iqnwy5XYSRakRJSX83vph

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3068	aspi86041.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3068-33-0x0000000000400000-0x0000000000459000-memory.dmp	upx
behavioral1/files/0x0006000000016111-8.dat	upx
behavioral1/memory/3068-45-0x0000000000400000-0x0000000000459000-memory.dmp	upx
behavioral1/memory/3068-47-0x0000000000400000-0x0000000000459000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\aspi86041.exe	4c5f86160bcce6e8c2c44700d0147e75.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Sft	aspi86041.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Sft\ = "{8B51F79B-3177-4E34-B490-982E818192CF}"	aspi86041.exe

C:\Users\Admin\AppData\Local\Temp\4c5f86160bcce6e8c2c44700d0147e75.exe
"C:\Users\Admin\AppData\Local\Temp\4c5f86160bcce6e8c2c44700d0147e75.exe"
1⤵
- Drops file in System32 directory
PID:2164
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\_check32.bat" "
  2⤵
  PID:2592

C:\Windows\SysWOW64\aspi86041.exe
C:\Windows\SysWOW64\aspi86041.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_check32.bat

Filesize
182B

MD5
325d0316928f1169d4d188e5b7c433b4

SHA1
4a4d9399f6894c948fdc6e8a0aec3e86eccbecc0

SHA256
8e373e331a232c7206d6c5b393a1b34caf79ae4ed7fb6b47336ae71fadbe77dd

SHA512
124298029d036ceb8a11799589b6e911d457d64a400b18bda61272bba9c0de4fd871d987e0fa4b19e7e21698a5e812e89385e840134cecd4a9dac3df02e6df90

Download Submit
C:\Users\Admin\AppData\Local\Temp\~BEB2.tmp

Filesize
11B

MD5
33e0b4b5cf231d55eb1e9feb918682d6

SHA1
9fd6598c1f70b0a23856251b7ac0f09c1766becf

SHA256
b3c9e0d5b6789d255ffe0787468465bf7dcc2eed9b40c99a034809fed345f56b

SHA512
736302c885a1724ef5c3ba1ce2661cccae26d702fa40498f77875c0ccc99c030d89e0661aedf5c4c5469925ea6fc4ad3c74f10855065e1722f61bdc216238157

Download Submit
C:\Windows\SysWOW64\aspi86041.exe

Filesize
14KB

MD5
f439175beb3591a0568a710534df8738

SHA1
918ba74a5de3ddeea2033fd768b3689db621eef5

SHA256
44254166cc3d324821e604be820b317e7b6c336f316c51e2da42e735dff75310

SHA512
0af09df696b9913d76415258aaeb5b022d01526c07388596cc0270feb7901116b24366cc55e61d8189ab5601f7a85952f68d69a0958cb34701482adf6959a917

Download Submit
C:\Windows\SysWOW64\ws386.ini

Filesize
46B

MD5
02fa00c833a6b8902124480cede9dbaa

SHA1
44eb096f759399a08aa0b0fa7033bde2f3fc67b3

SHA256
97737f33e7fa5249fe23ad466958ea59eaacdba7ff4f7e7d97f0360d1f59e68e

SHA512
38040659b34b7c515033d6b9f80cf8110769968e670450fbdf860424df4c883175055ec638b4c00ee41be2cbaababa8d2dd4882f1f2bf6eb9345a6f34b0ca079

Download Submit
memory/3068-33-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3068-45-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3068-47-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download