bcfb667a2c45940ad4674f23e10f3fcf5af3708ff78b64d180cf6d8e1f512ef2 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

36ee0e6caf...ba.exe

windows7-x64

36ee0e6caf...ba.exe

windows10-2004-x64

Sharing

General

Target

36ee0e6caffac0e32220a3f949a8caba.exe
Size

921KB
Sample

240110-x9c7jsehgm
MD5

36ee0e6caffac0e32220a3f949a8caba
SHA1

5947cd25fe9fad2e94d67ed0a4bc2e08914b9ae0
SHA256

bcfb667a2c45940ad4674f23e10f3fcf5af3708ff78b64d180cf6d8e1f512ef2
SHA512

b7c763b6fe82eef18d408d16c9bb03c488929b6756ab97682f980eec684fabcb821fb75cd5dba253764185c1b7bfd02c969b900f86ab60cf8dc1d73582af69f3
SSDEEP

6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRGDWd4oTqW+lowK42euE:5MMpXKb0hNGh1kG0HWnALbp4os31BKDY

Score

10^/10

aspackv2 persistence ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

36ee0e6caffac0e32220a3f949a8caba.exe

Resource

win7-20231215-en

aspackv2 persistence ransomware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

36ee0e6caffac0e32220a3f949a8caba.exe

Resource

win10v2004-20231215-en

aspackv2 persistence

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  36ee0e6caffac0e32220a3f949a8caba.exe
- Size
  
  921KB
- MD5
  
  36ee0e6caffac0e32220a3f949a8caba
- SHA1
  
  5947cd25fe9fad2e94d67ed0a4bc2e08914b9ae0
- SHA256
  
  bcfb667a2c45940ad4674f23e10f3fcf5af3708ff78b64d180cf6d8e1f512ef2
- SHA512
  
  b7c763b6fe82eef18d408d16c9bb03c488929b6756ab97682f980eec684fabcb821fb75cd5dba253764185c1b7bfd02c969b900f86ab60cf8dc1d73582af69f3
- SSDEEP
  
  6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRGDWd4oTqW+lowK42euE:5MMpXKb0hNGh1kG0HWnALbp4os31BKDY
Score

10^/10

aspackv2 persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Renames multiple (91) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2persistenceransomware

behavioral2

aspackv2persistence

© 2018-2025

Terms | Privacy