cc18e7fbd8e51a693f5ad58ecf066e0b5a070714b0bba1999fb71f10faa99699

Analysis

max time kernel
147s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 23:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

54d924192efc072a662385ae959afaf6.exe
Size

700KB
MD5

54d924192efc072a662385ae959afaf6
SHA1

b27a02224b812f3086646950da0dbb18de2f8b25
SHA256

cc18e7fbd8e51a693f5ad58ecf066e0b5a070714b0bba1999fb71f10faa99699
SHA512

9187021c613b3a142e1aceea2741143605cddebb03a61a85c5c29bc518ab442ba2d0734e8946a86da261cb7a3c18f2e16a3de594bcef2ff9a1e702c61b5eb122
SSDEEP

12288:rtTYvl04iCM8NP3jOxZ3oHY4lF3Z4mxxkOceHA2QVCkh:ryvl0tCM8NP3SxZ3oHVQmXuey42

Score

8^/10

aspackv2

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\beep.sys	54d924192efc072a662385ae959afaf6.exe

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x00080000000231ea-14.dat	aspack_v212_v242

Loads dropped DLL 1 IoCs

pid	Process
2600	54d924192efc072a662385ae959afaf6.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\NetNtEx.dll	54d924192efc072a662385ae959afaf6.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	2600	54d924192efc072a662385ae959afaf6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 2624	2600	54d924192efc072a662385ae959afaf6.exe	18
PID 2600 wrote to memory of 2624	2600	54d924192efc072a662385ae959afaf6.exe	18
PID 2600 wrote to memory of 2624	2600	54d924192efc072a662385ae959afaf6.exe	18

C:\Users\Admin\AppData\Local\Temp\54d924192efc072a662385ae959afaf6.exe
"C:\Users\Admin\AppData\Local\Temp\54d924192efc072a662385ae959afaf6.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\54D924~1.EXE > nul
  2⤵
  PID:2624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\NetNtEx.dll

Filesize
70KB

MD5
add4841e688c1e99e8d4a942fa948de7

SHA1
bdd725773b4e21c14364bbc597c7cea9477e91c1

SHA256
eb27db167c08f09005ed0158f439d94bcd9d854fc290a2a9d38a8eaca8bbd065

SHA512
64d0674116ae9dd2d1742e79fd3ab7335e62496619d9fdeba50110b87ee5822b7dd02c815017e51f0bb8bc02b09d4224bb93ae65fbac8cfd3ba6956a92e08d52

Download Submit
memory/2600-28-0x0000000003890000-0x0000000003891000-memory.dmp

Filesize
4KB

Download
memory/2600-0-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/2600-25-0x0000000010000000-0x000000001006A000-memory.dmp

Filesize
424KB

Download
memory/2600-40-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/2600-39-0x0000000004B80000-0x0000000004B81000-memory.dmp

Filesize
4KB

Download
memory/2600-42-0x0000000002260000-0x00000000022B4000-memory.dmp

Filesize
336KB

Download
memory/2600-41-0x0000000004B80000-0x0000000004B81000-memory.dmp

Filesize
4KB

Download
memory/2600-38-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/2600-37-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/2600-36-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/2600-35-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/2600-34-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/2600-33-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/2600-32-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/2600-31-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/2600-30-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/2600-5-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/2600-29-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/2600-26-0x0000000003A00000-0x0000000003A54000-memory.dmp

Filesize
336KB

Download
memory/2600-24-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2600-22-0x0000000003500000-0x0000000003501000-memory.dmp

Filesize
4KB

Download
memory/2600-21-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/2600-20-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/2600-19-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/2600-18-0x0000000003470000-0x0000000003472000-memory.dmp

Filesize
8KB

Download
memory/2600-17-0x0000000003480000-0x0000000003481000-memory.dmp

Filesize
4KB

Download
memory/2600-15-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2600-2-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/2600-11-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/2600-9-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2600-7-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2600-6-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/2600-4-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/2600-3-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2600-1-0x0000000002260000-0x00000000022B4000-memory.dmp

Filesize
336KB

Download