6b0cd6f3ca2bb51056e0590bf30bdb4c1af5e54a3a7d86aa165ab31afab11dc2

Analysis

max time kernel
138s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

723e5b55050f9f403b2dbbd366115a98.exe
Size

769KB
MD5

723e5b55050f9f403b2dbbd366115a98
SHA1

843cd48bf715a3c26b92f587364df2d5fb6edec0
SHA256

6b0cd6f3ca2bb51056e0590bf30bdb4c1af5e54a3a7d86aa165ab31afab11dc2
SHA512

2fd33ae9aef6d953382fe9464bdf1d772a0148e64afe4fab858783021f4349c88f4ef0c5c7817fd1640f620f98ccba7419b31402620bb206623acef8a713faec
SSDEEP

24576:zISiEKD7cnA7OFdOTEUms2YQmXVVTzobA:zbiEQHSOT5F2FmF2bA

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x0003000000022775-80.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
4756	Syslem.exe

Loads dropped DLL 2 IoCs

pid	Process
4756	Syslem.exe
4992	svchost.exe

Drops file in System32 directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Syslem.exe	723e5b55050f9f403b2dbbd366115a98.exe
File created	C:\Windows\SysWOW64\Syslem.dll	723e5b55050f9f403b2dbbd366115a98.exe
File opened for modification	C:\Windows\SysWOW64\Syslem.dll	723e5b55050f9f403b2dbbd366115a98.exe
File created	C:\Windows\SysWOW64\Syslem.dat	Syslem.exe
File created	C:\Windows\SysWOW64\Syslem.exe	Syslem.exe
File opened for modification	C:\Windows\SysWOW64\Syslem.exe	Syslem.exe
File opened for modification	C:\Windows\SysWOW64\Syslem.dll	Syslem.exe
File created	C:\Windows\SysWOW64\Syslem.exe	723e5b55050f9f403b2dbbd366115a98.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2512	4992	WerFault.exe	93
1368	4992	WerFault.exe	93

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	388	723e5b55050f9f403b2dbbd366115a98.exe
Token: SeDebugPrivilege	4756	Syslem.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 388 wrote to memory of 2784	388	723e5b55050f9f403b2dbbd366115a98.exe	91
PID 388 wrote to memory of 2784	388	723e5b55050f9f403b2dbbd366115a98.exe	91
PID 388 wrote to memory of 2784	388	723e5b55050f9f403b2dbbd366115a98.exe	91
PID 4756 wrote to memory of 4992	4756	Syslem.exe	93
PID 4756 wrote to memory of 4992	4756	Syslem.exe	93
PID 4756 wrote to memory of 4992	4756	Syslem.exe	93
PID 4756 wrote to memory of 4992	4756	Syslem.exe	93
PID 4756 wrote to memory of 4992	4756	Syslem.exe	93

C:\Users\Admin\AppData\Local\Temp\723e5b55050f9f403b2dbbd366115a98.exe
"C:\Users\Admin\AppData\Local\Temp\723e5b55050f9f403b2dbbd366115a98.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:388
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\723E5B~1.EXE > nul
  2⤵
  PID:2784

C:\Windows\SysWOW64\Syslem.exe
C:\Windows\SysWOW64\Syslem.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  - Loads dropped DLL
  PID:4992
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 504
    3⤵
    - Program crash
    PID:2512
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 516
    3⤵
    - Program crash
    PID:1368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4992 -ip 4992
1⤵
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4992 -ip 4992
1⤵
PID:3496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\15286.dat

Filesize
261B

MD5
a5debe53f83d97bc3f70e93b3cbef2b1

SHA1
ffd0b540e294f0231d69229256ada776590fed18

SHA256
e31debd0dcc96bbb510a8e94cf303566c9ff25effde226afeed7a029387d0c2d

SHA512
98a8e402205239024027249b7bdfdedf83eaea0f3384f29d685433685c06d7f7b266ff4e79ce1c94dee055c93585dc08c8cea2a13f564987828533a804bd8895

Download Submit
C:\Windows\SysWOW64\Syslem.dll

Filesize
400KB

MD5
10ae75dd225b79456424120914ac1cf5

SHA1
c97f3220e3481cb0c94f9e553a4a218257cfa928

SHA256
51868c85d7234f8f52fc7236927ad2e80c1fe400132eaefb3760ecf5a4825109

SHA512
8123bc0f18f3d6e6c2dcfccc652083edf11f506f2eec633ead21abec1f0a58c370e5a10d8a0fec5ce82057761eea1c20ca2097add8d11254cff0811939baa122

Download Submit
C:\Windows\SysWOW64\Syslem.exe

Filesize
769KB

MD5
723e5b55050f9f403b2dbbd366115a98

SHA1
843cd48bf715a3c26b92f587364df2d5fb6edec0

SHA256
6b0cd6f3ca2bb51056e0590bf30bdb4c1af5e54a3a7d86aa165ab31afab11dc2

SHA512
2fd33ae9aef6d953382fe9464bdf1d772a0148e64afe4fab858783021f4349c88f4ef0c5c7817fd1640f620f98ccba7419b31402620bb206623acef8a713faec

Download Submit
memory/388-31-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/388-35-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/388-2-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/388-4-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/388-32-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/388-3-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/388-7-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/388-9-0x00000000034B0000-0x00000000034B1000-memory.dmp

Filesize
4KB

Download
memory/388-10-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/388-8-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/388-6-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/388-11-0x00000000034A0000-0x00000000034A2000-memory.dmp

Filesize
8KB

Download
memory/388-12-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/388-13-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/388-14-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/388-15-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/388-17-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/388-16-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/388-18-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/388-19-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/388-20-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/388-21-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/388-22-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/388-23-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/388-24-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/388-25-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/388-26-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/388-28-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/388-27-0x0000000003490000-0x0000000003496000-memory.dmp

Filesize
24KB

Download
memory/388-29-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/388-30-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/388-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/388-5-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/388-1-0x00000000022A0000-0x00000000022F4000-memory.dmp

Filesize
336KB

Download
memory/388-34-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/388-33-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/388-36-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/388-37-0x0000000003500000-0x0000000003501000-memory.dmp

Filesize
4KB

Download
memory/388-38-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/388-39-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download
memory/388-40-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/388-41-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/388-42-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/388-89-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/388-92-0x00000000022A0000-0x00000000022F4000-memory.dmp

Filesize
336KB

Download
memory/4756-90-0x0000000001020000-0x0000000001021000-memory.dmp

Filesize
4KB

Download
memory/4756-94-0x0000000001020000-0x0000000001021000-memory.dmp

Filesize
4KB

Download
memory/4756-64-0x0000000002020000-0x0000000002021000-memory.dmp

Filesize
4KB

Download
memory/4756-70-0x0000000001150000-0x0000000001151000-memory.dmp

Filesize
4KB

Download
memory/4756-83-0x0000000002060000-0x0000000002061000-memory.dmp

Filesize
4KB

Download
memory/4756-84-0x0000000002000000-0x0000000002006000-memory.dmp

Filesize
24KB

Download
memory/4756-91-0x0000000001020000-0x0000000001021000-memory.dmp

Filesize
4KB

Download
memory/4756-95-0x0000000002070000-0x0000000002071000-memory.dmp

Filesize
4KB

Download
memory/4756-99-0x0000000010000000-0x000000001007D000-memory.dmp

Filesize
500KB

Download
memory/4756-62-0x0000000000E50000-0x0000000000EA4000-memory.dmp

Filesize
336KB

Download
memory/4756-63-0x0000000002020000-0x0000000002021000-memory.dmp

Filesize
4KB

Download
memory/4756-86-0x0000000001020000-0x0000000001021000-memory.dmp

Filesize
4KB

Download
memory/4756-88-0x0000000001020000-0x0000000001021000-memory.dmp

Filesize
4KB

Download
memory/4756-97-0x0000000002040000-0x0000000002041000-memory.dmp

Filesize
4KB

Download
memory/4756-98-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download
memory/4756-96-0x0000000002050000-0x0000000002051000-memory.dmp

Filesize
4KB

Download
memory/4756-100-0x0000000002370000-0x00000000023C4000-memory.dmp

Filesize
336KB

Download
memory/4756-101-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4756-102-0x0000000003500000-0x0000000003503000-memory.dmp

Filesize
12KB

Download
memory/4756-114-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/4756-175-0x0000000010000000-0x000000001007D000-memory.dmp

Filesize
500KB

Download
memory/4756-174-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4992-125-0x0000000000CD0000-0x0000000000CD1000-memory.dmp

Filesize
4KB

Download