Overview

overview

10

Static

static

7

756bab043d...ad.exe

windows7-x64

10

756bab043d...ad.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/01/2024, 20:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    756bab043d61134b32672f731922b9ad.exe

  • Size

    5.9MB

  • MD5

    756bab043d61134b32672f731922b9ad

  • SHA1

    cd259f4a8e1ff1d0713b03bf6a36044eb94d0e4d

  • SHA256

    7818e559bd7eb1a59e44bae2781519ee345c4213a96eb4fd587f6c31aaa0f58c

  • SHA512

    8984e42b966a057898ce641d892b8fa599efae68fa1f50cf134e2e8dae6eebfe3087b6c5805ab5f5057f3e70a02304fa22548f3f5a6d172ae038a94b87b77d14

  • SSDEEP

    24576:ZMMpXS0hN0V0HZSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0Nf:Kwi0L0qk

Score
10/10
aspackv2persistenceransomware

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Renames multiple (91) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • ASPack v2.12-2.42 7 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\756bab043d61134b32672f731922b9ad.exe
    "C:\Users\Admin\AppData\Local\Temp\756bab043d61134b32672f731922b9ad.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      PID:2144

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3818056530-936619650-3554021955-1000\desktop.ini.exe
          Filesize

          1.7MB

          MD5

          6a71c7c9aae8a4d111b014697ab699d3

          SHA1

          f2ac96dc726bd5b1fb9aab5683f5e70bc0d72e41

          SHA256

          f9831837c9d16617d32669d394b0bb87f2b431ded6104658a5e12c952ec1ff04

          SHA512

          222efd0983544031ac24e953162976116741dec53e1f0da55bb827c53973fc10c25c8bdeca4ccf0e55f1098da8b070cded61421b61d3818cf6db54ee8f16a343

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
          Filesize

          1KB

          MD5

          3519f0563b26b33e610ba18281622789

          SHA1

          004a2b4f4c014ca9d75f95d0690d9f6c25abb9aa

          SHA256

          98238dcf66967ccc0ce81ae865e32145ea19511879e0a05ec1b0c6c51df98a9b

          SHA512

          9bacfbe4f9443b66123097dea74c8f891ea243bd2b547e93a32cc6eb4e69ce72e5d259aec0a639dab3649f92ed670d0931f6bcac56f1763473a029bbc4a55a2b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
          Filesize

          950B

          MD5

          bc85055336665e4a538e071c81a20e2a

          SHA1

          a1158a0a5c3d0a97795c3ede7b2b576b8ac1e924

          SHA256

          f4c25112c7daf9b5fb1429a48584e113b80f2b818a6730cf154e015901c005e9

          SHA512

          e0f5202a878cbba3112cdae0bcf8b25fe22a2e2a92ba9ad4798faabe8390d91ea71ff7001ce162f2d5801022819d55566086097ee95d44201788fc384c3d4374

          Download Submit

        • C:\Windows\SysWOW64\HelpMe.exe
          Filesize

          636KB

          MD5

          42f26ed376f4e7894330e59d77dc5af1

          SHA1

          a7ce6afc8ef1b2406ad7936cd6a24a3a574f29a0

          SHA256

          6087fca4e2056141f9739d1ce66d4b326f40cc34cc26bb73af3364baccf231cd

          SHA512

          941541a32aaa1792d194ae9961b1bc518e8850e4462b45b67101ff1be6923c925f3e2373e3eed063a551533cead94e7675e941a16e9ac1759488e6eb3d4ece6c

          Download Submit

        • C:\Windows\SysWOW64\HelpMe.exe
          Filesize

          567KB

          MD5

          2fa9fe1ef28eb0fb3ec393360780324a

          SHA1

          fc4762440762130bdcc7fdb1e602c9115e96c65a

          SHA256

          20fe9585600f53600da6ed8c7be36522e8e97d9dd5b14f5a3ec94744344dead4

          SHA512

          a4b643b3695fa5a0a4d3311c532c8772f95580b1a00457ecb91d07bcef19cc4a3db9c9b1d349dc625c6d490d3571ba5158229610a2789fbc4bb9b52d5769f63e

          Download Submit

        • C:\Windows\SysWOW64\HelpMe.exe
          Filesize

          1.0MB

          MD5

          7c5050979402512dfb9b221b5784cba8

          SHA1

          a7270f67bf4c0aefc52c18e61b19b6ab3803f3b5

          SHA256

          ff45805fea350a65f5294af85d5094aff996fa7f690b24fd36ec1b3c802ef4f7

          SHA512

          68f8a567e00bf4e3b619e9099e2afa356767eb1c1a4ace031fa150a00a77e5075754b8c823ead0d376234042ae656f8f96156502ab07c587f8ae558bbba6fce8

          Download Submit

        • F:\AUTORUN.INF
          Filesize

          145B

          MD5

          ca13857b2fd3895a39f09d9dde3cca97

          SHA1

          8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

          SHA256

          cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

          SHA512

          55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

          Download Submit

        • F:\AutoRun.exe
          Filesize

          1.6MB

          MD5

          e9f694ef9ab552b4d2751ffb287263f7

          SHA1

          2b76a611d30cf2009842f7ff60f62faede7b501a

          SHA256

          0647f8983b53291b502d5e73347768e7178cd6ebf5dcf43211f58a0b4c23d5d2

          SHA512

          56f907a0a373d557a36c60338920d79d26f5a7b70e174ad5855ff5f79199b9d492840d2e204be77bf71ac6da6ad2dbf3c6311a698e91176d15b301a8d6540c98

          Download Submit

        • \Windows\SysWOW64\HelpMe.exe
          Filesize

          1.7MB

          MD5

          e4fa1e6b63a13629d5a857ead5a8130a

          SHA1

          69b3c042eced1ad70bbd3f5f87f9156b50dad80a

          SHA256

          34211fac055018f7ab22f4496aff391ad2537b86154ef4d540eaf53ec7b4ea66

          SHA512

          a3eece92396e9a70d484aa40c488f48ca4e733c287de1f0672fc418d9f2eb284e68c04e6b996138432228821aefebd39909ee3407495e51542564e21d66ef5f8

          Download Submit

        • \Windows\SysWOW64\HelpMe.exe
          Filesize

          957KB

          MD5

          ef72f3821a26a31d33a44a7d93a0634d

          SHA1

          5b6fc3575cb1958a20396084fcd707243ca5b45c

          SHA256

          fe3334a3d6be292911d73d74cbbaa095fac664eaa043ad1af20364ff8d749a26

          SHA512

          6e034fddeced0ce01b3bb67bf8e5a0d3395aa17bae01926e0142c8dbffcbdb4aeaf3f554fa102f0c5b0cdc5121b63ba640a171c8c9403c91fbab02166ca32c67

          Download Submit

        • memory/2144-261-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2144-329-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2144-361-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2144-229-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2144-351-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2144-239-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2144-341-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2144-249-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2144-10-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2144-321-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2144-311-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2144-271-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2144-301-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2144-281-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2144-291-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/3028-320-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/3028-340-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/3028-280-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/3028-310-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/3028-270-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/3028-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3028-300-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/3028-328-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/3028-290-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/3028-248-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/3028-256-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/3028-238-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/3028-350-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/3028-228-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/3028-360-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download