Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

8d4c8ff1e3...41.exe

windows7-x64

10

8d4c8ff1e3...41.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/02/2024, 20:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d4c8ff1e3c0929b81020073df656a41.exe

  • Size

    7.2MB

  • MD5

    8d4c8ff1e3c0929b81020073df656a41

  • SHA1

    8b15ade3540f648999e13378c96ed5e42c8ac681

  • SHA256

    4f24c1311642003c237780de49f39f46ceb450411490335a8048c36b9198053c

  • SHA512

    a9d913b6cbd6badb836d1cc93342c72401b88a57afbda24f1862fd28153bf99276cd3517c441d2792ce332b8a50be2178986d0dc3f122834bd2be931f413dc8a

  • SSDEEP

    49152:Kwi0L0q+wi0L0qRKqFYhrRB8NIMI8Sfpwotkzaxc1OGz84:Vi0fi0H/IMzKpXOMGQ4

Score
10/10
aspackv2persistenceransomware

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Renames multiple (2560) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • ASPack v2.12-2.42 5 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d4c8ff1e3c0929b81020073df656a41.exe
    "C:\Users\Admin\AppData\Local\Temp\8d4c8ff1e3c0929b81020073df656a41.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1840
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      PID:1060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3803511929-1339359695-2191195476-1000\desktop.ini.exe
    Filesize

    7.2MB

    MD5

    0ba705506c21e85561681f22962e6217

    SHA1

    f1d6a15116ef6592114d2af7ea8b87acf361db54

    SHA256

    3373a2641fd490efde24636ff92206055acd7af510e1c1e09b4fe07820c25ae7

    SHA512

    347e17593d57d5b22e11855d6a43d198ca4205c038632118ba11a6a1399ba6fb47630f1fff40fcbed8f8b172c86ac7973777a6708e277622ba0a8a8e0fcbdadc

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1KB

    MD5

    e5cee32af194d2f8d50bdc297e6fb6ee

    SHA1

    3404106a4b4f930f3e6fdd7d96b2766d348cb5e7

    SHA256

    8a7cbeb60b91390b6f72b2664e102a3ff4357ccdec504253a86caad433e5fc6a

    SHA512

    0786a78b755744e671d96b0210f006ff9aeb95c1d1fd700cc3c994f4a2ce63013d7b117c172c275cddb21223382e180195e2ad15d7ab6ebcb2af09d222d0019b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1023B

    MD5

    eebfdaa97a2775c51476029e10df8aee

    SHA1

    aadbd9b62406f7922c9169552155979db3f904a3

    SHA256

    826550f63d0a8cfc7b362b278b4e2573d13ce2bc75bf5a32630719358a608c07

    SHA512

    6f22d7cd1bb60102b7135dc0de7f79506c9c07c54db4ba65fdd98c725d58e5f494c73e8d2751c789cbd6a11297642f22f73fbcfc699ae71611c0e698485ff80a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1KB

    MD5

    d6e09cb34228588b5fa163f4361fe6cc

    SHA1

    56a809692223f21b55304febfecffd6a3ad519ad

    SHA256

    9a391d9cd2e65e759d49b6c111ec33c81bbed5e0bccbc089add1ae1937ae7a0c

    SHA512

    9fa09d1b55a958cf6fab45d1f3ab43c5ea64281eb192912017937671d12f0dd52a701bc852a6aaec86e9ffedb630ac4c35b6a773dbcb1054ce4f9741faa125cd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1023B

    MD5

    c555ceadb8ed6a22a6e3d335dbecaea4

    SHA1

    bfde86af408d5ba07527b805d9be3dd6ec8984cd

    SHA256

    7ec210f72f41a96b4b3669f15b521753670d735e31ba1392f3ac380a531361c8

    SHA512

    7424709526ded3f80128d585044b4e0b1abc7d73f30a53b7b55fe0e5efe8d950bd650da89b4f7043b9f212ec2fb49d2a6159f507677c2bf4e848daa32224c4f0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1KB

    MD5

    f5fa89c8aaec18ceda6f0468989cd26e

    SHA1

    57d5b8afbb92f9fa050b833b30e7b3a1b14eeed1

    SHA256

    a71cf7817f405248965a0ffc921b9d329e87105fae35e7a9d26f813d0e758984

    SHA512

    51c5b24c64d1236c398d75503e57835092226097e542719cc8fe41776e71d25a29fa9e9f1ca526dca64b5d52f0d46784cfac636c7e86c309fc5f1d758a73c1de

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1023B

    MD5

    63e545f1154bd1749e1db1fd7e8b71a4

    SHA1

    b6e9078b5ed792d6ce8cd33d5076c7edd3bece94

    SHA256

    b33894da428167fdd3b6650608332b642603d43eccc8da37f8038f13c11b1b27

    SHA512

    e3a9a3244ecca0b4144990bcd48cb3b2c6257dbbc1a32fcaf7a04ba68ccf054089c957af106a6366d4909d4dac2b83d8a3b6da09010dceff3f0b17ad62266317

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1KB

    MD5

    6083b290cbaf16fdd4c1613513e58077

    SHA1

    d774e432d9286a3dd4336b9da5081d1dda3b5b70

    SHA256

    62bb89433232fa6aeb0687ddd386b0f19b7a39d0eb1e31d2541ea6a07a17a645

    SHA512

    0f1e44fdfc7584c35345750c64f7b643df34f6eebc49ab663c1b019dd4bc4b5264280dedb6dfb0123cf411c068f7b7f0ce3d906e1a4599f205a39315b7e5f46a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1023B

    MD5

    15cc4f2c23f577761e122726d83339af

    SHA1

    6e5ff2bb0f38dccb0df2bc48ff78779a81510bff

    SHA256

    d5fd1c7a708fe157a83bc0283c58f33afdd908bf68879ff29f70f05fd328a1f8

    SHA512

    5e17ef7db8c8cf6fbc0a74d9bae3994bce8bb75084400d193ae065a816963606f138c2b2f06a5ac9ae13234f57a17c523b22b994359f766a1591b897d1365d9f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1KB

    MD5

    59812584093ad0914e35257042d147de

    SHA1

    331a2a96ad846d8465f7a8420fb173140f3c5c0e

    SHA256

    3995a3abb8a2e08acc0bb522d3c683fcf9dc7d29486cfeaad33231084d5befb5

    SHA512

    c444b695d5c6e5b87853a566bb18bba03f59c607b85001a5f570f3cbb094d6b78d95f8a4b63bf0e63612c024af0430547fdda807343308eeef1cceb3b405c8bf

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1023B

    MD5

    62802075df8b9c03a1a2121e1b02377c

    SHA1

    07add305b05d7435d927747de4f1b427153a290b

    SHA256

    37e56a673ce9b830365ac7f7874a45ac89037135054492721b43de054ae69a5a

    SHA512

    ec738d09436e98bdaa1a8ae81bcdff54b90c3e94eaeafd918a96760acbeb0c867010b30c78b6720fb0bd1412db063696042ef3be05a5e14483bb2c4445b56118

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1023B

    MD5

    9c9d3b7c5c3230a9df1fa795a1f7a779

    SHA1

    fc9e34e94cb62a206a3d5230fcbf3e960c65010b

    SHA256

    17fb00775afc212b529a30b57fd6f2a888fb0d281c395631138d1dd0fb9f4559

    SHA512

    5371abd6113eef858e5ad66e0c593f4ff5b38eb9c1637c2c470f05e5fc8b8901da3346d2ef5617724337baf40ef3322b6094c99941be208b9fcb3a3155361ab8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1KB

    MD5

    a94e917294f0e0deead75bc3b939ade0

    SHA1

    cd8b623cb671903b8e442b992e54f53434459daf

    SHA256

    a1141345feba38ff1ac5ad33468f8c46314902f47f7289ac7dde065858361f2d

    SHA512

    94e6d1cf136a5211075ffaf069f5b79ef4994d7a76f622bad65d19752fa3c8feb3189741b69e22aa2cb371727d3d7f20443dd3dd7a2bd0d5cdb4b98bac6f695f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1023B

    MD5

    a8569553e9cda88a8e12ed2f4d12e830

    SHA1

    8b4a6442727e86af2fea43768dfdc7d5b7a02149

    SHA256

    828bd4a46594c19c8f15f132033a06869b9a398a30267767ef3a649805ec2326

    SHA512

    259d780f4499cea587f65f8001b629cd42fed23af7386b888f057b6fb10bb69e3a4f4a7afd630de706200a32c6de46c0dc2bd7b03adb9ee5a4265df1d1611465

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1KB

    MD5

    7c54fb62bd9c838321ba5006f612df34

    SHA1

    b006f0baebf869fad0565cd54443836f292ce9c3

    SHA256

    292e1fdcf3764861007d59c1d5d5d03aa9681e873553a916502848e9ae56b546

    SHA512

    d0aed3c705d2d08efe3cfa07da870406fc7f0ceba3d3d9a35fa866fdbd9372ece56b3a917536b3839c21e4c0023152b5fdf048dae918651d14122d357cbe2e02

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1023B

    MD5

    267958dafaee54ed1e7ef75f11cc6a16

    SHA1

    261129de1b2aa8321f91fd49f4003e2e3b3a7233

    SHA256

    67bd0f414e96ed5dcbffcd3cc9e868f9406c89031000b09f76493e2cde348e0e

    SHA512

    41542bb5734edb295802856bde3157e612ceec0bfbbc2776166f1d32b12a0eab7ed0529e1866326caba0f5b6ce7f4edb9d11193687f00994784d523c6d7bdd54

    Download Submit

  • C:\Windows\SysWOW64\HelpMe.exe
    Filesize

    4.8MB

    MD5

    a9f01bd2a99aac9363e4ed38cc8515ee

    SHA1

    861624e2ee51844d85c284d66f38ed968e0bf268

    SHA256

    8d92e5363f2486dd73d80be4cc1f72646f4e36f27b4aa459d6adb38478f819a8

    SHA512

    32204956f44ebf3f259aee014faa36ee9a23b1f749442acf74306f12738852ec093e19596a8e2e74730505db62710cd1a0148bba2d52f2d773d174d14e0dbeaa

    Download Submit

  • C:\Windows\SysWOW64\HelpMe.exe
    Filesize

    5.2MB

    MD5

    d2542eb94c97a1b5f211a5566b000246

    SHA1

    21e4be8ea8116bc51222e5194f004b4fb5d7eb1e

    SHA256

    b01e966d3db7a545250fa27e23078aac7d95535185ce47b17d91ab7a6be95f87

    SHA512

    496627b3576ea1f0aa1294135910172f301335f43f0737d08061c5b750b1b56c15e056c62af9706c4ff8ec2a1aa549541c883100433087611a89139247ef3bc5

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-3803511929-1339359695-2191195476-1000\desktop.ini.exe
    Filesize

    7.2MB

    MD5

    8119d257fdafbf88ff89d051494c2b5c

    SHA1

    6c9a5c1991ce45a7516027190698daa2e0d87850

    SHA256

    c4ee3fa15fc4fe6497c494ca26233a088b926d1a639a7b64dfe8b2f394a9de49

    SHA512

    7a3fb5e1526fd497a3a46cc4b65ecba69eaafd8e1900c56b793e315171ab608514abc385f950da5605014f98f9866622f4568981e6127694cc7025241cc14d06

    Download Submit

  • F:\AUTORUN.INF
    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

    Download Submit

  • F:\AutoRun.exe
    Filesize

    7.2MB

    MD5

    8d4c8ff1e3c0929b81020073df656a41

    SHA1

    8b15ade3540f648999e13378c96ed5e42c8ac681

    SHA256

    4f24c1311642003c237780de49f39f46ceb450411490335a8048c36b9198053c

    SHA512

    a9d913b6cbd6badb836d1cc93342c72401b88a57afbda24f1862fd28153bf99276cd3517c441d2792ce332b8a50be2178986d0dc3f122834bd2be931f413dc8a

    Download Submit

  • memory/1060-5749-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1060-5745-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1060-3986-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1060-5759-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1060-5757-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1060-3010-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1060-5755-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1060-5753-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1060-5728-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1060-1092-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1060-5751-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1060-5739-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1060-5747-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1060-5743-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1060-5-0x00000000022E0000-0x00000000022E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1840-5738-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1840-2539-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1840-5742-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1840-5748-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1840-1077-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1840-5750-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1840-5746-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1840-5723-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1840-5744-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1840-5754-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1840-5752-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1840-5756-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1840-0-0x0000000002210000-0x0000000002211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1840-5758-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download

  • memory/1840-3969-0x0000000000400000-0x0000000000478000-memory.dmp

    Filesize

    480KB

    Download