Overview

overview

10

Static

static

7

9620b7482d...22.exe

windows7-x64

10

9620b7482d...22.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2024, 03:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9620b7482d7daea279a6dfb366c1eb22.exe

  • Size

    432KB

  • MD5

    9620b7482d7daea279a6dfb366c1eb22

  • SHA1

    ff62752d12698cc515d39f430754345ceeb0866f

  • SHA256

    1703308ea3e20f425f98440ad85cc737f8ed15fffdd870de6109967d1fba8c71

  • SHA512

    58d754b2a6ca2bdd0ca3ea767173271ab0637d0e407ffd52c2ab1714cecd99575ecaa61dd43c9c8f06b36a5ff8ed991dcae722f7e611de97acc268ca3ea71d0c

  • SSDEEP

    6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRAjZGrWmsu4F:5MMpXKb0hNGh1kG0HWnALbo

Score
10/10
aspackv2persistenceransomware

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Renames multiple (91) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • ASPack v2.12-2.42 9 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 31 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9620b7482d7daea279a6dfb366c1eb22.exe
    "C:\Users\Admin\AppData\Local\Temp\9620b7482d7daea279a6dfb366c1eb22.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      PID:1096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3470981204-343661084-3367201002-1000\desktop.ini.exe
    Filesize

    433KB

    MD5

    21435ba8df1a821cd895a9fa2fb8f7f5

    SHA1

    979748828805984f255a8acac8b783d6b018e4ac

    SHA256

    75f9907ce61302b54fe190903f81b1fb30c8283290d4915e40b31aa8c173db3d

    SHA512

    7f8ed2dd40d609f6e54bc64dfabfee42e35be9795c0dac83e01dc7c3df139933b5dac6af5f5db9fca35374c76a8faadd992027152922d7d19419a3d5db3d5c5b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1KB

    MD5

    685fa83ea6d4fec5a749b94321b6fd9d

    SHA1

    461005a637793362bd5709f6423719be8512a308

    SHA256

    4476f98de5e3e46908682c7ae0db779124631a654ce7293203aab791f2c6bc6e

    SHA512

    d89f32e94e64687a31a88b399d07a9e92598ccecd44ff6350cf833c12cda7b88dca359bd5361b5be0f7f7e0c6b43923a7dc80c8fed30ded712f822cd58ca563e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    950B

    MD5

    c8e6803f368497fbfe5550cb304466c8

    SHA1

    eed869783eb7d32309588f732c5988a645898899

    SHA256

    bdc98e8330b80c53a9f0d20e029a8e40537c3c3bd21f57c8f398ba924d6cfead

    SHA512

    20656b7717abc10feaa26979a787fa035afd278b78923fdbad7845c9be9fe67be26938732c8e73d4fb2c9d4e37b31d1e2b2bfbaac0101695596a8fa4086d1c90

    Download Submit

  • F:\AUTORUN.INF
    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

    Download Submit

  • F:\AutoRun.exe
    Filesize

    425KB

    MD5

    00b23ffa3bc25d95fa242f701831b46a

    SHA1

    e12fbac2fb3b28da0a9f1023cfd161527cd5d3cd

    SHA256

    47edde1233915a9094a6d28240385d65421e58c287d746eb6c2092f430b99636

    SHA512

    dee95e15f98961382a0aaa9529d67a00386e19ac265ba01b6d1d92bb956265b13b315c17b8026f61c9474aae1ae7471c65ac83292ce29bee1bb61037cb4b5915

    Download Submit

  • \Windows\SysWOW64\HelpMe.exe
    Filesize

    432KB

    MD5

    26cad3e27cc340f35739bcce86829751

    SHA1

    3114062cdfc324c79825dcb57ec1c6402b23f29f

    SHA256

    18239a12185c830399268e0c988d48eb0132a9c77292a1a68d61872ab1e14f66

    SHA512

    4a43d3e74fdd5027fd7fea0b6ec7607f0d0b3d5650edb2307e2d4ac55e1adfb0746b2833a84972332eb46bd031f4c125623d64b927027f55b30d3fce7721a24c

    Download Submit

  • \Windows\SysWOW64\HelpMe.exe
    Filesize

    372KB

    MD5

    5f388842dea059aa27f572420e4c98c5

    SHA1

    299cc91b7a373152e688b5afbe54e58d67e41b55

    SHA256

    afb6cb76d18a0491698bbbc3b8148babfdb24b668bb599fc058f277c5228c602

    SHA512

    c0cae7cbc31ebb04f90d5a2f26e39ebc150495ffa9592e16280e88af5eb7d39c00d159f5c64fdd29beb68852f3b7b27ff1abe0ffe5a184961c678b9f94507277

    Download Submit

  • \Windows\SysWOW64\HelpMe.exe
    Filesize

    203KB

    MD5

    9be879f8a66edd3564624fac65cc94c5

    SHA1

    c979ea8b37de30c63c8ed454d424760ede2dffdf

    SHA256

    8dae3c6dcbcb98c2da5ad5113fe45ab5b519197329886adc71b34b415c6d3aa8

    SHA512

    beb68ac0d84a5c1b25385f0d9b5475008e2e4d7ab0a8284754da3646ebeb468ef296f1664d8c24cb18798f33fcd787f0b2a5707eaa99b4684287d18841e3b484

    Download Submit

  • \Windows\SysWOW64\HelpMe.exe
    Filesize

    295KB

    MD5

    b93480402a2f0509b73a0cc300fdc5cc

    SHA1

    892aa07beb4ab25e31b2795b7c6851160c5627bc

    SHA256

    9761bc7b49264c9be0b10f179829d805c17f9ba3f31f229a4883911b85e4c75b

    SHA512

    9d5c5ed451bfee959f0859e3f2a26187e39b27654b64b17561ccadfc62aea47f3c400eca90315683cecf1d649a9831a03437b699b427e45aaa60bcf001616dd7

    Download Submit

  • \Windows\SysWOW64\HelpMe.exe
    Filesize

    79KB

    MD5

    46a0d2240676e7a5c92220aa5a1da7c5

    SHA1

    1326ec586f1ac5f0ac7dcd4d4bf3d3ad63cf8a54

    SHA256

    2bc1db85b42cfb89e8bb114f4ddfe9e41f2c3f4b49b8d0b2cd34fa2080b8e8b4

    SHA512

    f059aeae4d1bf1e70174020aab3ebf3a82f6bffb778e049a2ca760f267ea7a36d7126970c1ec0638e90b0806b158d0f85a8965b6a7a62485724e7c69d7671854

    Download Submit

  • \Windows\SysWOW64\HelpMe.exe
    Filesize

    140KB

    MD5

    760f8566c14b9537807c9655ca5e5581

    SHA1

    1c46b84886a7e2dc50e376069229f4c75bff977d

    SHA256

    61adf4ffd5b1589677d90c12b6522903746fc2ebfdcab35b95e12c12c6719c86

    SHA512

    153882d2b2870ff1da159a9057a82559e64ddf82838e7168af2a467ca93a8348f5d91ca9923ee05ce80fb364babd51cad9cd62f743f6111b7976a0d8bca11ebc

    Download Submit

  • \Windows\SysWOW64\HelpMe.exe
    Filesize

    264KB

    MD5

    f068850fb1f912d5b98dcc3256d94907

    SHA1

    0af54d0331114e1aeb4401ff7db7c13a0b74320d

    SHA256

    338d9bef9b2efcef243c34c7186dd72ba3252827ebe3fe77199a5b124f3a2eaa

    SHA512

    3b07c27ffb6a1be6153169f87c2ed3d7c21ee5ca156391aac8acc411e66954bcbf571e5bd3d8df3e928f7bb1e73b222e3c7afb001109ff36940e14be861e2669

    Download Submit

  • memory/1096-9-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2948-1-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download