56bd97e08ca622ba61bc27272653f47427c327781d682435d1d2c68279564289

Analysis

max time kernel
138s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/02/2024, 07:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aseprite.Build.9903855.rar
Size

7.0MB
MD5

cc5fb104fba507aad296a38fd304c531
SHA1

b6782fa85074bdd51ae9abf1b51f4fe46e26d376
SHA256

56bd97e08ca622ba61bc27272653f47427c327781d682435d1d2c68279564289
SHA512

84a3ce3bdcb189d25d3ce3925e707aa3308dbb50cdceaf5a5757532b00ed99f1c87edeb5ceac439dcfb6e76d684aeb4803c6be88c21a35175eede34acd8c7983
SSDEEP

196608:2LxGTrXtqwdCzQ/CRoP/sNC+eMeRK84eTUV5:kx6D0sCRoMyMeRKMTUV5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2436	Aseprite.exe

Loads dropped DLL 1 IoCs

pid	Process
2648	7zFM.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2648	7zFM.exe
2648	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2648	7zFM.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	2648	7zFM.exe
Token: 35	2648	7zFM.exe
Token: SeSecurityPrivilege	2648	7zFM.exe
Token: SeSecurityPrivilege	2648	7zFM.exe
Token: SeSecurityPrivilege	2648	7zFM.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2648	7zFM.exe
2648	7zFM.exe
2648	7zFM.exe
2648	7zFM.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2648	2164	cmd.exe	29
PID 2164 wrote to memory of 2648	2164	cmd.exe	29
PID 2164 wrote to memory of 2648	2164	cmd.exe	29
PID 2648 wrote to memory of 2628	2648	7zFM.exe	32
PID 2648 wrote to memory of 2628	2648	7zFM.exe	32
PID 2648 wrote to memory of 2628	2648	7zFM.exe	32
PID 2648 wrote to memory of 2436	2648	7zFM.exe	33
PID 2648 wrote to memory of 2436	2648	7zFM.exe	33
PID 2648 wrote to memory of 2436	2648	7zFM.exe	33

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Aseprite.Build.9903855.rar
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Aseprite.Build.9903855.rar"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO85AF32F7\_INSTALL TUTORIAL.txt
    3⤵
    PID:2628
- - C:\Users\Admin\AppData\Local\Temp\7zO85ABF478\Aseprite.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO85ABF478\Aseprite.exe"
    3⤵
    - Executes dropped EXE
    PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zO85ABF478\Aseprite.exe

Filesize
932KB

MD5
e5e636c044d09fe93e306f773a59880e

SHA1
1a5e76cc9ed1ae28579f380686983793941cac89

SHA256
20bb38c588d8c0d62e41813d724dec12ce237ef7eab1b712526e97c0859318d6

SHA512
d337e76edeef926caeace33121da786cb9de09ea8431ac79a70936c2b2d5fc2ba72c61a5cf63a8cd77564db4904b5be0f0bbf3b359b33b2708eed5d4cd9fa4f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO85ABF478\Aseprite.exe

Filesize
2.7MB

MD5
6cce8936fb437cbf3572f5c20d4501f4

SHA1
5734b7497d8baba40b839e82a4a4d770ea04e804

SHA256
2b5c1fd68682092463ab43e616fc00b5ec588d10371802109cdf3be378a8c92e

SHA512
75d354ff9d41536a159a5c893cd7d666f9de0def24e2a8a4ab2197c5947548427ff324a320e6a23b64ffb5f12c6156bc71f1e0fd74a7a083f07d44d03ca7bc1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO85AF32F7\_INSTALL TUTORIAL.txt

Filesize
1KB

MD5
b0e0097e436766fb8bc251832414d24d

SHA1
8b018eb5f5d46c854f9c07784f021cf7302f2a3b

SHA256
ac45f3d5b1e728caffdafb6faeca0f22459f6ec2ff2c7449c3fac44d25f62915

SHA512
ab966f3cd0d348a62168c9768b2e9d39bb44690a94dc15034394c9e7c11fc540ac9aa95e26a0b1de1e82077c0aca4a941e536260bfc49e3650655259d2835299

Download Submit
\Users\Admin\AppData\Local\Temp\7zO85ABF478\Aseprite.exe

Filesize
257KB

MD5
9e6594b28d25f9f4e60a1c46cd0ad5bc

SHA1
da9822b296152a7661bc18ae455490266bc6b875

SHA256
ed243ca5c585f98ea56463a6081a86a93011e7467f504e25324b1f8c76628e4b

SHA512
9772554e2f009554ebe5c1f67bb233165399feeaae042d2fa8c8d10fb356b45d27a642f5bad1335f7c39d47fc542b3da21d1f86b9a9f7eab7824fe1f1e1cd368

Download Submit