Overview

overview

7

Static

static

7

a3580c1e63...55.exe

windows7-x64

7

a3580c1e63...55.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/02/2024, 08:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a3580c1e63fb79c7587a315fdce70955.exe

  • Size

    174KB

  • MD5

    a3580c1e63fb79c7587a315fdce70955

  • SHA1

    bc1d8412bb6e5d2bc20bee65096835018ed48783

  • SHA256

    0472d7d06662426a7e6442a8e587062fb3743315faaaa06d91c147fa46657ec2

  • SHA512

    64d0711883c92b4d3f2ecbd3092ce16bc0a9971219f889a29c5a80f4622569507bdba5a24f742e32d2d5b230f9b55cfb79adfe634adc8c14305beedfd5afb7b5

  • SSDEEP

    3072:cMmqRE8sJyJ59y1zEXPAF2tzdsXqakGS8r9iDN47efl2szay5o9tfYy:sJuK1IPAMdsXlku9iB47u2ia/r

Score
7/10
aspackv2persistence

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1232
      • C:\Users\Admin\AppData\Local\Temp\a3580c1e63fb79c7587a315fdce70955.exe
        "C:\Users\Admin\AppData\Local\Temp\a3580c1e63fb79c7587a315fdce70955.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2912

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • \Users\Admin\AppData\Local\Temp\apiqq0.dll
            Filesize

            110KB

            MD5

            05efac057d81673c40025d79b524b3cb

            SHA1

            9c2800e2f116ae0d2769987d0064bd1810601000

            SHA256

            0d6cef04df3b24c4c06fe8971ae3221051345c1272fdfd37c82783032c517902

            SHA512

            536e8e373517f49e8faed3821eef7b2a1dca22343d326c77ba337f6d25c201200f0db9c14a5b5198fa5da901a86b0cca3309c594a102514c79bac2cba31d5417

            Download Submit

          • memory/1232-6-0x0000000002A50000-0x0000000002A51000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2912-0-0x0000000000400000-0x000000000049E000-memory.dmp

            Filesize

            632KB

            Download

          • memory/2912-4-0x0000000000400000-0x000000000049E000-memory.dmp

            Filesize

            632KB

            Download

          • memory/2912-9-0x0000000010000000-0x0000000010087000-memory.dmp

            Filesize

            540KB

            Download

          • memory/2912-11-0x0000000010000000-0x0000000010087000-memory.dmp

            Filesize

            540KB

            Download

          • memory/2912-12-0x0000000010000000-0x0000000010087000-memory.dmp

            Filesize

            540KB

            Download