Analysis
-
max time kernel
147s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29/02/2024, 07:24
Behavioral task
behavioral1
Sample
HEUR-Trojan.Win32.Agent.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
HEUR-Trojan.Win32.Agent.exe
Resource
win10v2004-20240226-en
General
-
Target
HEUR-Trojan.Win32.Agent.exe
-
Size
205KB
-
MD5
00865701d63e7cfb69ec05f5af2243ae
-
SHA1
f05431c81b908601c48ad6e2582b4cff280e97e2
-
SHA256
c80800ba815c9a0d125222656af33c1028691da1be6988985cbb18dc806660fe
-
SHA512
378a8e69870d8a10d3781acb820592ef11e56eb6e42ef15d087a4fc0261968d56be08564a11700cb79839700af643f6e136e3a5140189ba0811b8f364ed27354
-
SSDEEP
6144:y8LuYnRrkkz2I7qWZIO1EWln3kLGqpXiK:1LuY2Uv7qWL1j6XiK
Malware Config
Signatures
-
Detects executables packed with ASPack 7 IoCs
resource yara_rule behavioral2/memory/2576-0-0x0000000000400000-0x0000000000469000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/memory/2576-1-0x0000000000400000-0x0000000000469000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/memory/2576-2-0x0000000000400000-0x0000000000469000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/files/0x0008000000023231-6.dat INDICATOR_EXE_Packed_ASPack behavioral2/files/0x0008000000023231-7.dat INDICATOR_EXE_Packed_ASPack behavioral2/memory/2036-11-0x0000000000400000-0x0000000000469000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/memory/2036-12-0x0000000000400000-0x0000000000469000-memory.dmp INDICATOR_EXE_Packed_ASPack -
Modifies AppInit DLL entries 2 TTPs
-
resource yara_rule behavioral2/files/0x0008000000023231-6.dat aspack_v212_v242 behavioral2/files/0x0008000000023231-7.dat aspack_v212_v242 -
Executes dropped EXE 1 IoCs
pid Process 2036 cpqnwfa.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\cpqnwfa.exe HEUR-Trojan.Win32.Agent.exe File created C:\PROGRA~3\Mozilla\czsujhg.dll cpqnwfa.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Agent.exe"C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.Agent.exe"1⤵
- Drops file in Program Files directory
PID:2576
-
C:\PROGRA~3\Mozilla\cpqnwfa.exeC:\PROGRA~3\Mozilla\cpqnwfa.exe -lhvfjoj1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2036
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
205KB
MD50ae22d8c518aaa8b89cc0ee4802aaee8
SHA139c9dd4c72c14303c52f4730d30f91025ab04901
SHA256c407394e342047cb3105bd3b8154aaba2038ead42ae7b09831f6f59365fc976a
SHA512a24f87b63fe484367c754a46ada59dabeabf3c2301179de70d116db78bc4ebd174c2619be5b91e72ce3309b34a142ea3e47ba7615c83a329841dec43e19a467e
-
Filesize
75KB
MD5338fcb35e945faecae997832d293b4cd
SHA1eb03536e18775b4a351beb58181b7da3fb48606f
SHA2568889368a477d5a93ab3b2c5ab01568a6146f4d17d6e0841b86589c33585aa4a6
SHA5128fb562fb452a6a600322424ba841cb351530f3f1f7a6e757af286eb3ba56431093d8b7b4dabb6b9ab4a1c6cd6dd4ac3dd7e2cb1b55a7e337a8cdaa4a39b7a782