Analysis
-
max time kernel
144s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
04/03/2024, 23:30
Behavioral task
behavioral1
Sample
a146b753ac67bd29bea524625bc84ee179a8e41f30128c384c3e812c5a1fb7e4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a146b753ac67bd29bea524625bc84ee179a8e41f30128c384c3e812c5a1fb7e4.exe
Resource
win10v2004-20240226-en
General
-
Target
a146b753ac67bd29bea524625bc84ee179a8e41f30128c384c3e812c5a1fb7e4.exe
-
Size
178KB
-
MD5
5149131598da41edc109bae5d2912563
-
SHA1
db21582afb41ab861eb7c40cc2320fdaecb346b3
-
SHA256
a146b753ac67bd29bea524625bc84ee179a8e41f30128c384c3e812c5a1fb7e4
-
SHA512
8def3f506d0f20c035310be2847f13c9740e95fb094e1cd6e066ab3a001efce066dd993078ad924c8db46168806ee5a7ce8020005a8f0b9d6004490f075b9537
-
SSDEEP
3072:+Yubs4vIPfIOKyCRfyJiJJMXybJg30TZZ+MbpqdNjfBDckH8sbigzwQj1O:Puk6fK6tixMbwNL+kDrI
Malware Config
Signatures
-
Detects executables packed with ASPack 6 IoCs
resource yara_rule behavioral2/memory/4968-0-0x0000000000400000-0x000000000045E000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/memory/4968-1-0x0000000000400000-0x000000000045E000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/memory/4968-2-0x0000000000400000-0x000000000045E000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/files/0x0007000000023314-6.dat INDICATOR_EXE_Packed_ASPack behavioral2/memory/1572-11-0x0000000000400000-0x000000000045E000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/memory/1572-12-0x0000000000400000-0x000000000045E000-memory.dmp INDICATOR_EXE_Packed_ASPack -
Modifies AppInit DLL entries 2 TTPs
-
resource yara_rule behavioral2/files/0x0007000000023314-6.dat aspack_v212_v242 -
Executes dropped EXE 1 IoCs
pid Process 1572 xrwomfe.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\xrwomfe.exe a146b753ac67bd29bea524625bc84ee179a8e41f30128c384c3e812c5a1fb7e4.exe File created C:\PROGRA~3\Mozilla\xblkzla.dll xrwomfe.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a146b753ac67bd29bea524625bc84ee179a8e41f30128c384c3e812c5a1fb7e4.exe"C:\Users\Admin\AppData\Local\Temp\a146b753ac67bd29bea524625bc84ee179a8e41f30128c384c3e812c5a1fb7e4.exe"1⤵
- Drops file in Program Files directory
PID:4968
-
C:\PROGRA~3\Mozilla\xrwomfe.exeC:\PROGRA~3\Mozilla\xrwomfe.exe -cybdupc1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1412 --field-trial-handle=2272,i,17338911640954948469,1637568328132129119,262144 --variations-seed-version /prefetch:81⤵PID:1448
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
178KB
MD579407860a3d11558d74d616d4003b690
SHA126c048c7772478ca6003117f60e4e2da43263721
SHA256813e78920520f6a20c5249648a9fe558bbb6e8a3e985569263eab38abfd909e7
SHA512c73afe6a8c23e20bff1241f1149cce536d5e060fce2525fee2ff70b1bdb2aaf4a34f656e96d4bacc5b49baada598422a6c468be437ea03d4870281a7187c1feb