Overview

overview

10

Static

static

10

b1b66a8407...56.exe

windows7-x64

9

b1b66a8407...56.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-03-2024 23:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b1b66a8407e289005d606246ae077b27f75ead5a8f6fe96768c076fe73269e56.exe

  • Size

    137KB

  • MD5

    f6e542a136a020ec920246360c3640c1

  • SHA1

    26b15030a1c69bf3c5e4f6b064215586b9158ddc

  • SHA256

    b1b66a8407e289005d606246ae077b27f75ead5a8f6fe96768c076fe73269e56

  • SHA512

    06d083835ab5ac2fdc2c9ef606f6a7d509621edc8b62c13e738ecdeb7611e2e36104850b5b993644cf619ab3b8b60041563e5f5e967b72669ff25727ac18afc9

  • SSDEEP

    3072:AE9ByF5wP7Ht99mbaa+vKAzWvSVJSwpi6DsHH:7907wTr9mea+i6WKQP

Score
9/10
aspackv2persistence

Malware Config

Signatures

  • Detects executables packed with ASPack 6 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b1b66a8407e289005d606246ae077b27f75ead5a8f6fe96768c076fe73269e56.exe
    "C:\Users\Admin\AppData\Local\Temp\b1b66a8407e289005d606246ae077b27f75ead5a8f6fe96768c076fe73269e56.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3132
  • C:\PROGRA~3\Mozilla\zonasdl.exe
    C:\PROGRA~3\Mozilla\zonasdl.exe -ufdnlxl
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:4804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Mozilla\zonasdl.exe
    Filesize

    137KB

    MD5

    dabf9b1ade72c9cccb16f626a4b06b54

    SHA1

    95f1905f0cadf7852d88023dd9c0c706d0412f2a

    SHA256

    0b686d42ba7cda289c353f4866ce9dcb3a1d648ad1b36d8bc6deef506e49a105

    SHA512

    0b1e9de919b546406b9b91e63fcabca23a82697cdf0dccf3ea36f67fd9f8bd22b5e249e87dc86cd8b063efbf8fa87027d2fecefa4694f7f711bd9b1358ac8482

    Download Submit

  • memory/3132-9-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/3132-2-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/3132-3-0x00000000021E0000-0x000000000223B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/3132-4-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/3132-1-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/3132-0-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/3132-12-0x00000000021E0000-0x000000000223B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/4804-11-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/4804-10-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/4804-13-0x0000000000D70000-0x0000000000DCB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/4804-14-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/4804-17-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download