5b75a8634a19ddb4bdfd24e92cd09c4481b1de39c7391319cdab26563a2663bb

Analysis

max time kernel
153s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 19:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b96ff0589a76eebeadc86d0729b3401c.exe
Size

673KB
MD5

b96ff0589a76eebeadc86d0729b3401c
SHA1

d691e5abe0df45d53f70f90a19dacbc9c7937614
SHA256

5b75a8634a19ddb4bdfd24e92cd09c4481b1de39c7391319cdab26563a2663bb
SHA512

0386e7567e3bf2b062c4f2a4d324d2e8f88a64bd719109f0d9786ac08dc905252a817853aee6c37dd76182cc58a5588624dfe215b1950446221fda4b6c19834f
SSDEEP

12288:YaazV2H1ECVThO3UVz6Mj4ZfEDKiJF3Z4mxxfDqVTVOCqC:+JGyMpj4ZfGJQmXeVTzqC

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x0008000000023337-11.dat	aspack_v212_v242

Loads dropped DLL 2 IoCs

pid	Process
5056	b96ff0589a76eebeadc86d0729b3401c.exe
5056	b96ff0589a76eebeadc86d0729b3401c.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll	b96ff0589a76eebeadc86d0729b3401c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5056	b96ff0589a76eebeadc86d0729b3401c.exe

C:\Users\Admin\AppData\Local\Temp\b96ff0589a76eebeadc86d0729b3401c.exe
"C:\Users\Admin\AppData\Local\Temp\b96ff0589a76eebeadc86d0729b3401c.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4116 --field-trial-handle=3112,i,1786399861560734457,5606877702857066305,262144 --variations-seed-version /prefetch:8
1⤵
PID:1440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\microsoft shared\MSInfo\atmQQ2.dll

Filesize
344KB

MD5
7724819f75e430ed8c0c884efa36f2ae

SHA1
96c7fcbead9106626da0de8a78d6ac49b6699738

SHA256
cc5bf7a311edbce872110f255ab6d9d914e1221888382d981fa6c92f90c96d97

SHA512
2ec999a318e772726292119177da24cc6e82bdeb140b93a0d763b2d32ac40a1d9f4c4ff750719d5cc463424e27d88762bd1ff145280dc70597add0d8f4446e9d

Download Submit
memory/5056-0-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/5056-1-0x0000000002160000-0x00000000021B4000-memory.dmp

Filesize
336KB

Download
memory/5056-2-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/5056-3-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/5056-4-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download
memory/5056-5-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/5056-6-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download
memory/5056-7-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/5056-8-0x00000000021E0000-0x00000000021E1000-memory.dmp

Filesize
4KB

Download
memory/5056-15-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/5056-17-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/5056-16-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/5056-10-0x0000000003340000-0x0000000003341000-memory.dmp

Filesize
4KB

Download
memory/5056-19-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/5056-22-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/5056-21-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/5056-24-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/5056-23-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/5056-25-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/5056-26-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/5056-27-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/5056-28-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/5056-30-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/5056-29-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/5056-32-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/5056-31-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/5056-33-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-34-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-35-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-36-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-37-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-38-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-39-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-40-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-41-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-42-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-43-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-44-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-45-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-46-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-47-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-48-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-49-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-51-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-50-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-52-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-53-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-54-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-55-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-56-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-57-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-58-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-59-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-60-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-62-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-63-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-61-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-64-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-65-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-66-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-67-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-68-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-69-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-70-0x0000000003380000-0x0000000003480000-memory.dmp

Filesize
1024KB

Download
memory/5056-112-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/5056-206-0x0000000003480000-0x00000000034E4000-memory.dmp

Filesize
400KB

Download