e5696be2b831f4abd7dacd0eb304e64ae4c1f61135593df4af84aabcdc807fb1

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 06:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c011583cd6bc26964b3d9924a5efc3f1.exe
Size

280KB
MD5

c011583cd6bc26964b3d9924a5efc3f1
SHA1

077fbdf7e9a78e1eea52399753aace2c5696f423
SHA256

e5696be2b831f4abd7dacd0eb304e64ae4c1f61135593df4af84aabcdc807fb1
SHA512

d4df8a5cfcea0d27723747211980ccc9dd5f23bc762196034ab6585e8e16eaa33fb930639b7049457afc04eeb768fc6f4e1a6af9c3cbf26ef3e75a31b84cbdab
SSDEEP

6144:/48uaZG1amNB9ZzxjipBb2O+Hh3l2UJaHVS912HUvf5725t4B4:g8uadsbtjiziHaU024Up7Y4B4

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x000c0000000226fd-7.dat	aspack_v212_v242
behavioral2/files/0x000c0000000226fd-13.dat	aspack_v212_v242

Executes dropped EXE 2 IoCs

pid	Process
1604	wpabaln32.exe
4876	wpabaln32.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\SysWOW64\wpabaln32.exe	c011583cd6bc26964b3d9924a5efc3f1.exe
File opened for modification	\??\c:\windows\SysWOW64\wpabaln32.exe	c011583cd6bc26964b3d9924a5efc3f1.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2268	c011583cd6bc26964b3d9924a5efc3f1.exe
1604	wpabaln32.exe
4876	wpabaln32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 1604	2268	c011583cd6bc26964b3d9924a5efc3f1.exe	90
PID 2268 wrote to memory of 1604	2268	c011583cd6bc26964b3d9924a5efc3f1.exe	90
PID 2268 wrote to memory of 1604	2268	c011583cd6bc26964b3d9924a5efc3f1.exe	90
PID 1604 wrote to memory of 4876	1604	wpabaln32.exe	91
PID 1604 wrote to memory of 4876	1604	wpabaln32.exe	91
PID 1604 wrote to memory of 4876	1604	wpabaln32.exe	91

C:\Users\Admin\AppData\Local\Temp\c011583cd6bc26964b3d9924a5efc3f1.exe
"C:\Users\Admin\AppData\Local\Temp\c011583cd6bc26964b3d9924a5efc3f1.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268
- \??\c:\windows\SysWOW64\wpabaln32.exe
  c:\windows\system32\wpabaln32.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1604
- - \??\c:\windows\SysWOW64\wpabaln32.exe
    c:\windows\system32\wpabaln32.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\wpabaln32.exe

Filesize
273KB

MD5
a28338eba449756a9a5ffad423527539

SHA1
70bb5aba81689824826edd222a5dad050de3ca77

SHA256
10c590d1f0cd2f55a71adab9ba21f042bdafa767c5784ee91d8949923cd437ce

SHA512
1b5701d75f88eaca955c8f67219f30f643493c7059b28bb75f6061d68dbbb0a7bdc3552da11a9884ddaed77a57347748828f65f5e6347d6446d9bbc12b114e78

Download Submit
C:\Windows\SysWOW64\wpabaln32.exe

Filesize
280KB

MD5
c011583cd6bc26964b3d9924a5efc3f1

SHA1
077fbdf7e9a78e1eea52399753aace2c5696f423

SHA256
e5696be2b831f4abd7dacd0eb304e64ae4c1f61135593df4af84aabcdc807fb1

SHA512
d4df8a5cfcea0d27723747211980ccc9dd5f23bc762196034ab6585e8e16eaa33fb930639b7049457afc04eeb768fc6f4e1a6af9c3cbf26ef3e75a31b84cbdab

Download Submit
memory/1604-9-0x0000000000400000-0x0000000000825000-memory.dmp

Filesize
4.1MB

Download
memory/1604-10-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/1604-20-0x0000000000400000-0x0000000000825000-memory.dmp

Filesize
4.1MB

Download
memory/1604-21-0x0000000000400000-0x0000000000825000-memory.dmp

Filesize
4.1MB

Download
memory/2268-0-0x0000000000400000-0x0000000000825000-memory.dmp

Filesize
4.1MB

Download
memory/2268-1-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/2268-19-0x0000000000400000-0x0000000000825000-memory.dmp

Filesize
4.1MB

Download
memory/4876-14-0x0000000000400000-0x0000000000825000-memory.dmp

Filesize
4.1MB

Download
memory/4876-15-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/4876-18-0x0000000000400000-0x0000000000825000-memory.dmp

Filesize
4.1MB

Download