4a243a43ba01ca36fdaaa65230673d97405b645160b081c3a8f83a1fcee01d97

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

newasp/aspupload.exe
Size

769KB
MD5

a511095a693e3082b5628554badbbc8f
SHA1

d876a5814c6a1078335daeda0ce653c7d084ed60
SHA256

51fe5d06d86c3abc9c9c729beffe821a1d7165a550d5212a26e56e830b1d4179
SHA512

dadc429cc0bdd9304de3e661297543f82116443fd1c01c8eb270aadc66d1e1cb2c12f534bd7d1fadfe00b065e48bd09ab20d7ae6d2a9771e9aafdf2876aa55be
SSDEEP

12288:YaS8/3dfadHC/NwLO3u+kx0qoaN2L2cyRD0At6sF1Q1hJqf0dWt5EE:7SWdfQC/xGnod2cmF1SwMQ7

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2084	aspupload.exe
2084	aspupload.exe
2084	aspupload.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2084-0-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2084-52-0x0000000000400000-0x0000000000456000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2084	aspupload.exe

C:\Users\Admin\AppData\Local\Temp\newasp\aspupload.exe
"C:\Users\Admin\AppData\Local\Temp\newasp\aspupload.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\1GE4ESLV\aspupload\plugins\0\StdUI.dll

Filesize
147KB

MD5
0ef0df3c28f135fa78eb9dfcf1b0499e

SHA1
ca21f49137267b3edc8f5aae86bec80f43cd4890

SHA256
8d987a52990bf4ea755240b7a1ea7f73a16b1fd67f3e91fc21e87a4f7d443546

SHA512
26bd1e5b0996a6b653b5456e361fa373b0b0505536bb9b8095b1f1389b244810aa51513be2af1585408a0f151db2cadbb65abc02e64b8ca5e8b2e6c5d502746b

Download Submit
\Users\Admin\AppData\Local\Temp\1GE4ESLV\aspupload\plugins\1\eInstallPlugin.dll

Filesize
56KB

MD5
d64030cfee1bc281646804549be88ea0

SHA1
8f99218a567a486ec78ced845db7a5eb7fe2568f

SHA256
f313c176e9b7d582da863cef7f3c860b7e30379e0601415ef87dbe45459ba809

SHA512
ed58bf61cefe57bd7b84528bd54a577e6e53f9c1767864a1cc7ca5b861ade93e75ce7ad9c595b9fa4689d50c434c5d9b83cae6cd5be1a718815d2c00bf285426

Download Submit
\Users\Admin\AppData\Local\Temp\1GE4ESLV\unpack.dll

Filesize
34KB

MD5
97bb07c04a2f3a0dace5aff04d305455

SHA1
2a966dfb6463a5c26ffb3a247dc9281bb57d25cf

SHA256
2adc86ef09b5aea46bc3ee88d1740760b3ce6ae5fa92fb6eceb6efc1e6c942d9

SHA512
9b00d6c26dfa946b78f73192c78edd6ae6027c377406f8e57089db8426b9664c972c77eb5b998430d9ab99c750b47d8e18203b737afcedec9a9dd09404c07c9f

Download Submit
memory/2084-0-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2084-46-0x0000000002A70000-0x0000000002A99000-memory.dmp

Filesize
164KB

Download
memory/2084-52-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2084-53-0x0000000002A70000-0x0000000002A99000-memory.dmp

Filesize
164KB

Download