c4e649e8f86e8c204f694a151aa5a1d1b092ee969c0b0c6b78f0c84300aefa91

Analysis

max time kernel
137s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4e649e8f86e8c204f694a151aa5a1d1b092ee969c0b0c6b78f0c84300aefa91.exe
Size

137KB
MD5

6d94ef66f49dd89a25e90bcefb0d724c
SHA1

f0df666571f59f4b0962225f3d45f7608dd864fe
SHA256

c4e649e8f86e8c204f694a151aa5a1d1b092ee969c0b0c6b78f0c84300aefa91
SHA512

944e9ff1d67dfd4c857041b8a84d2e6925c5b3a3d932308c04e34ff45dab3f494ef19dcde758c4b7aa8487277f5e8440caa4a54c4abc5ee14a8b5cb6d4ba46f0
SSDEEP

3072:AE9ByF5wP7Ht99mbaa+vKAzWvSVJSwpi6Ds9N:7907wTr9mea+i6WKQ/

Score

9^/10

aspackv2 persistence

Malware Config

Signatures

Detects executables packed with ASPack 6 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1932-0-0x0000000000400000-0x000000000045E000-memory.dmp	INDICATOR_EXE_Packed_ASPack
behavioral2/memory/1932-1-0x0000000000400000-0x000000000045E000-memory.dmp	INDICATOR_EXE_Packed_ASPack
behavioral2/memory/1932-2-0x0000000000400000-0x000000000045E000-memory.dmp	INDICATOR_EXE_Packed_ASPack
C:\PROGRA~3\Mozilla\lmzjuzl.exe	INDICATOR_EXE_Packed_ASPack
behavioral2/memory/712-11-0x0000000000400000-0x000000000045E000-memory.dmp	INDICATOR_EXE_Packed_ASPack
behavioral2/memory/712-12-0x0000000000400000-0x000000000045E000-memory.dmp	INDICATOR_EXE_Packed_ASPack

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\PROGRA~3\Mozilla\lmzjuzl.exe	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

lmzjuzl.exe

pid process

712 lmzjuzl.exe

pid	process
712	lmzjuzl.exe

Drops file in Program Files directory 2 IoCs

Processes:

c4e649e8f86e8c204f694a151aa5a1d1b092ee969c0b0c6b78f0c84300aefa91.exelmzjuzl.exe

description	ioc	process
File created	C:\PROGRA~3\Mozilla\lmzjuzl.exe	c4e649e8f86e8c204f694a151aa5a1d1b092ee969c0b0c6b78f0c84300aefa91.exe
File created	C:\PROGRA~3\Mozilla\yxbjhae.dll	lmzjuzl.exe

C:\Users\Admin\AppData\Local\Temp\c4e649e8f86e8c204f694a151aa5a1d1b092ee969c0b0c6b78f0c84300aefa91.exe
"C:\Users\Admin\AppData\Local\Temp\c4e649e8f86e8c204f694a151aa5a1d1b092ee969c0b0c6b78f0c84300aefa91.exe"
1⤵
- Drops file in Program Files directory
PID:1932

C:\PROGRA~3\Mozilla\lmzjuzl.exe
C:\PROGRA~3\Mozilla\lmzjuzl.exe -qqbypme
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:712

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\Mozilla\lmzjuzl.exe
Filesize
137KB

MD5
205035cd9e723aa00b89298b3459edff

SHA1
17342cf97a2a35d661c1b539f50a9a0d0e5f4895

SHA256
7ef24208654a81598e24e9cd764fecaae86deb018a607c35eef477404f707e57

SHA512
67cd7a03c5044a36d5748206c0fd2e5d991bdfe12a63fca35961c62e763a1978abd12e7878dd690dd8194f4c660d9d2a73097b1269e10f50d57c303d7f4ce5cc

Download Submit
memory/712-11-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/712-17-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/712-14-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/712-13-0x0000000000C20000-0x0000000000C7B000-memory.dmp

Filesize
364KB

Download
memory/712-12-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/1932-3-0x0000000002220000-0x000000000227B000-memory.dmp

Filesize
364KB

Download
memory/1932-10-0x0000000002220000-0x000000000227B000-memory.dmp

Filesize
364KB

Download
memory/1932-9-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1932-4-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1932-0-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/1932-2-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/1932-1-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download