Analysis
-
max time kernel
141s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 11:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ASPack.exe
Resource
win7-20231129-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
ASPack.exe
Resource
win10v2004-20240508-en
3 signatures
150 seconds
General
-
Target
ASPack.exe
-
Size
373KB
-
MD5
a8e5ccfab37f759f2914335d21181b9f
-
SHA1
e64244de48c410cf3b8452597d75c557cd4434bd
-
SHA256
1df4d6648753095803f0fdffaffc39edfc908ffa66d4dca33a1b1d689175a3f0
-
SHA512
329a6d2cb4385a0a53b808f072eaaad81630ecf851f9cc3a6746a2438c853dade6b97eb6701eee7ae909f952f8f331af5bb8b53b2059b289173549efcf0cc91e
-
SSDEEP
6144:HqljTfN8OTNv+jotlGPbymiP8JPAvgWZpg3SyBwOJFfDn+aC0sytWnPV7srfh1QH:Hql3iiNCotlGDydP8JFWHXyG4FzW0XIF
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 57 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}\1.1\0\ ASPack.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU ASPack.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BECC57F0-B4FF-44B6-3DB9-B9CD217ED7D1}\ = "Imasi" ASPack.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}\1.1\0\win32 ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BECC57F0-B4FF-44B6-3DB9-B9CD217ED7D1}\TypeLib\ ASPack.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff ASPack.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}\1.1\0\win64 ASPack.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}\1.1\FLAGS ASPack.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings ASPack.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}\1.1\0\win64\ = "C:\\Windows\\SysWow64\\tdc.ocx" ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BECC57F0-B4FF-44B6-3DB9-B9CD217ED7D1}\Version\ = "1.0" ASPack.exe Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1" ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BECC57F0-B4FF-44B6-3DB9-B9CD217ED7D1}\ProgID\ ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}\1.1\0\win32\ ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}\1.1\FLAGS\ = "0" ASPack.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 820074001c00434653461600310000000000a858c653120041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbea858c653a958ae5e2e0000007ae10100000001000000000000000000000000000000d329c9004100700070004400610074006100000042000000 ASPack.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 5000310000000000a858e45510004c6f63616c003c0009000400efbea858c653a958ae5e2e0000008de1010000000100000000000000000000000000000099fab8004c006f00630061006c00000014000000 ASPack.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell ASPack.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000 ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}\1.1\0\win64\ ASPack.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BECC57F0-B4FF-44B6-3DB9-B9CD217ED7D1}\Version ASPack.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 ASPack.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BECC57F0-B4FF-44B6-3DB9-B9CD217ED7D1}\Version\ ASPack.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots ASPack.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 4e00310000000000a958ad5e100054656d7000003a0009000400efbea858c653a958ad5e2e0000008ee10100000001000000000000000000000000000000f3878e00540065006d007000000014000000 ASPack.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 ASPack.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BECC57F0-B4FF-44B6-3DB9-B9CD217ED7D1}\InprocServer32 ASPack.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BECC57F0-B4FF-44B6-3DB9-B9CD217ED7D1}\ProgID ASPack.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}\1.1\0 ASPack.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BECC57F0-B4FF-44B6-3DB9-B9CD217ED7D1}\TypeLib ASPack.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 ASPack.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BECC57F0-B4FF-44B6-3DB9-B9CD217ED7D1} ASPack.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 ASPack.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell ASPack.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0} ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}\ ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}\1.1\0\win32\ = "C:\\Windows\\SysWOW64\\tdc.ocx" ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}\1.1\FLAGS\ ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BECC57F0-B4FF-44B6-3DB9-B9CD217ED7D1}\InprocServer32\ ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}\1.1\ ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}\1.1\ = "Tabular Data Control 1.1 Type Library" ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BECC57F0-B4FF-44B6-3DB9-B9CD217ED7D1}\TypeLib\ = "{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}" ASPack.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 ASPack.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff ASPack.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags ASPack.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" ASPack.exe Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff ASPack.exe Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BECC57F0-B4FF-44B6-3DB9-B9CD217ED7D1}\InprocServer32\ = "%SystemRoot%\\SysWow64\\activeds.dll" ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ ASPack.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 ASPack.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BECC57F0-B4FF-44B6-3DB9-B9CD217ED7D1}\ProgID\ = "PropertyEntry" ASPack.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1AE5BC9D-9290-21E5-E5C7-EBFC9F2012C0}\1.1 ASPack.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4364 ASPack.exe