Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16-05-2024 00:55
Behavioral task
behavioral1
Sample
9399024a407b940e462170e3610211919abb44f5b075f8db1ddba46a3e0eae71.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
9399024a407b940e462170e3610211919abb44f5b075f8db1ddba46a3e0eae71.exe
Resource
win10v2004-20240508-en
General
-
Target
9399024a407b940e462170e3610211919abb44f5b075f8db1ddba46a3e0eae71.exe
-
Size
137KB
-
MD5
1e2982b931241693f424227d9f8f2a22
-
SHA1
931215b5ba1ae459851e333b2c334d6530749db1
-
SHA256
9399024a407b940e462170e3610211919abb44f5b075f8db1ddba46a3e0eae71
-
SHA512
f80dec4f7d81e3f49ad736bd5b989fe9ef0d86245e6df56ece5ab63d0879fc975b62c62e6d362aaa384c4d9ddbef687961889ea1bb4cc64d1cc209342dd489bf
-
SSDEEP
3072:AE9ByF5wP7Ht99mbaa+vKAzWvSVJSwpi6DsB:7907wTr9mea+i6WKQJ
Malware Config
Signatures
-
Detects executables packed with ASPack 7 IoCs
resource yara_rule behavioral2/memory/2168-0-0x0000000000400000-0x000000000045E000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/memory/2168-1-0x0000000000400000-0x000000000045E000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/memory/2168-2-0x0000000000400000-0x000000000045E000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/files/0x00070000000233bf-6.dat INDICATOR_EXE_Packed_ASPack behavioral2/memory/2636-9-0x0000000000400000-0x000000000045E000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/memory/2636-12-0x0000000000400000-0x000000000045E000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/memory/2636-11-0x0000000000400000-0x000000000045E000-memory.dmp INDICATOR_EXE_Packed_ASPack -
Modifies AppInit DLL entries 2 TTPs
-
resource yara_rule behavioral2/files/0x00070000000233bf-6.dat aspack_v212_v242 -
Executes dropped EXE 1 IoCs
pid Process 2636 iodncyc.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\iodncyc.exe 9399024a407b940e462170e3610211919abb44f5b075f8db1ddba46a3e0eae71.exe File created C:\PROGRA~3\Mozilla\lrtatsc.dll iodncyc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9399024a407b940e462170e3610211919abb44f5b075f8db1ddba46a3e0eae71.exe"C:\Users\Admin\AppData\Local\Temp\9399024a407b940e462170e3610211919abb44f5b075f8db1ddba46a3e0eae71.exe"1⤵
- Drops file in Program Files directory
PID:2168
-
C:\PROGRA~3\Mozilla\iodncyc.exeC:\PROGRA~3\Mozilla\iodncyc.exe -szcyzql1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2636
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
137KB
MD566cae745ca1a9a48fae3b8c3de5e1c11
SHA188c1ae678462f54fbc4c3068714e4e94b41c8d5f
SHA256af5cb06ef4d427a2a62b486c54c7a05fb5577fa21e0145640f4eccfd54850b9d
SHA5128141e16b738d6c0974bb67a3085b4fdcb02bf013c79d0bf8d7d5f910392480516b4e6ac81cb4ee7933f6d9755285d03c2fa49094cc83f8ceff1617fc95a2f604