Analysis Overview
SHA256
abd0cf62cf0a58ae2ba918d12a570520299bf1efd14390753bd1cfd90317dedf
Threat Level: Shows suspicious behavior
The file abd0cf62cf0a58ae2ba918d12a570520299bf1efd14390753bd1cfd90317dedf was found to be: Shows suspicious behavior.
Malicious Activity Summary
ASPack v2.12-2.42
Loads dropped DLL
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-18 03:18
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 03:18
Reported
2024-05-18 03:21
Platform
win7-20240221-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\abd0cf62cf0a58ae2ba918d12a570520299bf1efd14390753bd1cfd90317dedf.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\abd0cf62cf0a58ae2ba918d12a570520299bf1efd14390753bd1cfd90317dedf.exe
"C:\Users\Admin\AppData\Local\Temp\abd0cf62cf0a58ae2ba918d12a570520299bf1efd14390753bd1cfd90317dedf.exe"
Network
| Country | Destination | Domain | Proto |
| CN | 115.236.153.253:511 | tcp | |
| US | 8.8.8.8:53 | res3.csasnet.net | udp |
| US | 8.8.8.8:53 | res1.csasnet.com | udp |
| CN | 124.221.138.85:511 | res1.csasnet.com | tcp |
| CN | 124.221.138.85:511 | res1.csasnet.com | tcp |
| N/A | 127.0.0.1:2143 | tcp | |
| CN | 45.124.76.215:300 | tcp | |
| CN | 103.192.208.90:300 | tcp | |
| CN | 45.124.79.196:300 | tcp | |
| CN | 45.124.79.204:300 | tcp | |
| CN | 103.192.208.117:300 | tcp | |
| CN | 45.124.76.252:300 | tcp | |
| CN | 115.236.153.233:300 | tcp | |
| CN | 115.236.153.241:300 | tcp | |
| CN | 103.192.208.11:300 | tcp | |
| CN | 103.192.208.87:300 | tcp | |
| CN | 45.124.76.229:300 | tcp | |
| CN | 45.124.79.206:300 | tcp | |
| CN | 45.124.79.218:300 | tcp | |
| CN | 115.236.153.234:300 | tcp | |
| CN | 115.236.153.243:300 | tcp | |
| CN | 103.192.208.106:300 | tcp | |
| CN | 103.192.208.73:300 | tcp | |
| CN | 103.192.208.27:300 | tcp | |
| CN | 103.192.208.120:300 | tcp | |
| CN | 45.124.79.211:300 | tcp | |
| CN | 103.192.208.126:511 | res3.csasnet.net | tcp |
| CN | 45.124.79.200:300 | tcp | |
| CN | 45.124.76.254:511 | res1.csasnet.com | tcp |
| CN | 115.236.153.230:300 | tcp | |
| CN | 115.236.153.232:300 | tcp | |
| CN | 45.124.76.233:300 | tcp |
Files
memory/856-0-0x0000000000400000-0x00000000007C4000-memory.dmp
\Users\Admin\AppData\Local\Temp\ClinkApi.dll
| MD5 | 7bc18b5d04bbaa53af22bb288c5a810c |
| SHA1 | 6e3ba5d7c21a38076bcad960f51c8849928a0c9a |
| SHA256 | ce7c04f57eae835917279c44c64c790370d26a69311d8ca501d8ddd6670649b4 |
| SHA512 | d6bca1619cc028a74e68d8188986e5d13749fd336c2ce9498dba8937142369ce6ca61d1d8df8e283b8f2f1b5e125a227a3a720950c7d3b585c24e5871cb99963 |
memory/856-1-0x0000000000400000-0x00000000007C4000-memory.dmp
memory/856-6-0x0000000000400000-0x00000000007C4000-memory.dmp
memory/856-8-0x0000000000400000-0x00000000007C4000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-18 03:18
Reported
2024-05-18 03:21
Platform
win10v2004-20240426-en
Max time kernel
129s
Max time network
99s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\abd0cf62cf0a58ae2ba918d12a570520299bf1efd14390753bd1cfd90317dedf.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\abd0cf62cf0a58ae2ba918d12a570520299bf1efd14390753bd1cfd90317dedf.exe
"C:\Users\Admin\AppData\Local\Temp\abd0cf62cf0a58ae2ba918d12a570520299bf1efd14390753bd1cfd90317dedf.exe"
Network
| Country | Destination | Domain | Proto |
| CN | 115.236.153.253:511 | tcp | |
| US | 8.8.8.8:53 | res1.csasnet.com | udp |
| US | 8.8.8.8:53 | res3.csasnet.net | udp |
| CN | 115.236.153.254:511 | res3.csasnet.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| CN | 124.221.138.85:511 | res3.csasnet.net | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| N/A | 127.0.0.1:2143 | tcp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| CN | 45.124.79.196:300 | tcp | |
| CN | 45.124.79.220:300 | tcp | |
| CN | 103.192.208.2:300 | tcp | |
| CN | 103.192.208.76:300 | tcp | |
| CN | 115.236.153.230:300 | tcp | |
| CN | 115.236.153.234:300 | tcp | |
| CN | 45.124.76.224:300 | tcp | |
| CN | 45.124.76.231:300 | tcp | |
| CN | 45.124.79.206:300 | tcp | |
| CN | 103.192.208.17:300 | tcp | |
| CN | 103.192.208.19:300 | tcp | |
| CN | 45.124.79.195:300 | tcp | |
| CN | 115.236.153.233:300 | tcp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| CN | 115.236.153.227:300 | tcp | |
| CN | 45.124.76.233:300 | tcp | |
| CN | 103.192.208.103:300 | tcp | |
| CN | 45.124.79.211:300 | tcp | |
| CN | 103.192.208.89:300 | tcp | |
| CN | 45.124.76.219:300 | tcp | |
| CN | 45.124.79.218:300 | tcp | |
| CN | 124.221.138.85:511 | res3.csasnet.net | tcp |
| CN | 45.124.76.254:511 | res1.csasnet.com | tcp |
| CN | 115.236.153.240:300 | tcp | |
| CN | 115.236.153.243:300 | tcp | |
| CN | 103.192.208.114:300 | tcp | |
| CN | 103.192.208.106:300 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
Files
memory/2204-0-0x0000000000400000-0x00000000007C4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ClinkApi.dll
| MD5 | 7bc18b5d04bbaa53af22bb288c5a810c |
| SHA1 | 6e3ba5d7c21a38076bcad960f51c8849928a0c9a |
| SHA256 | ce7c04f57eae835917279c44c64c790370d26a69311d8ca501d8ddd6670649b4 |
| SHA512 | d6bca1619cc028a74e68d8188986e5d13749fd336c2ce9498dba8937142369ce6ca61d1d8df8e283b8f2f1b5e125a227a3a720950c7d3b585c24e5871cb99963 |
memory/2204-1-0x0000000000400000-0x00000000007C4000-memory.dmp
memory/2204-7-0x0000000000400000-0x00000000007C4000-memory.dmp
memory/2204-9-0x0000000000400000-0x00000000007C4000-memory.dmp