Overview

overview

8

Static

static

7

AcceData.exe

windows7-x64

1

AcceData.exe

windows10-2004-x64

1

AptNail.dll

windows7-x64

8

AptNail.dll

windows10-2004-x64

8

AptRegIns.dll

windows7-x64

8

AptRegIns.dll

windows10-2004-x64

8

AptRelay.exe

windows7-x64

1

AptRelay.exe

windows10-2004-x64

1

AptSpare.dll

windows7-x64

1

AptSpare.dll

windows10-2004-x64

1

AptSpare.exe

windows7-x64

1

AptSpare.exe

windows10-2004-x64

1

AptSpare64.dll

windows7-x64

1

AptSpare64.dll

windows10-2004-x64

1

AptSpare64.exe

windows7-x64

7

AptSpare64.exe

windows10-2004-x64

7

Fireman.dll

windows7-x64

8

Fireman.dll

windows10-2004-x64

8

FunDodge.dll

windows7-x64

6

FunDodge.dll

windows10-2004-x64

6

FunKoala.dll

windows7-x64

8

FunKoala.dll

windows10-2004-x64

8

FunKoala64.dll

windows7-x64

8

FunKoala64.dll

windows10-2004-x64

8

FunSeed.dll

windows7-x64

7

FunSeed.dll

windows10-2004-x64

7

FunSeed64.dll

windows7-x64

7

FunSeed64.dll

windows10-2004-x64

7

FunWorks.dll

windows7-x64

7

FunWorks.dll

windows10-2004-x64

7

FunWorks64.dll

windows7-x64

7

FunWorks64.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/05/2024, 14:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AptSpare64.exe

  • Size

    133KB

  • MD5

    ceaf20b7f1a1a45b99fb217160fa8b5f

  • SHA1

    aca86cd4de60526779b3eb7cb771aea7b6490ca9

  • SHA256

    2ed60aa82ad39fb0fc539af6cb8ab7e734f4c985bbc2dd4965685106d1b01395

  • SHA512

    7ccbc838f28df1b483a0930b499f35b865efcb8a787dbd1a37b98687c735e551346560949822886748761582679a0abc4233d67bc7292a9a07ea27383e88c9b4

  • SSDEEP

    3072:0MgeOWYg3OWYgWO55/uO55/6ggfHfm0TPmvnQ2YTkv4xZ0mYyjPFceaKsk:nkWYgeWYg955/155/69fHbTPmvnQ2YgY

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AptSpare64.exe
    "C:\Users\Admin\AppData\Local\Temp\AptSpare64.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{5512E1FE-48A4-43F5-9B34-15BDFE6F7D92} -Embedding
      2⤵
        PID:4052

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\aptspare.ini
      Filesize

      48B

      MD5

      53cace7aebf468a5922be0ec5bfc0a90

      SHA1

      3c1a1f22aae92bb6f4f3cbb9de1757a43e9cf360

      SHA256

      2e700606434663f8c7c435cb0a82d1112a205bc7ea924d89157c0dd5668bd486

      SHA512

      a2596401126c1839d259f2ff99c5914daecacf3d4eb3699bfcd9bb5b0c3a3eb822e9bf352dadd1f1ebad79313727b1930da076f205cbf2ccb75249960d3e7b2a

      Download Submit

    • memory/4052-0-0x00007FF620340000-0x00007FF620367000-memory.dmp

      Filesize

      156KB

      Download

    • memory/4052-5-0x00007FF620340000-0x00007FF620367000-memory.dmp

      Filesize

      156KB

      Download

    • memory/4052-6-0x00007FFDB31A0000-0x00007FFDB3314000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4052-7-0x00007FFDB31A0000-0x00007FFDB3314000-memory.dmp

      Filesize

      1.5MB

      Download