Overview

overview

7

Static

static

7

a0f648d9e6...0N.exe

windows7-x64

7

a0f648d9e6...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 10:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0f648d9e694e58391ffe778f16529d0N.exe

  • Size

    259KB

  • MD5

    a0f648d9e694e58391ffe778f16529d0

  • SHA1

    ef841a1ca3db7608ed041650ab97470a5abb0b77

  • SHA256

    187a3166a30025e565136799632ef7661513ea257c4dbaa9251aaec973d64d65

  • SHA512

    a57ea530c9c3551581903251b36d7064e810040bffd038220178e75af01223f15accb1b04250474004f08113de9b42ceecafd4bbe5b09d7e642b74db26dbe541

  • SSDEEP

    1536:C5JeZFIF5l3I3CbUqdIxCj8ce9PZ+idI1Ax+i2hTltdJJRaCAd1uhNRs8bzu5VAV:C5wTIFT3uCl8ZBbdI6+PltdxcwiAV

Score
7/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0f648d9e694e58391ffe778f16529d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0f648d9e694e58391ffe778f16529d0N.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\Users\Admin\AppData\Local\Temp\a0f648d9e694e58391ffe778f16529d0N.exe.exe
      C:\Users\Admin\AppData\Local\Temp\a0f648d9e694e58391ffe778f16529d0N.exe.exe
      2⤵
      • Executes dropped EXE
      PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
    Filesize

    2.2MB

    MD5

    5d88ebcc4a25f6f7175190b189f95539

    SHA1

    49bfdde38663ec123a34de8abc78b0f95c9996e8

    SHA256

    5a2b44873feba45bc86c885e6c32d35951bbae3196757ad13b760d54b3e9b50e

    SHA512

    843c649b963dfe150f8a9aa1783af8b2d5c1a7be71743b54f3ecf9890612e8a2dc54d70f54375cad6773cd39056f852f9dc96fc541e0d831f2d84699168b1362

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a0f648d9e694e58391ffe778f16529d0N.exe.exe
    Filesize

    228KB

    MD5

    88467494a92edf87f196d4889f5dbcc3

    SHA1

    f4f78e34e69eb87375381614c151f3f911c94401

    SHA256

    555991ad172e7e6d3977326f7f4ee88a9374849a8254fe5a2ede136b683c1f51

    SHA512

    1459379fddd38ac3253b731186c5fe6f3a6026543fecce727551dcc1e8f331d3ca24649379f876ba3ca733c52cee2d96d9dd9e72aebae26040735e926dad7e12

    Download Submit

  • memory/1668-26-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download