Overview

overview

7

Static

static

7

9c306fc3c4...1d.exe

windows7-x64

7

9c306fc3c4...1d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-08-2024 23:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c306fc3c46f6646e3b8cbbaf734f92f289fbef8fc9ea9a4296048a3882e8a1d.exe

  • Size

    600KB

  • MD5

    a3cce88439caab028877200299fcd213

  • SHA1

    347db76c05334cec97c6bef58eae81b943d5ae07

  • SHA256

    9c306fc3c46f6646e3b8cbbaf734f92f289fbef8fc9ea9a4296048a3882e8a1d

  • SHA512

    abc23ac4712b07ac8c43e1a8130a6ad28e0cefa56fd59615d2b0f118aa81e287b57d29bf43289c97e2a0f0e964593759be1d956e0edf7a97c19b3582afadc820

  • SSDEEP

    1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRqm:352T3siXei5bcmP9JfUjWU

Score
7/10
aspackv2discoverypersistence

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c306fc3c46f6646e3b8cbbaf734f92f289fbef8fc9ea9a4296048a3882e8a1d.exe
    "C:\Users\Admin\AppData\Local\Temp\9c306fc3c46f6646e3b8cbbaf734f92f289fbef8fc9ea9a4296048a3882e8a1d.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c c:\$$$$$.bat
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\drivers32\Tomb Raider - The Angel of Darkness No-Cd Crack.exe
    Filesize

    600KB

    MD5

    a3cce88439caab028877200299fcd213

    SHA1

    347db76c05334cec97c6bef58eae81b943d5ae07

    SHA256

    9c306fc3c46f6646e3b8cbbaf734f92f289fbef8fc9ea9a4296048a3882e8a1d

    SHA512

    abc23ac4712b07ac8c43e1a8130a6ad28e0cefa56fd59615d2b0f118aa81e287b57d29bf43289c97e2a0f0e964593759be1d956e0edf7a97c19b3582afadc820

    Download Submit

  • \??\c:\$$$$$.bat
    Filesize

    264B

    MD5

    2632bcb17fa40d750e9dd909357b5eda

    SHA1

    8819d608c136f56c4658b134d7da704d7fabba28

    SHA256

    b0d4c3b482c88f6b5b1182cecf1bd18364685dd02b925c5900ef381a637c1dbf

    SHA512

    352f2ce77228ba3b0f04bf7d54af90b53e70a2b98fb763b92d61a75487bd75a1ee0f0a7a4a8c0165c619cb941280616e0da0a9a70d8899e6573d9ed0906126f0

    Download Submit

  • memory/2392-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2392-530-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2392-821-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download