bb17ac88ddf2c4f7dcaabc736c066fd23b683f7c010642bf98f7f7420d8c62eb

General

Target

bb17ac88ddf2c4f7dcaabc736c066fd23b683f7c010642bf98f7f7420d8c62eb.exe
Size

13.6MB
MD5

3da6c50ed714753a5e8d791742661bf3
SHA1

e0e938d6d12fc2d96709541d64bf4fcfd82d0b17
SHA256

bb17ac88ddf2c4f7dcaabc736c066fd23b683f7c010642bf98f7f7420d8c62eb
SHA512

a82d844b137dc4b80bb4b377fccd073eaa4d6d66208f731b13237dbe0531fe86747f5058e45d193014cbcc5bcc185a7aab3f4cf182d668d536a8613e1bf16979
SSDEEP

393216:gpG9CZ3cyVGNEksGtnR4AM/ic9sHaJSRX7xD:g09kcakztnq/jqaJSRX

Score

7^/10

aspackv2 discovery

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x0009000000017570-2.dat	aspack_v212_v242

Loads dropped DLL 2 IoCs

pid	Process
2236	bb17ac88ddf2c4f7dcaabc736c066fd23b683f7c010642bf98f7f7420d8c62eb.exe
2236	bb17ac88ddf2c4f7dcaabc736c066fd23b683f7c010642bf98f7f7420d8c62eb.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb17ac88ddf2c4f7dcaabc736c066fd23b683f7c010642bf98f7f7420d8c62eb.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2236	bb17ac88ddf2c4f7dcaabc736c066fd23b683f7c010642bf98f7f7420d8c62eb.exe

C:\Users\Admin\AppData\Local\Temp\bb17ac88ddf2c4f7dcaabc736c066fd23b683f7c010642bf98f7f7420d8c62eb.exe
"C:\Users\Admin\AppData\Local\Temp\bb17ac88ddf2c4f7dcaabc736c066fd23b683f7c010642bf98f7f7420d8c62eb.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\3141171973\ui.dll

Filesize
2.6MB

MD5
14a4d83af50c93b1e5049e299e2ae93e

SHA1
8d47d7fe0e7e289c0d1d1a778ff713e8b976160e

SHA256
211bcaf4a5e850653e40a37d63f27479503d793053f801fd9d9a3238c463746b

SHA512
f02828c3a03c316396b3a1036799b38ca6d764d4dad430a9460a7253ccad98cb9a4f4fc15a1ee1cbc80cf2105c6e104dda41d5455c7c2378c9dc71de17fe2727

Download Submit
\Users\Admin\AppData\Local\Temp\3141171973\uimod.dll

Filesize
6.1MB

MD5
d7beff9a0702ee3433e352920a158306

SHA1
c659cd53a89b3ba8449b8040bc1b03f0fbafaeb6

SHA256
12a3ecd17726e69fec15fca91d3e14cfe0657a3ee90bb3ff13ee10b4535b881f

SHA512
7779d789056f345c2ca1a8f0dbbda860cedd64a8867255fa92786ab6a3789ff75acb771b2be75faa74408b5c9166e474f31424f0d34f1dccc59d5be9efcf65f1

Download Submit
memory/2236-53-0x0000000074290000-0x00000000748D2000-memory.dmp

Filesize
6.3MB

Download
memory/2236-67-0x0000000000400000-0x0000000001BB9000-memory.dmp

Filesize
23.7MB

Download
memory/2236-5-0x0000000074290000-0x00000000748D2000-memory.dmp

Filesize
6.3MB

Download
memory/2236-8-0x0000000074290000-0x00000000748D2000-memory.dmp

Filesize
6.3MB

Download
memory/2236-55-0x0000000074290000-0x00000000748D2000-memory.dmp

Filesize
6.3MB

Download
memory/2236-26-0x000000007EF80000-0x000000007EF90000-memory.dmp

Filesize
64KB

Download
memory/2236-37-0x000000007EF80000-0x000000007EF90000-memory.dmp

Filesize
64KB

Download
memory/2236-47-0x0000000074290000-0x00000000748D2000-memory.dmp

Filesize
6.3MB

Download
memory/2236-46-0x0000000000400000-0x0000000001BB9000-memory.dmp

Filesize
23.7MB

Download
memory/2236-49-0x0000000074290000-0x00000000748D2000-memory.dmp

Filesize
6.3MB

Download
memory/2236-48-0x0000000000400000-0x0000000001BB9000-memory.dmp

Filesize
23.7MB

Download
memory/2236-50-0x0000000000400000-0x0000000001BB9000-memory.dmp

Filesize
23.7MB

Download
memory/2236-6-0x0000000074290000-0x00000000748D2000-memory.dmp

Filesize
6.3MB

Download
memory/2236-0-0x0000000000400000-0x0000000001BB9000-memory.dmp

Filesize
23.7MB

Download
memory/2236-7-0x0000000074290000-0x00000000748D2000-memory.dmp

Filesize
6.3MB

Download
memory/2236-54-0x0000000000400000-0x0000000001BB9000-memory.dmp

Filesize
23.7MB

Download
memory/2236-56-0x0000000000400000-0x0000000001BB9000-memory.dmp

Filesize
23.7MB

Download
memory/2236-58-0x0000000000400000-0x0000000001BB9000-memory.dmp

Filesize
23.7MB

Download
memory/2236-62-0x0000000000400000-0x0000000001BB9000-memory.dmp

Filesize
23.7MB

Download
memory/2236-63-0x0000000000400000-0x0000000001BB9000-memory.dmp

Filesize
23.7MB

Download
memory/2236-66-0x0000000074290000-0x00000000748D2000-memory.dmp

Filesize
6.3MB

Download
memory/2236-65-0x0000000000400000-0x0000000001BB9000-memory.dmp

Filesize
23.7MB

Download
memory/2236-68-0x0000000074290000-0x00000000748D2000-memory.dmp

Filesize
6.3MB

Download
memory/2236-52-0x0000000000400000-0x0000000001BB9000-memory.dmp

Filesize
23.7MB

Download
memory/2236-69-0x0000000000400000-0x0000000001BB9000-memory.dmp

Filesize
23.7MB

Download
memory/2236-72-0x0000000074290000-0x00000000748D2000-memory.dmp

Filesize
6.3MB

Download
memory/2236-71-0x0000000000400000-0x0000000001BB9000-memory.dmp

Filesize
23.7MB

Download
memory/2236-73-0x0000000000400000-0x0000000001BB9000-memory.dmp

Filesize
23.7MB

Download

Analysis

Sharing