Overview

overview

10

Static

static

7

42464c5a06...6N.exe

windows7-x64

10

42464c5a06...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N

  • Size

    4.3MB

  • Sample

    240921-acjxhavhng

  • MD5

    951f19a10c46fcbe3d0e2e3169628fb0

  • SHA1

    3ea603d5fac272b14aa3bd02f6f6e49e2326c2cc

  • SHA256

    42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06

  • SHA512

    3a1dde9646905f37e6b93494bf3d1f4b2bec2fa2deac009634cac2445ec2e33bdb58f29bbd11120710f1c266b38e630769f4197ab86ef613b91b3eddd6506920

  • SSDEEP

    98304:1i0li0khMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMV:40I0kJ

Score
10/10
aspackv2discoverypersistenceransomware

Malware Config

Targets

    • Target

      42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06N

    • Size

      4.3MB

    • MD5

      951f19a10c46fcbe3d0e2e3169628fb0

    • SHA1

      3ea603d5fac272b14aa3bd02f6f6e49e2326c2cc

    • SHA256

      42464c5a066ca66d3b991ccc4138ef8cd5c289485396564b8470b87700226f06

    • SHA512

      3a1dde9646905f37e6b93494bf3d1f4b2bec2fa2deac009634cac2445ec2e33bdb58f29bbd11120710f1c266b38e630769f4197ab86ef613b91b3eddd6506920

    • SSDEEP

      98304:1i0li0khMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMMVMMMYJMV:40I0kJ

    Score
    10/10
    aspackv2discoverypersistenceransomware

    • Modifies WinLogon for persistence

      persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks