Overview

overview

7

Static

static

7

4a022a723a...4N.exe

windows7-x64

7

4a022a723a...4N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    74s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2024, 05:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4a022a723a50d680e4559bb2c5aa42674be52fead845880a635c4bfccb184194N.exe

  • Size

    2.2MB

  • MD5

    0329e21ed625a1817b00bf359b736ff0

  • SHA1

    98c8bebcd647f96091c38777272e678bbb505563

  • SHA256

    4a022a723a50d680e4559bb2c5aa42674be52fead845880a635c4bfccb184194

  • SHA512

    31fa60ee32b25b2ecf5b4ba8808266771245672ae16d3a891be958cd2f1f3550ac7f9e41b501688b9c7a529baa99f62976ee111e30289847d12b13b8de389d4e

  • SSDEEP

    1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRq:352T3siXei5bcmP9JfUjW

Score
7/10
aspackv2discoverypersistence

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Deletes itself 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a022a723a50d680e4559bb2c5aa42674be52fead845880a635c4bfccb184194N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a022a723a50d680e4559bb2c5aa42674be52fead845880a635c4bfccb184194N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\$$$$$.bat
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$$$$$.bat
    Filesize

    266B

    MD5

    9c9bd0c1b5a6dc84ff2f41b83ddb0254

    SHA1

    073c9847d9d828e3610cbe37f2fc172e04b4876f

    SHA256

    2b0d3792e94945b203bfcc53b5596cf6e5b20f0ad05e71211cc450ee6cd05c1f

    SHA512

    362645ef0a7ea57d0490d3d0031bc4abfaee01812514690b6a5963406446ae2c8f395cb7b22bdbf96ad6b126cd214422f9fa5f0b2c25753e952cd82c7b45376e

    Download Submit

  • C:\Windows\SysWOW64\drivers32\Tomb Raider - The Angel of Darkness No-Cd Crack.exe
    Filesize

    2.2MB

    MD5

    0329e21ed625a1817b00bf359b736ff0

    SHA1

    98c8bebcd647f96091c38777272e678bbb505563

    SHA256

    4a022a723a50d680e4559bb2c5aa42674be52fead845880a635c4bfccb184194

    SHA512

    31fa60ee32b25b2ecf5b4ba8808266771245672ae16d3a891be958cd2f1f3550ac7f9e41b501688b9c7a529baa99f62976ee111e30289847d12b13b8de389d4e

    Download Submit

  • memory/1720-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1720-522-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1720-826-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download