a17680b366f547b3dc46f364bd2c3e2c2ad8990df7cfa33f79e8eae27a36d3b3

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 08:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

daspr_inst.exe
Size

705KB
MD5

8450b1f2cd5846bfd7d09862899c2973
SHA1

d5fa3bcc3f00f14756bea881f32ece309dba301c
SHA256

63bff1df437278c2c4017b0dd57c14ce0ace07068e15b5c996a6006c512226f5
SHA512

89cbf8ea2d99db67df046edef645495762f8da75ca2ad9f9b2a18ddd67d758609d02a3ad574b509c6133b801f4bbecb4e2dad19ddb0ef8db9593a97ca530b96d
SSDEEP

12288:OTurWi8jYcs41XwKo2l9fvngA7CVxbYlWNrSu8HgvvBOvwDCA9LtBQC9W:Uuii8441XBlvgAWVqMWueETVt9Q

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
4060	daspr_inst.exe
4060	daspr_inst.exe
4060	daspr_inst.exe
4060	daspr_inst.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4060-0-0x0000000000400000-0x0000000000455000-memory.dmp	upx
behavioral2/memory/4060-59-0x0000000000400000-0x0000000000455000-memory.dmp	upx
behavioral2/memory/4060-61-0x0000000000400000-0x0000000000455000-memory.dmp	upx
behavioral2/files/0x000c000000023aeb-92.dat	upx
behavioral2/memory/4060-104-0x0000000000400000-0x0000000000455000-memory.dmp	upx
behavioral2/memory/4060-139-0x0000000000400000-0x0000000000455000-memory.dmp	upx

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\InqSoft\Die, ASProtect, Die!\DASPr.exe	daspr_inst.exe
File opened for modification	C:\Program Files (x86)\InqSoft\Die, ASProtect, Die!\English.lng	daspr_inst.exe
File created	C:\Program Files (x86)\InqSoft\Die, ASProtect, Die!\Uninstall.exe	daspr_inst.exe
File opened for modification	C:\Program Files (x86)\InqSoft\Die, ASProtect, Die!\Uninstall.exe	daspr_inst.exe
File opened for modification	C:\Program Files (x86)\InqSoft\Die, ASProtect, Die!\daspr.dic	daspr_inst.exe
File opened for modification	C:\Program Files (x86)\InqSoft\Die, ASProtect, Die!\InqSoft.url	daspr_inst.exe
File opened for modification	C:\Program Files (x86)\InqSoft\Die, ASProtect, Die!\DASPr.hlp	daspr_inst.exe
File opened for modification	C:\Program Files (x86)\InqSoft\Die, ASProtect, Die!\DASPr.cnt	daspr_inst.exe
File opened for modification	C:\PROGRAM FILES (X86)\INQSOFT\DIE, ASPROTECT, DIE!\INSTALL.LOG	daspr_inst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	daspr_inst.exe

C:\Users\Admin\AppData\Local\Temp\daspr_inst.exe
"C:\Users\Admin\AppData\Local\Temp\daspr_inst.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:4060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\InqSoft\Die, ASProtect, Die!\DASPr.exe

Filesize
367KB

MD5
03bac465fa1536ca827fa74b680f3a88

SHA1
9172685ea6210074d991c9808b1bd4a864be12e1

SHA256
293487c2a6ea6192d458987456c3befa853128801d4d3f06d94f94143059a8a7

SHA512
af640b33062705ce867b5a8bf098f7472b4a6c49d03a157b8e0c0cd456268e09cb6f61ffc0bc1de56a293035d9de4d581f380b3b2954acb0f8436f2d0b67db02

Download Submit
C:\Program Files (x86)\InqSoft\Die, ASProtect, Die!\Uninstall.exe

Filesize
194KB

MD5
62da2c201bc09a55c97c46f0ad73c28a

SHA1
adbdd63ff66fada5d91836caf1f62b992953964f

SHA256
dc870b8ade874c66d009553139eeeb07087c4a1f2e7125a140b048e349822e4b

SHA512
157bade77af45e414a1ef3e6d0887c28be3e5bdb3e191405759f6bde1585be3e69e254861c39fa530e66b825ebdeb5b31fa3c8e9804750543e37cb57b53f9341

Download Submit
C:\Temp\1NB2UAMH\daspr_inst\db.pdb

Filesize
1KB

MD5
a584ccdc0f6c8a0de4fb3edbf8a9581b

SHA1
c980d9cad9d60395fe4c26fc865740803575f34d

SHA256
dd9d460640310df6e6626f62499df423e0f9706dbcd39199d5358ce99048b9d4

SHA512
7346bcfc39d6b72baf0d0e312d5556c19dc4f2b22d2b4dc3eeccc0d98b1d05e94eadcecb69efcee984558a7e9f0efc31da43db09cdae8c6df0279315c039e3de

Download Submit
C:\Temp\1NB2UAMH\daspr_inst\lng\Enu.lng

Filesize
5KB

MD5
60f475862cf4363904975df475353bb4

SHA1
7a3dbc3ab2d7bc3f278b27e91834b5f309db316e

SHA256
2cf57a46d77808d30ccdfe6d67801119c6cc812f0fba02d9689a91f33399a427

SHA512
ebbb9dc923424cfc194ac198fbc1aa15f20e1ce2543c5c281f627980ede4d8ce7fa5eea34b33ac66d9613048a55f44df17877933947ea71fe42b1e8a74a39ecd

Download Submit
C:\Temp\1NB2UAMH\daspr_inst\main.pdb

Filesize
2KB

MD5
a4fb0a4181471586b0fe74799dc266f9

SHA1
df0b1bd5ce23ceadc4c4d99f31008c08f7f984e6

SHA256
88f7b5f8c7b58597aae3d33ebb05a8937b2d27804580e3d6c3af3d3c1d1a0ba3

SHA512
a58abe392c08c5b45ba985131cc921e4c3e71e38b05d7c34a90c051d1fef4aa8d3e8ab83c0cc2fcf979ccc469f93ef781380d3a88e6ea63a2fe1bb797d6659b3

Download Submit
C:\Temp\1NB2UAMH\daspr_inst\plugins\0\StdUI.dll

Filesize
147KB

MD5
fd79e19735bf8e2b0f1bb7a33722d2b3

SHA1
2afa6ff9ee590c7b74510ca9e4f0cd93031c68cf

SHA256
94547e9c23ba88f586b736a97c04e04344e71fa3854ac147992e44d4b1c7d8f4

SHA512
853a97e76bbe82822002e8e26bcd42752c9f76a0f4a852d8a5512ae3993e732834b323cc6cf42116a0204657eac9445264181f583e8392512538f43eebb98d52

Download Submit
C:\Temp\1NB2UAMH\daspr_inst\plugins\0\StdUI.ini

Filesize
1KB

MD5
8024796c20aa7ea968cd5ec61461ffd5

SHA1
2f73252c26f57be1759ae73f0071035b2a7884da

SHA256
694603af06950a79d9ff4c56c2229cd89c91d91e3a7ee8edf92f983542c1debc

SHA512
99d07262c8011724790b4b2c6410e0f6a51181b63285cddf056c0feb2809269a1b35663367063ed7419c607b3ed2ba86455617e4b4dc4a2f9519b181c9b276d6

Download Submit
C:\Temp\1NB2UAMH\daspr_inst\plugins\0\lng\Enu.lng

Filesize
4KB

MD5
ac4c7d9da804065ce25541ccfe5c9296

SHA1
4fdd65221399ad4a3eba47be8bb7d3e9a37501bd

SHA256
94ed93684eca3c16b957e34e3937c3eae52d3275c8bfe3d2d845583c2bec152b

SHA512
6ad24a1049f04b7651c611a9d53205bc7a24ba70431870edf56b38240acf53872135bc8bbb61d897fed06fc0ea7666aafb3418ddfc3197549ee9c98bf889a9b9

Download Submit
C:\Temp\1NB2UAMH\daspr_inst\presetup.bmp

Filesize
13KB

MD5
65668961b4585f1564eb5bbf3b40dcde

SHA1
8966cd3903c4ba85dc3855f3c26ff720e3bbb369

SHA256
4600e337e68cdcf786b193e3d28ea5934576f8b7b3bee6241177eca56c6cea4d

SHA512
a4829c7ba8e4ed17c9b590bcfc96320b6b69e4189f4b928d0a694a82a7a0c9a9436f7bf588ab17e6b451c7b7572505f18e837787a1cbebd8f45fa3b9f4306de1

Download Submit
C:\Temp\1NB2UAMH\daspr_inst\presetup.rgn

Filesize
1KB

MD5
172eeccf4687e172e12a1b4ad3023e9f

SHA1
2b74254b4426b38932748aae109ddd1635ee7261

SHA256
cc0b0c69fb12cba8230c363bf63809ac1b8c8695a533446c87c86d9f8643c8c7

SHA512
ffb640adc81bcdcb45a6cd9e95a96c45e49fbf75ff7c785dc79623adf2c9a54930e3437c1f48b537d271b3b63ce5c1cc7e3f90709afb334d2acab3751cc69815

Download Submit
C:\Temp\1NB2UAMH\daspr_inst\presetup\License.rtf

Filesize
9KB

MD5
f512155bd7051e7b94cd6af28311ab48

SHA1
cb24ef2cab6f6394ae453a953281fdf315d94d0c

SHA256
a2fccccf288b2b5468464e65573e90a4e40627b9fb767b4861a9492ac80c57c7

SHA512
23287c0f9637692cdff3744fd97887d1eb7643098f279520e50ac6aa0e32cb8600f9acd001c6f4c1801e06afe5b2eb2e2a77b2569a5cbc693126c850afe0c71f

Download Submit
C:\Temp\1NB2UAMH\unpack.dll

Filesize
34KB

MD5
14f73839452c4e55a15c7a92cf394719

SHA1
eb0a20072c3471b18cbc30ab1e379e15680eb674

SHA256
e453b3733b2a0dc178bbfd065a24592fa1d9779c1d85adfd769ede98e6ef6230

SHA512
aeeb557896f13d0c006badd1b232e2d32077a039e66ab68082babe7b7b50f451ea229d0b81898e570f4fef82ca4375a4654b5c892cd243ee37dbc63801c08ef3

Download Submit
memory/4060-62-0x0000000002CD0000-0x0000000002CF9000-memory.dmp

Filesize
164KB

Download
memory/4060-105-0x0000000002CD0000-0x0000000002CF9000-memory.dmp

Filesize
164KB

Download
memory/4060-104-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/4060-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/4060-5-0x0000000002B20000-0x0000000002B47000-memory.dmp

Filesize
156KB

Download
memory/4060-64-0x0000000002CD0000-0x0000000002CF9000-memory.dmp

Filesize
164KB

Download
memory/4060-61-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/4060-60-0x0000000002CD0000-0x0000000002CF9000-memory.dmp

Filesize
164KB

Download
memory/4060-59-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/4060-53-0x0000000002CD0000-0x0000000002CF9000-memory.dmp

Filesize
164KB

Download
memory/4060-139-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download