Overview

overview

10

Static

static

7

066d06ca00...81.exe

windows7-x64

10

06d6f22d02...bc.exe

windows7-x64

8

09f1d49065...d1.exe

windows7-x64

10

208cca124d...45.exe

windows7-x64

10

241f67ece2...79.exe

windows7-x64

1

30616f6c48...60.exe

windows7-x64

10

44f28cd6ea...7e.exe

windows7-x64

3

4b190a407b...5f.exe

windows7-x64

10

72ddceebe7...6b.exe

windows7-x64

9

7b53a00b3a...b2.exe

windows7-x64

7

7cf39ebb44...57.exe

windows7-x64

10

8c42a08427...51.exe

windows7-x64

7

9d081b734c...91.exe

windows7-x64

4

b25cc31472...15.exe

windows7-x64

10

b2ec72de35...8f.exe

windows7-x64

6

b4c2ffccfe...dd.exe

windows7-x64

5

bab7af3306...be.exe

windows7-x64

9

c531015ec0...86.exe

windows7-x64

8

dc7ab2e7ed...60.exe

windows7-x64

8

debfd1fb34...d8.exe

windows7-x64

8

df36e2aaae...37.exe

windows7-x64

9

df99316e57...27.exe

windows7-x64

4

e60fc4473a...60.exe

windows7-x64

10

Analysis

  • max time kernel
    837s
  • max time network
    840s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    12-11-2024 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e60fc4473ada26f3a8d2dd5c5f226441073bf86737e271f6f2ec61324ef9ab60.exe

  • Size

    293KB

  • MD5

    dbc292a2292c6061700236830d45ca91

  • SHA1

    fcdfba4b95c145a715209d694639de6be0478f6b

  • SHA256

    e60fc4473ada26f3a8d2dd5c5f226441073bf86737e271f6f2ec61324ef9ab60

  • SHA512

    551e097fb31a5e7a6b6ecf602f7ae8cb63dc620940fe47b003ebcafcedbfdb391731cfce399b48111ee9524f2272f53eb4076c84f65e377336930fd6b3c3e0fe

  • SSDEEP

    6144:6qcbmoTtMUxxzP75a2eoEnnZcYupty6DPlQ82hmbN:6NTTyUX/5a2NGZcTs6DPlahmbN

Score
10/10
aspackv2discoverypersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 23 IoCs
  • Runs regedit.exe 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e60fc4473ada26f3a8d2dd5c5f226441073bf86737e271f6f2ec61324ef9ab60.exe
    "C:\Users\Admin\AppData\Local\Temp\e60fc4473ada26f3a8d2dd5c5f226441073bf86737e271f6f2ec61324ef9ab60.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Windows\SysWOW64\regedit.exe
      regedit.exe /s "C:\Users\Admin\AppData\Local\Temp\\\15.ini"
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Runs regedit.exe
      PID:2492
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\srun53.bat" "
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2968
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3064
      • C:\Windows\SysWOW64\cacls.exe
        cacls "C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\╞⌠╢» Internet Explorer Σ»└└╞≈.lnk" /G Everyone:R /C
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\15.ini
    Filesize

    139B

    MD5

    bb454b063043f484326575ce60d587c1

    SHA1

    cac3171df8fc25526a82356ed53f1c45a86167be

    SHA256

    838a54026108ff550f5d3c425cf7852abea41882590863e423cf9e94573dc11f

    SHA512

    8c86e46eea787025937204f93738c02f1d5268c19e20126d86df5f1bb3d15367935b3f23e5c6c482b462ac79dbbcc87b38a952a3a8567bf9a3cff2a68ab92099

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\srun53.bat
    Filesize

    191B

    MD5

    da809eaf662b3b9d6482da20eb08e7fa

    SHA1

    9b608f6e10c1ec7f806914eaeefe4e0c63782bfa

    SHA256

    75f20029163a3e315c6138ad7a0c5fef99101ba4908d7e99b360933991d8802f

    SHA512

    6d7acf625e237f1ae8e636d2902fbc1085ca9a965c15973a77154beefcc30104a58e6351cdc284a8e151b3aca812e0073d60e0c4ff9865dcd7c6faf2e83b7005

    Download Submit

  • C:\Windows\SysWOW64\PnkB.exe
    Filesize

    293KB

    MD5

    5f950468776e1457e4e85f9bb6a4cbc4

    SHA1

    79bc0bfdf32e865e375cec9d7e076bb179f17b64

    SHA256

    fddcb3697b81a5aff4c294744fb013691c804107014045b257b1e31af7e65b7e

    SHA512

    5a066558380718f07ea3ba037e17b546227a4616e72537910b8196e550178653715850c103547153802d692be7c6dcc29c2c93740b9e7c5242e05c3c0f5f01f4

    Download Submit

  • memory/2488-0-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2488-22-0x0000000000400000-0x00000000004C8000-memory.dmp

    Filesize

    800KB

    Download