Overview

overview

8

Static

static

7

1e3d0c3aa8...80.exe

windows7-x64

8

1e3d0c3aa8...80.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    93s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-07-2024 00:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e3d0c3aa8bedf4c0d08893595450607daa02900708a729c87e01872fe845080.exe

  • Size

    190KB

  • MD5

    5e5fbb2be6f5eb8368b9f5508ae91c40

  • SHA1

    ee5d2c45b329d9fa963d248dd309636a639d4fc4

  • SHA256

    1e3d0c3aa8bedf4c0d08893595450607daa02900708a729c87e01872fe845080

  • SHA512

    e8d6a6d9a5849da9bfe4ae27f73e1c255fea08f8eeb2717d5c20f29d5bcd118a168ced62db31f55623d6d2c7b53beecd0b5223b038b510bee709f22f8afe7827

  • SSDEEP

    3072:rYubs4vIPfIOKyCRfyJiJJMXybJg30TZZ+MbpqdNjfBDckH8sbigzwQjod:Euk6fK6tixMbwNL+kDrm

Score
8/10
aspackv2persistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e3d0c3aa8bedf4c0d08893595450607daa02900708a729c87e01872fe845080.exe
    "C:\Users\Admin\AppData\Local\Temp\1e3d0c3aa8bedf4c0d08893595450607daa02900708a729c87e01872fe845080.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4764
  • C:\PROGRA~3\Mozilla\fhbnahd.exe
    C:\PROGRA~3\Mozilla\fhbnahd.exe -yhwsvfa
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:3488

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

AppInit DLLs

1
T1546.010

Privilege Escalation

Event Triggered Execution

1
T1546

AppInit DLLs

1
T1546.010

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\fhbnahd.exe
    Filesize

    190KB

    MD5

    48c749c85211261a0e1697ff07f38386

    SHA1

    4d84d6e3b1ce1adb8a1a50450de276fb9b388c26

    SHA256

    99876ba0938060453102c6a08875d2fc4bc10b665acbf470c3d6b5e15e364228

    SHA512

    08dafa543c3e521ae55be4d3f0637f6c313da89aa87c3d15c762664c0f8dddb06df94e849520403a596698e7d26b0df1d3af1b8c5ed573a927c3633adec2f62e

    Download Submit
  • memory/3488-12-0x0000000000400000-0x0000000000461000-memory.dmp
    Filesize

    388KB

    Download
  • memory/3488-14-0x0000000000400000-0x0000000000461000-memory.dmp
    Filesize

    388KB

    Download
  • memory/3488-13-0x0000000000400000-0x0000000000461000-memory.dmp
    Filesize

    388KB

    Download
  • memory/3488-11-0x0000000000400000-0x0000000000461000-memory.dmp
    Filesize

    388KB

    Download
  • memory/3488-17-0x0000000000400000-0x000000000045B000-memory.dmp
    Filesize

    364KB

    Download
  • memory/4764-4-0x0000000000400000-0x000000000045B000-memory.dmp
    Filesize

    364KB

    Download
  • memory/4764-1-0x0000000000400000-0x0000000000461000-memory.dmp
    Filesize

    388KB

    Download
  • memory/4764-2-0x0000000000400000-0x0000000000461000-memory.dmp
    Filesize

    388KB

    Download
  • memory/4764-10-0x0000000000610000-0x000000000066B000-memory.dmp
    Filesize

    364KB

    Download
  • memory/4764-0-0x0000000000400000-0x0000000000461000-memory.dmp
    Filesize

    388KB

    Download
  • memory/4764-9-0x0000000000400000-0x000000000045B000-memory.dmp
    Filesize

    364KB

    Download
  • memory/4764-3-0x0000000000610000-0x000000000066B000-memory.dmp
    Filesize

    364KB

    Download