9c20ff57fc85910037e679b90d080907724389ae49efe6a3d56f2a8c85329e41 | Triage

Submit
Reports

Overview

overview

Static

static

7

fb6fb098e1...18.exe

windows7-x64

fb6fb098e1...18.exe

windows10-2004-x64

Sharing

General

Target

fb6fb098e1afdcb8036b9cbb5883beb6_JaffaCakes118
Size

6.2MB
Sample

240419-3syptaaf63
MD5

fb6fb098e1afdcb8036b9cbb5883beb6
SHA1

df16a18cda4d121764887b803cb824cad1a61099
SHA256

9c20ff57fc85910037e679b90d080907724389ae49efe6a3d56f2a8c85329e41
SHA512

af8d9c29af8070fa90b5707f139c248e862e1547c76cdb837f68a77759498ead6e92bc7b7c7677a2c574fde3d513ec0c1f135098049388f984be87f0a9b3644d
SSDEEP

49152:gwi0L0qKEB8NIMI8Sfpwotkzaxc1OGz8KTpKXl53q:ri0mIMzKpXOMGQKTpKXl5a

Score

10^/10

aspackv2 persistence ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fb6fb098e1afdcb8036b9cbb5883beb6_JaffaCakes118.exe

Resource

win7-20240221-en

aspackv2 persistence ransomware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

fb6fb098e1afdcb8036b9cbb5883beb6_JaffaCakes118.exe

Resource

win10v2004-20240226-en

aspackv2 persistence ransomware

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  fb6fb098e1afdcb8036b9cbb5883beb6_JaffaCakes118
- Size
  
  6.2MB
- MD5
  
  fb6fb098e1afdcb8036b9cbb5883beb6
- SHA1
  
  df16a18cda4d121764887b803cb824cad1a61099
- SHA256
  
  9c20ff57fc85910037e679b90d080907724389ae49efe6a3d56f2a8c85329e41
- SHA512
  
  af8d9c29af8070fa90b5707f139c248e862e1547c76cdb837f68a77759498ead6e92bc7b7c7677a2c574fde3d513ec0c1f135098049388f984be87f0a9b3644d
- SSDEEP
  
  49152:gwi0L0qKEB8NIMI8Sfpwotkzaxc1OGz8KTpKXl53q:ri0mIMzKpXOMGQKTpKXl5a
Score

10^/10

aspackv2 persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Renames multiple (91) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

aspackv2persistenceransomware

behavioral2

aspackv2persistenceransomware

© 2018-2024

Terms | Privacy