2e9690b042e3be4bef18f559f5df992d8cff70b1f8d3aed3e649c7e100f1077f | Triage

Submit
Reports

Overview

overview

Static

static

7

0046af8b8f...18.exe

windows7-x64

0046af8b8f...18.exe

windows10-2004-x64

Sharing

General

Target

0046af8b8f7390c9ffffa0cb21f0cb71_JaffaCakes118
Size

863KB
Sample

240426-jaa19abf4z
MD5

0046af8b8f7390c9ffffa0cb21f0cb71
SHA1

4e79a31dcdef729be1d4f803e99d3f69b116a5e1
SHA256

2e9690b042e3be4bef18f559f5df992d8cff70b1f8d3aed3e649c7e100f1077f
SHA512

61732e3e8ca309ba64fd8ac7a1adc1f0d5e1a5b22ae8b362e799ca4e3ca9ff44c364f8ece71efee6697f39e7e3c236f16dd326701beda8fe570a0db4dd015688
SSDEEP

24576:ZMMpXS0hN0V0HZSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0ND:Kwi0L0qk+5W/W

Score

10^/10

aspackv2 persistence ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0046af8b8f7390c9ffffa0cb21f0cb71_JaffaCakes118.exe

Resource

win7-20240221-en

aspackv2 persistence ransomware

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

0046af8b8f7390c9ffffa0cb21f0cb71_JaffaCakes118.exe

Resource

win10v2004-20240412-en

aspackv2 persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  0046af8b8f7390c9ffffa0cb21f0cb71_JaffaCakes118
- Size
  
  863KB
- MD5
  
  0046af8b8f7390c9ffffa0cb21f0cb71
- SHA1
  
  4e79a31dcdef729be1d4f803e99d3f69b116a5e1
- SHA256
  
  2e9690b042e3be4bef18f559f5df992d8cff70b1f8d3aed3e649c7e100f1077f
- SHA512
  
  61732e3e8ca309ba64fd8ac7a1adc1f0d5e1a5b22ae8b362e799ca4e3ca9ff44c364f8ece71efee6697f39e7e3c236f16dd326701beda8fe570a0db4dd015688
- SSDEEP
  
  24576:ZMMpXS0hN0V0HZSGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlRXZ+CP63n0ND:Kwi0L0qk+5W/W
Score

10^/10

aspackv2 persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Renames multiple (91) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

aspackv2persistenceransomware

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy