Overview

overview

10

Static

static

7

369cf1eef9...18.exe

windows7-x64

10

369cf1eef9...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/05/2024, 21:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    369cf1eef95bfc2c400be90a1288b2f4_JaffaCakes118.exe

  • Size

    878KB

  • MD5

    369cf1eef95bfc2c400be90a1288b2f4

  • SHA1

    c51c5cf9205c7a0203dd212d8fe409d3cc622c64

  • SHA256

    04457ffd43e4c864a0320e24b216d5ac2c1d6d854af4ef86f5094437b09a084b

  • SHA512

    ed994a202d3b0c2765b9c4c7744949e4ad3d890c875baed019a4e71f2aaa89d59b51e7e405c30feaf0a337c790f8978ab3196f6edfdc06064afdc8b98dd53808

  • SSDEEP

    24576:ZMMpXS0hN0V0HoSMMMpXS0hN0V0H0SGB2uJ2s4otqFCJrW9FqvSbqsHasgXhFHD9:Kwi0L0qlFwi0L0qp8

Score
10/10
aspackv2persistenceransomware

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Renames multiple (91) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • ASPack v2.12-2.42 3 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\369cf1eef95bfc2c400be90a1288b2f4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\369cf1eef95bfc2c400be90a1288b2f4_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      PID:2136

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.exe
          Filesize

          879KB

          MD5

          3b06426dd5400d070391aa2bf56eca20

          SHA1

          c2520551bb2e32b86a2cbd03dcf41b626c294312

          SHA256

          a102d3a6926d8e42802f31f7b459cbe0602ece38d5c92a622e69081b60d2a756

          SHA512

          ea51332339982978aaa798df4200ee8e087545409442351ed3abf4d5b0570803b7ddfc75f285752dfb7ceddfa4bc4f32baca0906493e73cacf48a55a46855222

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
          Filesize

          1KB

          MD5

          0eea33d0646f310b4ae0314b5aaf86fc

          SHA1

          68acd368d4206768e3169b976a2feddf44221e85

          SHA256

          9f44889d3239472254374fbfb644f70912f9dcc2dfd16c1d190e57892674f9a4

          SHA512

          da957381ab97295844b8de90c9a903ffb44b9de859a1c6fd61ad4cb783085e317addf823fcdca396be4837eed6bc2a23beaa6e5f524cb9a87e9e69d91171c705

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
          Filesize

          954B

          MD5

          5f857da621fd62c43340f7ca9eaa88f9

          SHA1

          d4ea40d8c0479130986b8a42287a39b2b44946f4

          SHA256

          aaa9e719b8b5e7bff132667092ca8b4fec19aa2d832dc1891f8033cb3e2dc1ba

          SHA512

          6dae78b25eb2377430c3bf942b2981b3746febbe4dda1bfc5b2a698cf020aff4e89dab04ce6d79245d83536bbcf8befece61774252084efdc8222ef2c7922779

          Download Submit

        • F:\AUTORUN.INF
          Filesize

          145B

          MD5

          ca13857b2fd3895a39f09d9dde3cca97

          SHA1

          8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

          SHA256

          cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

          SHA512

          55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

          Download Submit

        • F:\AutoRun.exe
          Filesize

          878KB

          MD5

          369cf1eef95bfc2c400be90a1288b2f4

          SHA1

          c51c5cf9205c7a0203dd212d8fe409d3cc622c64

          SHA256

          04457ffd43e4c864a0320e24b216d5ac2c1d6d854af4ef86f5094437b09a084b

          SHA512

          ed994a202d3b0c2765b9c4c7744949e4ad3d890c875baed019a4e71f2aaa89d59b51e7e405c30feaf0a337c790f8978ab3196f6edfdc06064afdc8b98dd53808

          Download Submit

        • \Windows\SysWOW64\HelpMe.exe
          Filesize

          705KB

          MD5

          bcffb43a6afc5a21f7997705e8f450bb

          SHA1

          59fc4bfb0abfbdaa62e7469f1350e53ec0a03a32

          SHA256

          310eeeb1ecf6c8834da10049b5b48a887960f29345c5dfb37dd72234196a840f

          SHA512

          a892bb10f7b81f671dffa27c1de18be7ddcb7c29ece2b212b375c1639b6674a87e4dbfcbcd6f82d4238e4c51ad7183b47c73cff9951d9be385952d7da4399d20

          Download Submit

        • memory/2136-263-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2136-323-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2136-229-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2136-363-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2136-239-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2136-353-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2136-241-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2136-9-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2136-343-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2136-251-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2136-331-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2136-313-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2136-303-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2136-273-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2136-293-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2136-283-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2188-330-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2188-258-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2188-302-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2188-272-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2188-312-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2188-0-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2188-282-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2188-228-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2188-292-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2188-322-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2188-342-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2188-250-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2188-352-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2188-238-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2188-362-0x0000000000400000-0x0000000000478000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2188-240-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download