Malware Analysis Report

2025-01-22 12:24

Sample ID 240517-z1wcwabd36
Target 51809024d5f16499690fcf02eb2551f8_JaffaCakes118
SHA256 9915c2c1f03c3d7ce45cd65a5d5466d6ea572bb6e4a621edf924a6f43f97a0df
Tags
aspackv2
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9915c2c1f03c3d7ce45cd65a5d5466d6ea572bb6e4a621edf924a6f43f97a0df

Threat Level: Shows suspicious behavior

The file 51809024d5f16499690fcf02eb2551f8_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

aspackv2

ASPack v2.12-2.42

Loads dropped DLL

Unsigned PE

Enumerates physical storage devices

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-17 21:11

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 21:11

Reported

2024-05-17 21:14

Platform

win7-20240221-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\51809024d5f16499690fcf02eb2551f8_JaffaCakes118.exe"

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\51809024d5f16499690fcf02eb2551f8_JaffaCakes118.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\51809024d5f16499690fcf02eb2551f8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\51809024d5f16499690fcf02eb2551f8_JaffaCakes118.exe"

Network

N/A

Files

\Archivos de programa\Unico - Ventas\Actualizador.exe

MD5 179723f68097a5393d500fb0f6a1df80
SHA1 b6be352431f1085cb8b4dce013aea0870b3f2ddf
SHA256 486cd452e402432281f24666d36512c0d389e23df101690353d29ce22cc64700
SHA512 c99b0d4179764968e3a607486b0bfe9617f4e7346abf1e435d56634bbd17296e64160b3df501fe39f49c6ba80891b6c16456e9c91b3a8541d9c9d2af8362713d

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-17 21:11

Reported

2024-05-17 21:14

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\51809024d5f16499690fcf02eb2551f8_JaffaCakes118.exe"

Signatures

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\51809024d5f16499690fcf02eb2551f8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\51809024d5f16499690fcf02eb2551f8_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.202:443 www.bing.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 202.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A