05c4f0504bac495cc9ec6b30355c01bb3574dcf24ebf5f73ce2bd68316b0d492 | Triage

Submit
Reports

Overview

overview

Static

static

7

6ae36280ba...18.exe

windows7-x64

6ae36280ba...18.exe

windows10-2004-x64

Sharing

General

Target

6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118
Size

677KB
Sample

240523-panv1agb7s
MD5

6ae36280ba9af6694960de5bb55aad9a
SHA1

24ae746e94b195dbef2079f89db9346e2695b14e
SHA256

05c4f0504bac495cc9ec6b30355c01bb3574dcf24ebf5f73ce2bd68316b0d492
SHA512

56b71d8cd15b1cad6f56f6d237b5ce2eb3dabc12b591524da4fa9bde1a80dd5376bd4c162645debc9ec2ed1dac5e470a6af3042a2649362f3c8cb532f9870bc2
SSDEEP

12288:ZMMpXKb0hNGh1kG0HWnAHU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtle:ZMMpXS0hN0V0HzSGB2uJ2s4otqFCJrW9

Score

10^/10

aspackv2 persistence ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe

Resource

win7-20240221-en

aspackv2 persistence ransomware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118.exe

Resource

win10v2004-20240426-en

aspackv2 persistence

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  6ae36280ba9af6694960de5bb55aad9a_JaffaCakes118
- Size
  
  677KB
- MD5
  
  6ae36280ba9af6694960de5bb55aad9a
- SHA1
  
  24ae746e94b195dbef2079f89db9346e2695b14e
- SHA256
  
  05c4f0504bac495cc9ec6b30355c01bb3574dcf24ebf5f73ce2bd68316b0d492
- SHA512
  
  56b71d8cd15b1cad6f56f6d237b5ce2eb3dabc12b591524da4fa9bde1a80dd5376bd4c162645debc9ec2ed1dac5e470a6af3042a2649362f3c8cb532f9870bc2
- SSDEEP
  
  12288:ZMMpXKb0hNGh1kG0HWnAHU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtle:ZMMpXS0hN0V0HzSGB2uJ2s4otqFCJrW9
Score

10^/10

aspackv2 persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Renames multiple (91) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

aspackv2persistenceransomware

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy