598a6a2b1e16615e10aa0795d95c06753cfd80b98ea052fcae316f45c4c908ea | Triage

Submit
Reports

Overview

overview

Static

static

7

aeebde7678...18.exe

windows7-x64

aeebde7678...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

aeebde7678e68383deb44d6a3e5c87c6_JaffaCakes118
Size

585KB
Sample

240615-r3tm3ayajp
MD5

aeebde7678e68383deb44d6a3e5c87c6
SHA1

0ebfeca6a57e8470bc04389338a510b7e41704b6
SHA256

598a6a2b1e16615e10aa0795d95c06753cfd80b98ea052fcae316f45c4c908ea
SHA512

814d596cf8c8576fa5ecb9c131594df3c3b4b1e86ac1ca7b52090ad40226d6e60b1043e0f16324e20d044907d5861404d2f69333c51ca2ac9ca28b546285b34d
SSDEEP

12288:ZMMpXKb0hNGh1kG0HWnAlU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlh:ZMMpXS0hN0V0HZSGB2uJ2s4otqFCJrW4

Score

10^/10

aspackv2 persistence ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

aeebde7678e68383deb44d6a3e5c87c6_JaffaCakes118.exe

Resource

win7-20240611-en

aspackv2 persistence ransomware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

aeebde7678e68383deb44d6a3e5c87c6_JaffaCakes118.exe

Resource

win10v2004-20240508-en

aspackv2 persistence

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  aeebde7678e68383deb44d6a3e5c87c6_JaffaCakes118
- Size
  
  585KB
- MD5
  
  aeebde7678e68383deb44d6a3e5c87c6
- SHA1
  
  0ebfeca6a57e8470bc04389338a510b7e41704b6
- SHA256
  
  598a6a2b1e16615e10aa0795d95c06753cfd80b98ea052fcae316f45c4c908ea
- SHA512
  
  814d596cf8c8576fa5ecb9c131594df3c3b4b1e86ac1ca7b52090ad40226d6e60b1043e0f16324e20d044907d5861404d2f69333c51ca2ac9ca28b546285b34d
- SSDEEP
  
  12288:ZMMpXKb0hNGh1kG0HWnAlU866w0B2uJ2s4otqFCJrW9FqvSbqsHasgXhFHDAGtlh:ZMMpXS0hN0V0HZSGB2uJ2s4otqFCJrW4
Score

10^/10

aspackv2 persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Renames multiple (91) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2persistenceransomware

behavioral2

aspackv2persistence

© 2018-2025

Terms | Privacy