5c65d765e62ac825aa6d0c96101aa866231635557e74a418e8ce552354eacba2

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 17:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08260d432e7b69bf909b79c97130a855_JaffaCakes118.exe
Size

852KB
MD5

08260d432e7b69bf909b79c97130a855
SHA1

cbb59ffbaadb7b0a0a8aad48341d0b12b5e74897
SHA256

5c65d765e62ac825aa6d0c96101aa866231635557e74a418e8ce552354eacba2
SHA512

e43bb30dad96f94db31cd573bdd83b107dd11512c6732713fe4812951b9e476e6170d4375b297e44a1c6d499e44b4a4721c0303d5ad002bf59de082f766456e2
SSDEEP

24576:FvpKfMmr1tJsnr1o10oocLfoXjQmXrNPI:FQbJsr1yqcLAEmBPI

Score

7^/10

aspackv2 persistence

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x002d00000001459f-68.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
2652	ÎÒµÄÕÕÆ¬.exe

Loads dropped DLL 2 IoCs

pid	Process
1936	08260d432e7b69bf909b79c97130a855_JaffaCakes118.exe
1936	08260d432e7b69bf909b79c97130a855_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	08260d432e7b69bf909b79c97130a855_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2652	1936	08260d432e7b69bf909b79c97130a855_JaffaCakes118.exe	28
PID 1936 wrote to memory of 2652	1936	08260d432e7b69bf909b79c97130a855_JaffaCakes118.exe	28
PID 1936 wrote to memory of 2652	1936	08260d432e7b69bf909b79c97130a855_JaffaCakes118.exe	28
PID 1936 wrote to memory of 2652	1936	08260d432e7b69bf909b79c97130a855_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\08260d432e7b69bf909b79c97130a855_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\08260d432e7b69bf909b79c97130a855_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ÎÒµÄÕÕÆ¬.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ÎÒµÄÕÕÆ¬.exe
  2⤵
  - Executes dropped EXE
  PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\IXP000.TMP\ÎÒµÄÕÕÆ¬.exe

Filesize
423KB

MD5
f59793c00c677cb60a90da4c33346b03

SHA1
d07f436a587afe53f0582c557b1ec99cecc46333

SHA256
7e34d7df594cf502b77c194bd075f8c86ea33e947553966723f04dae6e82479a

SHA512
5f2fcdd007deeba4cf2215d4f165dd6370d6782f31f86adf5aa7008d1b040d69a3a837492b9b2f572b1f029a02f487457afa276b4065c3a225fed591a2935f04

Download Submit
memory/1936-0-0x0000000001000000-0x00000000011CF000-memory.dmp

Filesize
1.8MB

Download
memory/1936-1-0x00000000007B0000-0x0000000000804000-memory.dmp

Filesize
336KB

Download
memory/1936-9-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-8-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/1936-7-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/1936-6-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/1936-5-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/1936-4-0x0000000000770000-0x0000000000771000-memory.dmp

Filesize
4KB

Download
memory/1936-3-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1936-2-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/1936-30-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/1936-50-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-49-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-48-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-47-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-46-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-45-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-44-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-43-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-42-0x0000000000E40000-0x0000000000E41000-memory.dmp

Filesize
4KB

Download
memory/1936-41-0x0000000000E50000-0x0000000000E51000-memory.dmp

Filesize
4KB

Download
memory/1936-40-0x0000000000DE0000-0x0000000000DE1000-memory.dmp

Filesize
4KB

Download
memory/1936-39-0x0000000000DF0000-0x0000000000DF1000-memory.dmp

Filesize
4KB

Download
memory/1936-38-0x0000000000E10000-0x0000000000E11000-memory.dmp

Filesize
4KB

Download
memory/1936-37-0x0000000000E30000-0x0000000000E31000-memory.dmp

Filesize
4KB

Download
memory/1936-36-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-35-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/1936-34-0x0000000000DC0000-0x0000000000DC1000-memory.dmp

Filesize
4KB

Download
memory/1936-33-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/1936-32-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

Filesize
4KB

Download
memory/1936-31-0x00000000007A0000-0x00000000007A1000-memory.dmp

Filesize
4KB

Download
memory/1936-29-0x0000000000DB0000-0x0000000000DB1000-memory.dmp

Filesize
4KB

Download
memory/1936-28-0x0000000000830000-0x0000000000831000-memory.dmp

Filesize
4KB

Download
memory/1936-27-0x0000000000850000-0x0000000000851000-memory.dmp

Filesize
4KB

Download
memory/1936-26-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-25-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-24-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-23-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-22-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-21-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-20-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-19-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-18-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-17-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-16-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-15-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-14-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-13-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-12-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-11-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/1936-10-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/1936-54-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-65-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-64-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-63-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-62-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-61-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-60-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-59-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-58-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-57-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-56-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-55-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-53-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-52-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-51-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/1936-80-0x0000000001000000-0x00000000011CF000-memory.dmp

Filesize
1.8MB

Download
memory/1936-79-0x00000000007B0000-0x0000000000804000-memory.dmp

Filesize
336KB

Download
memory/2652-75-0x0000000000400000-0x00000000004EE000-memory.dmp

Filesize
952KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads