Malware Analysis Report

2025-03-15 05:47

Sample ID 240623-2f3ybsyfmn
Target 030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118
SHA256 c7b50ecd1f3b2c77b78187fbed270dfb9886bf2f59657cbf85d57869e5cdfca0
Tags
aspackv2
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c7b50ecd1f3b2c77b78187fbed270dfb9886bf2f59657cbf85d57869e5cdfca0

Threat Level: Shows suspicious behavior

The file 030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

aspackv2

ASPack v2.12-2.42

Unsigned PE

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-23 22:32

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-23 22:32

Reported

2024-06-23 22:34

Platform

win7-20240221-en

Max time kernel

140s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118.exe"

Signatures

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118.exe"

Network

N/A

Files

memory/2676-0-0x0000000000220000-0x0000000000221000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ConFig.Dat

MD5 20a8645a60329d293332a08ac2a1909e
SHA1 fdf159336bc7ce7579b6e5024596e6d9aaf52825
SHA256 42f103ceb75dcf20f9e39ca3caad9cf4e2e426b058d91802f02722ba822875ca
SHA512 3014e4355472caa1c3a5d4c2d7909d5a851d3f964b6794756c92bf680441d67bb9fc1bff8d5cb3d9d1041d8641e09c4697ba78543d7bad14b2bd4635e1a11484

memory/2676-141-0x0000000000400000-0x0000000000E5D000-memory.dmp

memory/2676-143-0x0000000000220000-0x0000000000221000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-23 22:32

Reported

2024-06-23 22:35

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

160s

Command Line

"C:\Users\Admin\AppData\Local\Temp\030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118.exe"

Signatures

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4456 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 172.217.169.74:443 tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 109.116.69.13.in-addr.arpa udp

Files

memory/536-0-0x0000000002CF0000-0x0000000002CF1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ConFig.Dat

MD5 423ba3b7328483fe421f9d4cc72bcd98
SHA1 fa7b4e706289e5cac0a0efe2bda1febc96d11119
SHA256 63bca5d466036947aae3fb599c987d66303b182e742c819e29aba390efcad90c
SHA512 4db1f4bb1e4d7c9354e2fe860819d0336fb7672af5c71a280dfd1fecfe7fd6edfa6be5e3d221c2a7fac4dc35f7afec836e95176136dcf76d40756b1554c4ee0b

C:\Users\Admin\AppData\Local\Temp\ConFig.Dat

MD5 562fe34bc99e307bdcf9d9322e090aef
SHA1 f3fa962a6c7a3035cb9c948d9017276b356e317f
SHA256 afcd4616c14a399f80c62131a7cf28a64b4dee2444955408d855a9a16ebaaefd
SHA512 8e56a5008fc6c41069a9027d42a7ddc004ed4a1dff0c907804ed18f58f8fb975b1645d9245da22575511076812af80443fd94eb7bf952c0a6e2fb0cfb281e135

C:\Users\Admin\AppData\Local\Temp\ConFig.Dat

MD5 1c4263520d6b00063b40fbfd505adc1b
SHA1 39abe730b27e68e238078a7b273b10f65df7f12f
SHA256 57f53ee1511e05700a5929a829e48ffb78514344dc3715ec9027a59c1cef6232
SHA512 669f39212d13483c6d6a674519b9c4afb601097ff2ad5d1acd86091d626dc9f8538047e96e106b2f51c299ba2b61be6bb859c91590fa746eabf2f1f3c853c197

memory/536-141-0x0000000000400000-0x0000000000E5D000-memory.dmp

memory/536-143-0x0000000002CF0000-0x0000000002CF1000-memory.dmp