Malware Analysis Report

2025-03-15 05:49

Sample ID 240623-2pnvrswckf
Target 034d89ba882cd9fe76697e4e4f227d16_JaffaCakes118
SHA256 d0584e0b3049d7803a01d22b6f6d54a0825fc0e11560d3c3f26a571c9768dd92
Tags
aspackv2
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d0584e0b3049d7803a01d22b6f6d54a0825fc0e11560d3c3f26a571c9768dd92

Threat Level: Shows suspicious behavior

The file 034d89ba882cd9fe76697e4e4f227d16_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

aspackv2

ASPack v2.12-2.42

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-23 22:45

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-23 22:45

Reported

2024-06-23 22:48

Platform

win7-20231129-en

Max time kernel

140s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\034d89ba882cd9fe76697e4e4f227d16_JaffaCakes118.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\034d89ba882cd9fe76697e4e4f227d16_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\034d89ba882cd9fe76697e4e4f227d16_JaffaCakes118.exe"

Network

N/A

Files

memory/2356-0-0x00000000003D0000-0x00000000003D1000-memory.dmp

C:\Users\Admin\AppData\Roaming\deskDOC DWG to PDF Professional\system.dat

MD5 4c6739101353a9f38ce1ff3d3b527428
SHA1 61aee30d19203a414d2cdefbf13d8409b8d9d784
SHA256 7973e9e72f4ece6eb68510514b5c5dcd6520536e9688c7c1570035ffc4937a32
SHA512 28c7bea658072b77e5e1b12210c23ef135540c8ede9524410867abec399a721fe5309e97ed99765f02a19f1e607bdb573397cb6c43a343a1b9d823c58b44d452

memory/2356-298-0x0000000000400000-0x0000000000628000-memory.dmp

memory/2356-300-0x00000000003D0000-0x00000000003D1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-23 22:45

Reported

2024-06-23 22:48

Platform

win10v2004-20240508-en

Max time kernel

140s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\034d89ba882cd9fe76697e4e4f227d16_JaffaCakes118.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\034d89ba882cd9fe76697e4e4f227d16_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\034d89ba882cd9fe76697e4e4f227d16_JaffaCakes118.exe"

Network

Files

memory/4572-0-0x00000000024B0000-0x00000000024B1000-memory.dmp

C:\Users\Admin\AppData\Roaming\deskDOC DWG to PDF Professional\system.dat

MD5 6e717a5628dc142f8d14ac5a685f0b32
SHA1 b4cf7b6993560de8dfa191276bcaf1f11b9a5464
SHA256 1d05728b4ccdbf1e3fa0ec09f278903859adf443b1457d06898f4342eeda39d3
SHA512 44173b019ea9000db8363e64df4ee4a8b65de02a8ea1b17f48c920392a74bdb316d5f4d82301b24300026a066a32f48551128139fd0efc980d23849726944be4

C:\Users\Admin\AppData\Roaming\deskDOC DWG to PDF Professional\system.dat

MD5 05235ea2a94b53a25a58303edfdc6647
SHA1 b84573024205812f1f55a72f42b3f7e6570ed00c
SHA256 9bfab4cff867c268ec2c9024fdb455b2614cbaa971be0a436aa3f8fe26799df8
SHA512 95c294a3710d7822248b8667e264a1eaa23c90f0b53db6248b310048f21f235faebee9c6f54fccc220cf04d6301acb53897fb212b96b23a8d565af1f43196400

memory/4572-298-0x0000000000400000-0x0000000000628000-memory.dmp

memory/4572-300-0x00000000024B0000-0x00000000024B1000-memory.dmp