Analysis Overview
SHA256
d925edea32a7a6505adca260eec159d76692ed9a124b1d3cbcd232414d9f7be4
Threat Level: Shows suspicious behavior
The file 00f001941c0cd45cf758a5be4f0cf812_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
ASPack v2.12-2.42
Unsigned PE
Enumerates physical storage devices
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-23 21:19
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-23 21:19
Reported
2024-06-23 21:22
Platform
win7-20240221-en
Max time kernel
140s
Max time network
124s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\00f001941c0cd45cf758a5be4f0cf812_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\00f001941c0cd45cf758a5be4f0cf812_JaffaCakes118.exe"
Network
Files
memory/2252-0-0x0000000000400000-0x000000000055F000-memory.dmp
memory/2252-1-0x0000000000400000-0x000000000055F000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-23 21:19
Reported
2024-06-23 21:22
Platform
win10v2004-20240508-en
Max time kernel
140s
Max time network
52s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\00f001941c0cd45cf758a5be4f0cf812_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\00f001941c0cd45cf758a5be4f0cf812_JaffaCakes118.exe"
Network
Files
memory/2912-0-0x0000000002300000-0x0000000002301000-memory.dmp
memory/2912-1-0x0000000000400000-0x000000000055F000-memory.dmp
memory/2912-3-0x0000000002300000-0x0000000002301000-memory.dmp