Overview

overview

10

Static

static

3

17c3b0933b...18.exe

windows7-x64

10

17c3b0933b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17c3b0933b8584795b821ab7243b08a7_JaffaCakes118

  • Size

    460KB

  • Sample

    240627-2eb38avckd

  • MD5

    17c3b0933b8584795b821ab7243b08a7

  • SHA1

    931cf5a4bcc671b8a97eabe1bcbb293a0a2a1b7e

  • SHA256

    13217159fd17b62dafa53c322055565824ffd91aa8846580440c4067d561423b

  • SHA512

    92bfd3aba4e71de567a91875f7ddb99ece97a1ec83351814eb86acc5d0641cdb47acd912093b3ca7c65acaf48382f5436ee6b7b4f0364a1e274cad7601ac5ed5

  • SSDEEP

    12288:Y8cw2k37YxHGiA6OZO//01SLNn9zo1kZ6xYANsl38c/qfQcL:/vsxmd4/aSRn+1v2l38cCx

Score
10/10
aspackv2persistence

Malware Config

Targets

    • Target

      17c3b0933b8584795b821ab7243b08a7_JaffaCakes118

    • Size

      460KB

    • MD5

      17c3b0933b8584795b821ab7243b08a7

    • SHA1

      931cf5a4bcc671b8a97eabe1bcbb293a0a2a1b7e

    • SHA256

      13217159fd17b62dafa53c322055565824ffd91aa8846580440c4067d561423b

    • SHA512

      92bfd3aba4e71de567a91875f7ddb99ece97a1ec83351814eb86acc5d0641cdb47acd912093b3ca7c65acaf48382f5436ee6b7b4f0364a1e274cad7601ac5ed5

    • SSDEEP

      12288:Y8cw2k37YxHGiA6OZO//01SLNn9zo1kZ6xYANsl38c/qfQcL:/vsxmd4/aSRn+1v2l38cCx

    Score
    10/10
    aspackv2persistence

    • Modifies WinLogon for persistence

      persistence

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks