Overview

overview

7

Static

static

7

4715edfff4...18.exe

windows7-x64

7

4715edfff4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 22:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4715edfff48d87e10803963ccb2f1545_JaffaCakes118.exe

  • Size

    427KB

  • MD5

    4715edfff48d87e10803963ccb2f1545

  • SHA1

    59807ef987018380509c0eea5c5163e71bf3050e

  • SHA256

    a076f948d01d037da6c08a4dc1f91a14aba2a48419cd77dd50e73dfe5d94f438

  • SHA512

    662bec11287c7d60f0af2eeeec298d4a1c007f1f812b700799b763ed855705fec240088bb9d299308bd831244410be3873326abc8a3c8e0fa9b15903ef7d264f

  • SSDEEP

    6144:3DHRDZrEKntNMzew/CQ5QyItjNurVuwLIpVqyJh98gWNlPTGQQm6agrdevryrNl:zHRDZrEKneCQOyIC2sPNtTird

Score
7/10
aspackv2bootkitpersistence

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 33 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4715edfff48d87e10803963ccb2f1545_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4715edfff48d87e10803963ccb2f1545_JaffaCakes118.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\Delete.bat
      2⤵
      • Deletes itself
      PID:2156
  • C:\Windows\system\SVCHOST.exe
    C:\Windows\system\SVCHOST.exe
    1⤵
    • Executes dropped EXE
    • Writes to the Master Boot Record (MBR)
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2380

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Delete.bat
          Filesize

          214B

          MD5

          810627a24fefae9f1343aa1a8d7cb702

          SHA1

          2ce8864f58caaa8f87214d2a113a14b11e964de7

          SHA256

          faa8a2d10b72e78058b460e85aa2c04cfff9347dc3c0c78dc3d7016d9b548523

          SHA512

          e8aa2d9adb08547ff9cb87c5a88b7ee11c6570c2f6b4f57ff75aaed7691eb3feb860073b6553d59d1c4dcfb425f40c766d3cba126d897110afe1161d0fab77f5

          Download Submit

        • C:\Windows\system\SVCHOST.exe
          Filesize

          427KB

          MD5

          4715edfff48d87e10803963ccb2f1545

          SHA1

          59807ef987018380509c0eea5c5163e71bf3050e

          SHA256

          a076f948d01d037da6c08a4dc1f91a14aba2a48419cd77dd50e73dfe5d94f438

          SHA512

          662bec11287c7d60f0af2eeeec298d4a1c007f1f812b700799b763ed855705fec240088bb9d299308bd831244410be3873326abc8a3c8e0fa9b15903ef7d264f

          Download Submit

        • memory/2380-21-0x0000000000580000-0x0000000000581000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2380-37-0x0000000000400000-0x00000000004D7000-memory.dmp

          Filesize

          860KB

          Download

        • memory/2380-39-0x0000000000360000-0x00000000003A3000-memory.dmp

          Filesize

          268KB

          Download

        • memory/2380-20-0x0000000000560000-0x0000000000567000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2380-40-0x0000000002770000-0x0000000002771000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2380-22-0x00000000005B0000-0x00000000005B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2380-23-0x00000000005A0000-0x00000000005A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2380-24-0x0000000000590000-0x0000000000591000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2380-25-0x0000000002770000-0x0000000002771000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2380-19-0x0000000000360000-0x00000000003A3000-memory.dmp

          Filesize

          268KB

          Download

        • memory/2380-18-0x0000000000400000-0x00000000004D7000-memory.dmp

          Filesize

          860KB

          Download

        • memory/2388-11-0x00000000005F0000-0x00000000005F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2388-12-0x00000000005E0000-0x00000000005E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2388-5-0x0000000000530000-0x0000000000531000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2388-7-0x0000000000560000-0x0000000000567000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2388-8-0x00000000005C0000-0x00000000005C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2388-16-0x0000000002890000-0x0000000002891000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2388-9-0x0000000000540000-0x0000000000541000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2388-10-0x0000000000550000-0x0000000000551000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2388-0-0x0000000000400000-0x00000000004D7000-memory.dmp

          Filesize

          860KB

          Download

        • memory/2388-4-0x00000000002A0000-0x00000000002A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2388-13-0x00000000005D0000-0x00000000005D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2388-6-0x00000000005B0000-0x00000000005B3000-memory.dmp

          Filesize

          12KB

          Download

        • memory/2388-34-0x0000000000400000-0x00000000004D7000-memory.dmp

          Filesize

          860KB

          Download

        • memory/2388-35-0x00000000004E0000-0x0000000000523000-memory.dmp

          Filesize

          268KB

          Download

        • memory/2388-1-0x00000000004E0000-0x0000000000523000-memory.dmp

          Filesize

          268KB

          Download

        • memory/2388-2-0x00000000003E0000-0x00000000003E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2388-3-0x00000000002B0000-0x00000000002B1000-memory.dmp

          Filesize

          4KB

          Download