Overview

overview

7

Static

static

7

67be3b4200...18.exe

windows7-x64

7

67be3b4200...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-07-2024 13:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67be3b42006b0d68b7d0a07728c16daa_JaffaCakes118.exe

  • Size

    16KB

  • MD5

    67be3b42006b0d68b7d0a07728c16daa

  • SHA1

    74ad241426962ade8241ba05120b8bbc48800f4a

  • SHA256

    c920a3a7aa1c3d0bedf54775af398d8181b1dc9f81febf722881c48b493ed252

  • SHA512

    5d6f9c8174d5bc1609ad198c2db4db550afc48bc6a77207c8cc301f435a6c870518e6e6c1dba1e7e47f83eef0cdcab7fb3b960d36af55ef248c3c64bbbdd0456

  • SSDEEP

    384:J0KkDJcfEcb6Qx0i6/LAi4bOBcgAxwr6+e9Pfqbn1:RsvQCi6/Lp4C2x3ha5

Score
7/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\67be3b42006b0d68b7d0a07728c16daa_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\67be3b42006b0d68b7d0a07728c16daa_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Windows\SysWOW64\Compatibility.exe
      "C:\Windows\system32\Compatibility.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:460
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\COMPAT~1.EXE > nul
        3⤵
          PID:4408
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\67BE3B~1.EXE > nul
        2⤵
          PID:1048

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\Compatibility.exe
        Filesize

        16KB

        MD5

        67be3b42006b0d68b7d0a07728c16daa

        SHA1

        74ad241426962ade8241ba05120b8bbc48800f4a

        SHA256

        c920a3a7aa1c3d0bedf54775af398d8181b1dc9f81febf722881c48b493ed252

        SHA512

        5d6f9c8174d5bc1609ad198c2db4db550afc48bc6a77207c8cc301f435a6c870518e6e6c1dba1e7e47f83eef0cdcab7fb3b960d36af55ef248c3c64bbbdd0456

        Download Submit

      • memory/460-8-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/2856-0-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/2856-7-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

        Download