Overview

overview

7

Static

static

7

862f17a10b...18.exe

windows7-x64

7

862f17a10b...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-08-2024 13:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    862f17a10b980c5dd77da4f74efbd5cb_JaffaCakes118.exe

  • Size

    202KB

  • MD5

    862f17a10b980c5dd77da4f74efbd5cb

  • SHA1

    438b4c9fe7262eed8b198580a894fc0f23674dff

  • SHA256

    30d0751e360d28282bd35dc12feb06ccdf33bb3b8b20d62663db2a385d66116e

  • SHA512

    1c027f05b4440ff8401dcd787f75d4fe54228a58906f4d27c0f05ebbda480389c085ee97c459c0efca3a72da0454377c02c241845ce0a36533708ffa7aba39d9

  • SSDEEP

    3072:rBtb1S0QIY4qMgJI6t8xsfXwrEQJ4kYjVnYbqSvge9VUepnVR7pU:X49gd3C8xsfgwQJatSYeDVnPFU

Score
7/10
aspackv2discoverypersistence

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1184
      • C:\Users\Admin\AppData\Local\Temp\862f17a10b980c5dd77da4f74efbd5cb_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\862f17a10b980c5dd77da4f74efbd5cb_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1476

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Windows\SysWOW64\mgking0.dll
      Filesize

      113KB

      MD5

      016f4e33e4de997d5382782a5e461948

      SHA1

      f69623fbbb54f56a1dc74e3ee80970990e80c009

      SHA256

      c8016d44e5460b0c3ccadb39209fbab0c7bf5720d5f911cd765593f3a2553d2c

      SHA512

      c91eba8841e0fa6bb31e577c66b233e12627e3b94d31f68952b0dd86078537f233d19c4e7993874d7ca2e1c433394cea46c0cc44a9a45a6900863c1816bf217c

      Download Submit

    • memory/1184-6-0x0000000002520000-0x0000000002521000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1476-0-0x0000000000400000-0x0000000000494000-memory.dmp

      Filesize

      592KB

      Download

    • memory/1476-3-0x0000000000401000-0x0000000000402000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1476-9-0x0000000010000000-0x000000001008F000-memory.dmp

      Filesize

      572KB

      Download

    • memory/1476-10-0x0000000000400000-0x0000000000494000-memory.dmp

      Filesize

      592KB

      Download

    • memory/1476-12-0x0000000010000000-0x000000001008F000-memory.dmp

      Filesize

      572KB

      Download