Overview

overview

7

Static

static

7

8c29162a35...18.exe

windows7-x64

7

8c29162a35...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 22:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8c29162a35c887542da910569bc74314_JaffaCakes118.exe

  • Size

    6.5MB

  • MD5

    8c29162a35c887542da910569bc74314

  • SHA1

    33ae196bddeeb1e09f0ecd7fedb0746b40c9ac57

  • SHA256

    35fb32dd4a994d171a52ecb3863c9f7f63ec4c46ea7360f6f5d404ad03185bb2

  • SHA512

    d693b1f072774abf10e325707f13f17a4e09883e96e1a54daecd2eee24206c42bfa14b76460e48a3ba2367cce426e6bb88e1a6afde685a6b73fe007c01498207

  • SSDEEP

    196608:HGDISTVy4uQCrCqKfgGkDItMVLFDgNe64ETDHFqdiN:HGLTkovIGkoMlF9ElqW

Score
7/10
aspackv2discoveryupx

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c29162a35c887542da910569bc74314_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8c29162a35c887542da910569bc74314_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Users\Admin\AppData\Local\Temp\setup\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\setup\setup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2744

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\setup\setup.exe
          Filesize

          262KB

          MD5

          015f22e749b2e64f696379e6e8850d06

          SHA1

          a52050140b871bfc1a9ba935ac132830535fc6a4

          SHA256

          bb504bc01a8abe545d82b691f4ece9d34abde9464ba36473068fc06e261f363d

          SHA512

          f23b59a7e00b09aef67f14e0f98a600578fc1b2536a080933df5dbb672dd5d6cfba36bb8241f1dbd133c1113ca06abfa66232fa79322ab845891f8810348c67c

          Download Submit

        • memory/2744-27-0x0000000000400000-0x00000000004F9000-memory.dmp

          Filesize

          996KB

          Download

        • memory/2960-0-0x0000000000400000-0x0000000000425000-memory.dmp

          Filesize

          148KB

          Download

        • memory/2960-1-0x0000000000240000-0x0000000000265000-memory.dmp

          Filesize

          148KB

          Download

        • memory/2960-22-0x0000000000400000-0x0000000000425000-memory.dmp

          Filesize

          148KB

          Download