Overview

overview

10

Static

static

7

a9edafc89f...18.exe

windows7-x64

10

a9edafc89f...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9edafc89f7f58e971228ac440bfdf83_JaffaCakes118

  • Size

    1.6MB

  • Sample

    240819-g4z65asanp

  • MD5

    a9edafc89f7f58e971228ac440bfdf83

  • SHA1

    ec95ed0e9baa668007084a76a2d60e868ed4349b

  • SHA256

    37305bbfa3a337bd5058da15a5acc38dd934fd939297752215c00e1a9a36f717

  • SHA512

    4273c4052c9a83cfc68a9aa98b38d99d2037a1182850664d1a7bc4f214d34fcb001e56fc2d526cf99f84c09a099a1344e3ff429b14b08d137ed8d73c3452ba0a

  • SSDEEP

    49152:wynLmedp6PxFoyi4K39+1aaOPUDiarSVtlml0Vwqw:ZnCeax2yivE1JHOaytIlHqw

Score
10/10
aspackv2discoverypersistence

Malware Config

Targets

    • Target

      a9edafc89f7f58e971228ac440bfdf83_JaffaCakes118

    • Size

      1.6MB

    • MD5

      a9edafc89f7f58e971228ac440bfdf83

    • SHA1

      ec95ed0e9baa668007084a76a2d60e868ed4349b

    • SHA256

      37305bbfa3a337bd5058da15a5acc38dd934fd939297752215c00e1a9a36f717

    • SHA512

      4273c4052c9a83cfc68a9aa98b38d99d2037a1182850664d1a7bc4f214d34fcb001e56fc2d526cf99f84c09a099a1344e3ff429b14b08d137ed8d73c3452ba0a

    • SSDEEP

      49152:wynLmedp6PxFoyi4K39+1aaOPUDiarSVtlml0Vwqw:ZnCeax2yivE1JHOaytIlHqw

    Score
    10/10
    aspackv2discoverypersistence

    • Modifies WinLogon for persistence

      persistence

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks