Overview

overview

10

Static

static

7

ad30a14544...18.exe

windows7-x64

10

ad30a14544...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad30a145446053746e47121f02acb1c2_JaffaCakes118

  • Size

    64KB

  • Sample

    240820-aqdbwatfpc

  • MD5

    ad30a145446053746e47121f02acb1c2

  • SHA1

    b8fed7c6f8d4717c245807639314c8a2d3f63082

  • SHA256

    0213911d2c7c14b6b76ddc7b4afe22fb6c7d66d256bbd51e1a7cdc106ebe4d8f

  • SHA512

    6ae6fd66f78f96cf3b011c4617aa4c3dd47212915689808401cd6a33f6fbe416cec83713e9662c48c3313fe8aa9764ddd4c51f8a897819e3425ed28d00ba9633

  • SSDEEP

    1536:jfbqmKdtRLgNCAlmFuRCwO7KDUpvSBFdC6QS:jflKdrHJuXO7KDi6XCjS

Score
10/10
aspackv2discoverylateral_movementpersistence

Malware Config

Targets

    • Target

      ad30a145446053746e47121f02acb1c2_JaffaCakes118

    • Size

      64KB

    • MD5

      ad30a145446053746e47121f02acb1c2

    • SHA1

      b8fed7c6f8d4717c245807639314c8a2d3f63082

    • SHA256

      0213911d2c7c14b6b76ddc7b4afe22fb6c7d66d256bbd51e1a7cdc106ebe4d8f

    • SHA512

      6ae6fd66f78f96cf3b011c4617aa4c3dd47212915689808401cd6a33f6fbe416cec83713e9662c48c3313fe8aa9764ddd4c51f8a897819e3425ed28d00ba9633

    • SSDEEP

      1536:jfbqmKdtRLgNCAlmFuRCwO7KDUpvSBFdC6QS:jflKdrHJuXO7KDi6XCjS

    Score
    10/10
    aspackv2discoverypersistencelateral_movement

    • Modifies WinLogon for persistence

      persistence

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Remote Services: SMB/Windows Admin Shares

      Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).

      lateral_movement

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks