ec1d168c1e24d5a5c1884c06842aa521a5d5d3d09abc77f9523d4e16dd9c5b57 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

aec20eb6ee...18.exe

windows7-x64

aec20eb6ee...18.exe

windows10-2004-x64

7

Sharing

General

Target

aec20eb6ee835c12214379b779745fe1_JaffaCakes118
Size

2.6MB
Sample

240820-ltnskayhrj
MD5

aec20eb6ee835c12214379b779745fe1
SHA1

5922c4043858675bc625f399b941de884279f87e
SHA256

ec1d168c1e24d5a5c1884c06842aa521a5d5d3d09abc77f9523d4e16dd9c5b57
SHA512

1154917904ed84d8fa3cb5e77d4a633520ce9383d05859fc46b644740e4eaa99ebf763ad856a8a972c9771d726fe871fe7681a68c1e20e729a9cc81c13129ccc
SSDEEP

24576:R8xTAL596aUsyoB0v07HkKhB0uWzxWAsoPg5t8LnVfk4R8MTBBYBoiSUAh5lLhiz:SxTI+s73SrzH8MTBKSUBSVbXEL

Score

10^/10

aspackv2 discovery evasion persistence themida

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

aec20eb6ee835c12214379b779745fe1_JaffaCakes118.exe

Resource

win7-20240708-en

aspackv2 discovery evasion persistence themida

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

aec20eb6ee835c12214379b779745fe1_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion themida

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  aec20eb6ee835c12214379b779745fe1_JaffaCakes118
- Size
  
  2.6MB
- MD5
  
  aec20eb6ee835c12214379b779745fe1
- SHA1
  
  5922c4043858675bc625f399b941de884279f87e
- SHA256
  
  ec1d168c1e24d5a5c1884c06842aa521a5d5d3d09abc77f9523d4e16dd9c5b57
- SHA512
  
  1154917904ed84d8fa3cb5e77d4a633520ce9383d05859fc46b644740e4eaa99ebf763ad856a8a972c9771d726fe871fe7681a68c1e20e729a9cc81c13129ccc
- SSDEEP
  
  24576:R8xTAL596aUsyoB0v07HkKhB0uWzxWAsoPg5t8LnVfk4R8MTBBYBoiSUAh5lLhiz:SxTI+s73SrzH8MTBKSUBSVbXEL
Score

10^/10

aspackv2 discovery evasion persistence themida
- Modifies WinLogon for persistence
  persistence
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2discoveryevasionpersistencethemida

behavioral2

discoveryevasionthemida

© 2018-2025

Terms | Privacy