Overview

overview

7

Static

static

7

bc5dc1f2a8...18.exe

windows7-x64

7

bc5dc1f2a8...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 15:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bc5dc1f2a85f1d38768a4dda616771a5_JaffaCakes118.exe

  • Size

    8.6MB

  • MD5

    bc5dc1f2a85f1d38768a4dda616771a5

  • SHA1

    f877358ceaaf231d88b665a633faeee009797f01

  • SHA256

    984dce15f546359438aa6ec94bed8fb4106d887aba82ebfbb26ffe515848596a

  • SHA512

    2bb47b2729bcb82f44b8e042a5ebcf4ea3651f315321aca46d1ff790a52c06477d2721eb4439d3b87a5356226eeeb938b438caa5ed9e8160a9cba700d89b0425

  • SSDEEP

    384:Kld6fbdHdgg58zqhFxrAx/r6+e9Pfqbn1e/1:Kld6B902nx8xuha5e9

Score
7/10
aspackv2discovery

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc5dc1f2a85f1d38768a4dda616771a5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bc5dc1f2a85f1d38768a4dda616771a5_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2524
  • C:\Program Files\Microsoft SDK\svchost.exe
    "C:\Program Files\Microsoft SDK\svchost.exe"
    1⤵
    • Deletes itself
    • Executes dropped EXE
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2012

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Current
          Filesize

          84B

          MD5

          376ba91d10607925148150faeedfdf28

          SHA1

          3e0a833ae018a44a6e13d66c1a831acf62417a47

          SHA256

          1010bc1ecc0097a97efeadcc7e24a6a0c889fb09bf4b467a93d42366af4237ca

          SHA512

          c49ad3fe9d23cbdb9a2191b79db340058e650304e726238d7118d4062c9aaf4402e8229b147cb5c81c8e1943fbb433fac756e7f8c6b04de08b35b0255882ded3

          Download Submit

        • C:\Program Files\Microsoft SDK\svchost.exe
          Filesize

          15.9MB

          MD5

          871ca938c6ec2f8dd9d656ba173b0c53

          SHA1

          bf12ba359b6f14ef13b7c18f639091c18572337c

          SHA256

          a79d7cd02ded91a5406a9a1ceb8a2dbd7ab997cd7aa35b54681db727416eec4b

          SHA512

          c9b67293cc1d2557264eb6357ff3b26585ce2955c5ef1b36d3ab31843e91b300bc9dafcb866831eddc8fa2eeda0cc994bfc12c34fd63b9d85b4608fb8c5b7c7f

          Download Submit

        • memory/2012-14-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2524-0-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2524-2-0x0000000000020000-0x0000000000029000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2524-1-0x0000000000020000-0x0000000000029000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2524-12-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download