b4a88f92a866abef3e6b49480fbfaae37fd300f0d843ccd91ea547f264cc22d9 | Triage

Submit
Reports

Overview

overview

Static

static

7

e10446a6af...18.exe

windows7-x64

e10446a6af...18.exe

windows10-2004-x64

7

Sharing

General

Target

e10446a6af386969ec2cef27cc25ce03_JaffaCakes118
Size

3.1MB
Sample

240914-zqfvfawamm
MD5

e10446a6af386969ec2cef27cc25ce03
SHA1

15d6221f7422de936a719711728d121c2d7ae42b
SHA256

b4a88f92a866abef3e6b49480fbfaae37fd300f0d843ccd91ea547f264cc22d9
SHA512

77aa8ab80dd1af7b46348cae1766b2a20af6355df1a267d4511ea1ab472b7f96cf6d0bfb00bc282f9c31980c0259c9d5322baf2a8dccc91633c4432de83587e7
SSDEEP

49152:Nz09yjY6E8FyoabFCnmSpmScFqVNEp94zDju71XyvPAsP+xy:Nza6UbYmCLxe94zDju71XyvPAZy

Score

10^/10

aspackv2 discovery evasion persistence themida

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e10446a6af386969ec2cef27cc25ce03_JaffaCakes118.exe

Resource

win7-20240729-en

aspackv2 discovery evasion persistence themida

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

e10446a6af386969ec2cef27cc25ce03_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion themida

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  e10446a6af386969ec2cef27cc25ce03_JaffaCakes118
- Size
  
  3.1MB
- MD5
  
  e10446a6af386969ec2cef27cc25ce03
- SHA1
  
  15d6221f7422de936a719711728d121c2d7ae42b
- SHA256
  
  b4a88f92a866abef3e6b49480fbfaae37fd300f0d843ccd91ea547f264cc22d9
- SHA512
  
  77aa8ab80dd1af7b46348cae1766b2a20af6355df1a267d4511ea1ab472b7f96cf6d0bfb00bc282f9c31980c0259c9d5322baf2a8dccc91633c4432de83587e7
- SSDEEP
  
  49152:Nz09yjY6E8FyoabFCnmSpmScFqVNEp94zDju71XyvPAsP+xy:Nza6UbYmCLxe94zDju71XyvPAZy
Score

10^/10

aspackv2 discovery evasion persistence themida
- Modifies WinLogon for persistence
  persistence
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Modifies WinLogon
  persistence
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Network Share Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2discoveryevasionpersistencethemida

behavioral2

discoveryevasionthemida

© 2018-2024

Terms | Privacy