Overview

overview

7

Static

static

7

e279cf4bf5...18.exe

windows7-x64

7

e279cf4bf5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240910-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/09/2024, 12:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e279cf4bf53a5772a47856ed1e13740c_JaffaCakes118.exe

  • Size

    48KB

  • MD5

    e279cf4bf53a5772a47856ed1e13740c

  • SHA1

    036d23bb4977924e9a2e9bf23dfad050acab3969

  • SHA256

    09a5debc8f6022164574510468b14961c1dea0c99fa606a8a1eb0923e6a0ccb7

  • SHA512

    ebbfaf9857d4abcbfccb25d192d5a95090f22528d83e73ac617d7967ec295d5a191dedd52aed156d43383fee9457626bceb8717f05505ee9f91f4d3d9a355d0f

  • SSDEEP

    768:HYjieHaCD4zrcWTEFGzktfIhninsd2DssJggoy8SFx1659nH38BDY4UxWha5t:yieHaCD4zoWT2Gzk8inHDssOZnVH3MDu

Score
7/10
aspackv2discovery

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e279cf4bf53a5772a47856ed1e13740c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e279cf4bf53a5772a47856ed1e13740c_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4600
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\1.bat
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1912
  • C:\Windows\RealtekControl.exe
    C:\Windows\RealtekControl.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:4820

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1.bat
          Filesize

          261B

          MD5

          fad3e81d51f1e79cc16e7100f83f4f25

          SHA1

          414760fa360badd8e38eeb403d8ad31fcf2320b0

          SHA256

          bd01b606dc6371edb887cad5a8b4f694368004c74622e72cc1bc4db2fae29f2a

          SHA512

          757ca6bb40c8bec813410c46d7c755bb168025a2e0116de9a8bc9c5b9b8a9f00be2d8a25b8ff5619bde0602be8a8ed5cdae0b331bd61e799e70721c229b22d26

          Download Submit

        • C:\Windows\RealtekControl.exe
          Filesize

          34KB

          MD5

          860fea1fc357cb5c03d68aafa09822d6

          SHA1

          178f9b085b844bde52a475c233831749d2354cd7

          SHA256

          e6e0f3a009dbdc8d279bcf7b6d929af72d4fff368a68a8cf9004370fbc7b448b

          SHA512

          80d5092e8e2da551e4b785365667c96cfe2f3a29505473a1e6596fe569d6d2bc9ac7412c0db381d2da6f8f2460f1a4c93b1020cc321e157f0aa509f8aa436f8c

          Download Submit

        • memory/4600-0-0x0000000000400000-0x0000000000418000-memory.dmp

          Filesize

          96KB

          Download

        • memory/4600-12-0x0000000000400000-0x0000000000418000-memory.dmp

          Filesize

          96KB

          Download

        • memory/4820-5-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/4820-14-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/4820-15-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/4820-16-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/4820-17-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/4820-18-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download