Overview

overview

7

Static

static

7

04794e12a3...18.exe

windows7-x64

7

04794e12a3...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2024, 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04794e12a3f7ea7c9e27b29f8c769701_JaffaCakes118.exe

  • Size

    2.9MB

  • MD5

    04794e12a3f7ea7c9e27b29f8c769701

  • SHA1

    37deab2d8f35be711703a105675b6443a442f787

  • SHA256

    85a9ee0d585f4305ed57c7cfe2c46cdf4c38a647a3357ce8a3e50c3164b5dc70

  • SHA512

    1cdc2e41b00a4c2109dff64ae97a35b7226d1f38c6e4bc953df8bc04db75cef308f4052de877df9c66c27a8400447271ce18164d7794f90b556428b5cf6cf75e

  • SSDEEP

    1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRq:352T3siXei5bcmP9JfUjW

Score
7/10
aspackv2discoverypersistence

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Deletes itself 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04794e12a3f7ea7c9e27b29f8c769701_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\04794e12a3f7ea7c9e27b29f8c769701_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\$$$$$.bat
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:1960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$$$$$.bat
    Filesize

    228B

    MD5

    855f946765f96b476122e911d11ef47b

    SHA1

    b957cb51b56f62ff261d1e053feb69a3b1365234

    SHA256

    f3df28584152658e607bdfdad25b9d8358755a5add7ad21674eabf9746c088ec

    SHA512

    370db1b0d97cc358cf70747ba93629e2e3a8c33ec42d6e00f9bac2f99fcd3e000273a0f8c2ef437499a2659a76b1f66e7efb25b7a1e6fd28eef890c7e9ecf57f

    Download Submit

  • C:\Windows\SysWOW64\drivers32\Tomb Raider - The Angel of Darkness No-Cd Crack.exe
    Filesize

    2.9MB

    MD5

    04794e12a3f7ea7c9e27b29f8c769701

    SHA1

    37deab2d8f35be711703a105675b6443a442f787

    SHA256

    85a9ee0d585f4305ed57c7cfe2c46cdf4c38a647a3357ce8a3e50c3164b5dc70

    SHA512

    1cdc2e41b00a4c2109dff64ae97a35b7226d1f38c6e4bc953df8bc04db75cef308f4052de877df9c66c27a8400447271ce18164d7794f90b556428b5cf6cf75e

    Download Submit

  • memory/2668-3-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2668-518-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2668-826-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download