Overview

overview

7

Static

static

7

10bc2e8513...18.exe

windows7-x64

7

10bc2e8513...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2024, 22:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    10bc2e8513f85d3c218e2e37dfa7e70a_JaffaCakes118.exe

  • Size

    468KB

  • MD5

    10bc2e8513f85d3c218e2e37dfa7e70a

  • SHA1

    ba7ee9b739410f0782092b6ac2be369742d69044

  • SHA256

    b48e92d59f756fb8aa0ab0ca02cf331989be8713d589fdaf1315321eb2baec1a

  • SHA512

    34ee5b29abaf2e66516b4e756d4462be81ea8428457668c233a1f74fb16379a781d45024bd59b0a3382ed42e2f8e22421e61dbcfdbb3eeb640729208588405d5

  • SSDEEP

    1536:OKD0A2T3vLbsih9e8bTTpb/IgQmP9zKcTDB4w/UjlQ/dpKRqm:352T3siXei5bcmP9JfUjWU

Score
7/10
aspackv2discoverypersistence

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Deletes itself 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10bc2e8513f85d3c218e2e37dfa7e70a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\10bc2e8513f85d3c218e2e37dfa7e70a_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\$$$$$.bat
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2660

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$$$$$.bat
          Filesize

          228B

          MD5

          f3cdfc4c7e4f4574a08ebc6460e088d0

          SHA1

          80aba7a8d598049688d88c4827a4b5224fe3de5c

          SHA256

          63c19459f137ca4e0602292bdd1cf2b819648cf8387ab25ecef1a4a1277161cf

          SHA512

          67a9242e10b5b24a6e3a1d284ad6fbaa673392dfee51ac399c41228195bf372478e41a08592b8264bb7c1d356143e11673636271c920793d31af71e200ac9ed6

          Download Submit

        • C:\Windows\SysWOW64\drivers32\Tomb Raider - The Angel of Darkness No-Cd Crack.exe
          Filesize

          468KB

          MD5

          10bc2e8513f85d3c218e2e37dfa7e70a

          SHA1

          ba7ee9b739410f0782092b6ac2be369742d69044

          SHA256

          b48e92d59f756fb8aa0ab0ca02cf331989be8713d589fdaf1315321eb2baec1a

          SHA512

          34ee5b29abaf2e66516b4e756d4462be81ea8428457668c233a1f74fb16379a781d45024bd59b0a3382ed42e2f8e22421e61dbcfdbb3eeb640729208588405d5

          Download Submit

        • memory/2104-0-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2104-536-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2104-826-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

          Download