9d11c4e2c6b3c13d37565ec4f5850ed562b2e0262a3a1181070143ff53aae6d2 | Triage

Submit
Reports

Overview

overview

Static

static

7

0f9f9f5dc4...18.exe

windows7-x64

0f9f9f5dc4...18.exe

windows10-2004-x64

Sharing

General

Target

0f9f9f5dc4852997349f3164538a9157_JaffaCakes118
Size

207KB
Sample

241003-tzcw9avelr
MD5

0f9f9f5dc4852997349f3164538a9157
SHA1

aa8cabe520a19da0d68f50afc6cd0e08c13b8b85
SHA256

9d11c4e2c6b3c13d37565ec4f5850ed562b2e0262a3a1181070143ff53aae6d2
SHA512

6b9a878d6d838e6d583022dc2c0a561da740852b8a83e48585279e2b3471f6ef3908e4208f88698a717383a315891d8c234e672d0b3919a284a98575673eedff
SSDEEP

6144:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyAp2:ZMMpXKb0hNGh1kG0HWnAU

Score

10^/10

aspackv2 discovery persistence ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0f9f9f5dc4852997349f3164538a9157_JaffaCakes118.exe

Resource

win7-20240903-en

aspackv2 discovery persistence ransomware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

0f9f9f5dc4852997349f3164538a9157_JaffaCakes118.exe

Resource

win10v2004-20240802-en

aspackv2 discovery persistence

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  0f9f9f5dc4852997349f3164538a9157_JaffaCakes118
- Size
  
  207KB
- MD5
  
  0f9f9f5dc4852997349f3164538a9157
- SHA1
  
  aa8cabe520a19da0d68f50afc6cd0e08c13b8b85
- SHA256
  
  9d11c4e2c6b3c13d37565ec4f5850ed562b2e0262a3a1181070143ff53aae6d2
- SHA512
  
  6b9a878d6d838e6d583022dc2c0a561da740852b8a83e48585279e2b3471f6ef3908e4208f88698a717383a315891d8c234e672d0b3919a284a98575673eedff
- SSDEEP
  
  6144:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyAp2:ZMMpXKb0hNGh1kG0HWnAU
Score

10^/10

aspackv2 discovery persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Renames multiple (91) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2discoverypersistenceransomware

behavioral2

aspackv2discoverypersistence

© 2018-2024

Terms | Privacy