b0980b19fc6da04c4c638310b3921ba4ec50dbf92a687fe84238e17ca3af5790 | Triage

Submit
Reports

Overview

overview

Static

static

3

15a583e96d...18.exe

windows7-x64

15a583e96d...18.exe

windows10-2004-x64

Sharing

General

Target

15a583e96d384feff390739f59b21356_JaffaCakes118
Size

1.2MB
Sample

241005-bxnlvssaqa
MD5

15a583e96d384feff390739f59b21356
SHA1

88ae52bd04a892096b998f245eff68ecd6cf3399
SHA256

b0980b19fc6da04c4c638310b3921ba4ec50dbf92a687fe84238e17ca3af5790
SHA512

99cdc6f4ccee099875a4f7f1e8193f114945179e1b5e0b20398a3f4801b5ffb4c7ba38672f4de5b712e55770967a75d0710e196ce77121be97ba60e953cbb186
SSDEEP

24576:d563ey8gZqj4yYAbx5cyLzoy4z5LPrMcs5dmYOYFQn1s97QJv8wBD:P/+qEyYAbzbL0zzJsKJS1QJv8wBD

Score

10^/10

aspackv2 discovery persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

15a583e96d384feff390739f59b21356_JaffaCakes118.exe

Resource

win7-20240903-en

aspackv2 discovery persistence upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

15a583e96d384feff390739f59b21356_JaffaCakes118.exe

Resource

win10v2004-20240802-en

aspackv2 discovery persistence upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  15a583e96d384feff390739f59b21356_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  15a583e96d384feff390739f59b21356
- SHA1
  
  88ae52bd04a892096b998f245eff68ecd6cf3399
- SHA256
  
  b0980b19fc6da04c4c638310b3921ba4ec50dbf92a687fe84238e17ca3af5790
- SHA512
  
  99cdc6f4ccee099875a4f7f1e8193f114945179e1b5e0b20398a3f4801b5ffb4c7ba38672f4de5b712e55770967a75d0710e196ce77121be97ba60e953cbb186
- SSDEEP
  
  24576:d563ey8gZqj4yYAbx5cyLzoy4z5LPrMcs5dmYOYFQn1s97QJv8wBD:P/+qEyYAbzbL0zzJsKJS1QJv8wBD
Score

10^/10

aspackv2 discovery persistence upx
- Modifies WinLogon for persistence
  persistence
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2discoverypersistenceupx

behavioral2

aspackv2discoverypersistenceupx

© 2018-2025

Terms | Privacy