Overview

overview

8

Static

static

7

2e3f2a36a7...18.exe

windows7-x64

8

2e3f2a36a7...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 08:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e3f2a36a767527dda68452392480a18_JaffaCakes118.exe

  • Size

    387KB

  • MD5

    2e3f2a36a767527dda68452392480a18

  • SHA1

    ed3198f2c751da2aa30885e6c48d97c217ee546f

  • SHA256

    dee3120359a2f356ab96beca532472b477f7b96fd5643698e09e6832fb3bd677

  • SHA512

    c223c4593b8e64747b621edc6b43f5fe80667972c4c0f79975b3040662e2837c08f54ad0ba5029ed78b3c0eebbb45f37f218c39e11b108e999598c0c41a8fd58

  • SSDEEP

    12288:33NCCmpLhXiLxj1Lf73YnKr/iQbuFTS2I4nEKYdy/F/t:tCCmZYLxj1f3YiiQCc2I4nEGF

Score
8/10
aspackv2discoverypersistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 3 IoCs
    persistence
  • Sets service image path in registry 2 TTPs 2 IoCs
    persistence
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Loads dropped DLL 7 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e3f2a36a767527dda68452392480a18_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2e3f2a36a767527dda68452392480a18_JaffaCakes118.exe"
    1⤵
    • Adds policy Run key to start application
    • Sets service image path in registry
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4992
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\MSSTDFMT.DLL
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:3260
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\wshom.ocx
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:3776
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\scrrun.dll
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:876
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s C:\Windows\REGTOOL5.DLL
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:1776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\System\ado\WinUpData.EXE
    Filesize

    387KB

    MD5

    2e3f2a36a767527dda68452392480a18

    SHA1

    ed3198f2c751da2aa30885e6c48d97c217ee546f

    SHA256

    dee3120359a2f356ab96beca532472b477f7b96fd5643698e09e6832fb3bd677

    SHA512

    c223c4593b8e64747b621edc6b43f5fe80667972c4c0f79975b3040662e2837c08f54ad0ba5029ed78b3c0eebbb45f37f218c39e11b108e999598c0c41a8fd58

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\kvtbF.dLl
    Filesize

    29KB

    MD5

    f17ccc7123909fbb13158003edc68034

    SHA1

    f06989a733361ea7f8ad464f4233c4103c6f8ef9

    SHA256

    79f4cded8b29ba5e1ada817322268b5aa4bc1593f39ca9c8be514788709d5168

    SHA512

    632eaf9bad7aadb96e82d458885ed60e28c6544949f0af84502f3f10184cbef26f772f5fc2b6e27e4938f8b414384f56dc5579db7f838acc8dcdb631ee5ecb98

    Download Submit

  • C:\Windows\MSSTDFMT.DLL
    Filesize

    116KB

    MD5

    38950fbc15ea45be9b8988d897007fb1

    SHA1

    5aabb9eff890f63c300e0633028b65cd0a93660e

    SHA256

    73eae3c481beaf127017349e0dd03f023d5ed1888b2333b0d562c2522cd34800

    SHA512

    6a392beeb1563977d4b1b39d683f067a6e3ed6af708c598e87fd234b25220c480d0eb5ff5eaedbc573d31fba3b38f7e82dded38824e30be6c4eeb2e40c9061c2

    Download Submit

  • C:\Windows\REGTOOL5.DLL
    Filesize

    32KB

    MD5

    c3ab59f59b12d84af6e5d0239568c1b9

    SHA1

    369d577ffb177d1fd5cd08f4c09861952c030834

    SHA256

    5867810967f63871ec9c34c7aa9e4dd8fdf930438e951c621edbf7ec65d0eb67

    SHA512

    840fb4202ca42cb44ff60953f2e6c0a562c6499555def142273b6f3f2e98fbbc5f2e9ce9cff78b918fe5a8279be179d2e41ba75d24efea33afc9bf7279fd12c1

    Download Submit

  • C:\Windows\ScrRun.dll
    Filesize

    148KB

    MD5

    02016b635e1951eb7ce5d434639e08fc

    SHA1

    dc16249731679f03fd6c7ffef1d02c95d9a0d9b7

    SHA256

    8648112f8908d98beb1f69bc6a3e8a3e3f115805caf322c75f1034b91ab810a7

    SHA512

    50b5766438fc0ec10fcc81cc91cdb463e0286502c386522ce7657d17faca4a40474c74c4cb8ce76e640f772b2cf82975a4db0c10f63ded9085d89f01149eb841

    Download Submit

  • C:\Windows\wshom.ocx
    Filesize

    96KB

    MD5

    45a87dbbfb14ff12b81e166147799c81

    SHA1

    95100c112ecaad15b4cd652b99c588f00e6e636b

    SHA256

    e102483d03588447dbf8efdf1bac54ebf1458c50429e39c76c20209b501bae18

    SHA512

    d1d6727fc418ba47d3dec2795906897579ac1abafbe935b077de307e967c34a13e7814ed50f9c517b6cb08753c01f064465d7a72615435bdb9bff314c88de228

    Download Submit

  • memory/4992-0-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4992-42-0x0000000000400000-0x0000000000500000-memory.dmp

    Filesize

    1024KB

    Download