774a06ee0917bab638b98728742962cc11d409d5fc4f6ed5194a9c64a5f2cc2d | Triage

Sharing

General

Target

fc751a15219828b9113b4e65e0c297f8_JaffaCakes118
Size

94KB
Sample

240420-lk8rdaec2z
MD5

fc751a15219828b9113b4e65e0c297f8
SHA1

80600491c2ec6804a336d7c81360d234ed471fb0
SHA256

774a06ee0917bab638b98728742962cc11d409d5fc4f6ed5194a9c64a5f2cc2d
SHA512

719fd3509d65f05ca797e09733069cca9d33531b441124422db5a4dc61e82b8ef53a51f80a33d143533910a3877c83d8337240dda070277af891b527f21d9016
SSDEEP

1536:wAdSRwm/V4skJaw/Z4Rofy+fRkjTb5TnqY0rKFm070Ck5nGVvTqnqy9RlqGVv1:wyewmN4skJaU4ZBjX5TnqYCKFmlorqqI

Score

7^/10

Malware Config

Targets

- Target
  
  fc751a15219828b9113b4e65e0c297f8_JaffaCakes118
- Size
  
  94KB
- MD5
  
  fc751a15219828b9113b4e65e0c297f8
- SHA1
  
  80600491c2ec6804a336d7c81360d234ed471fb0
- SHA256
  
  774a06ee0917bab638b98728742962cc11d409d5fc4f6ed5194a9c64a5f2cc2d
- SHA512
  
  719fd3509d65f05ca797e09733069cca9d33531b441124422db5a4dc61e82b8ef53a51f80a33d143533910a3877c83d8337240dda070277af891b527f21d9016
- SSDEEP
  
  1536:wAdSRwm/V4skJaw/Z4Rofy+fRkjTb5TnqY0rKFm070Ck5nGVvTqnqy9RlqGVv1:wyewmN4skJaU4ZBjX5TnqYCKFmlorqqI
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  6KB
- MD5
  
  a6978ea99297c941d02d88fa873150d9
- SHA1
  
  4e1fd5c2f7291daef4d817b12bc7bfa432a90013
- SHA256
  
  a5c5012191015659684fc19b5e8ec7d33837b25c607f0f9dbfd46c10b8baeb17
- SHA512
  
  8caf697317e6f9e83bbb0ee15a87ec56be3b08aaea9f7fb64fa65dd111bcfde5a8d25c7ef58fa1aa464ba5f9d4e365d9d8d3763cda17b4f3223418adf9a25000
- SSDEEP
  
  96:g1C0Qaep2wbE+WH1/FMXF6CGQhFzK1KQ5YnhElMmV4d:4ep2w5k/FyEt2gN
Score

3^/10
behavioral3 behavioral4
- Target
  
  Uninstall.exe
- Size
  
  50KB
- MD5
  
  1c185f9c6a1f965a6396f9f31c6171fe
- SHA1
  
  09063d7724a1cd17a3eb4cc228ca3e5cfad8a98b
- SHA256
  
  f87b53085983c75bf3287763cc547558d2355565b47c640db2959d2ad0273475
- SHA512
  
  0ee85caf6c4484c74191180e640cf243a9688e3475ed923be8851d66444c0e2b852feb78b8668dcf469283868dd3ac44666ba879cc1296f80fbee3982598bbf4
- SSDEEP
  
  768:cxiph+mxirdR6y5wmp+USVq+U5wR3E9ZJt9GSFS6sWkJv+eJRn5Am6kRRJ2iZ3i0:wAdSRwm/V4skJmqAELVigLilqGVvA
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  register.exe
- Size
  
  35KB
- MD5
  
  1d95755ffcfc57da3b9c32ff5fdb6934
- SHA1
  
  c8a33a7b3394c1b4a0ba04d68b07579d711274b3
- SHA256
  
  94779bc3bd7e5a2a284a4839bd3b7a18bb59527d88b1d57b0f547eae67360fcc
- SHA512
  
  6d17f5a263699b683232f5f6b3c769a88e7c917e55bfbd89d0b847259340ff86d7e0ba36f3dac27c56a01ea4015b80607bc04b22de4b19aa1dde8af895a1324a
- SSDEEP
  
  768:FHaBX1ovfDMSA3yVG0nkrA/W7w2hyXV2tCIa6syM:UM3DMSzVvnkrA/2hyXQAB
Score

7^/10
- Deletes itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8