97cf70062f25b360a517a632165ac3d0f0a28de8cc332438694be046db8d349c

Sharing

Copy URL

Twitter E-mail

General

Target

432fbc7a96000d736691968335349be5_JaffaCakes118
Size

5.1MB
Sample

240514-1mt4bsad62
MD5

432fbc7a96000d736691968335349be5
SHA1

686e567a3de7d523925cdb81e395f39393045f0f
SHA256

97cf70062f25b360a517a632165ac3d0f0a28de8cc332438694be046db8d349c
SHA512

7df599dea8f99f14003bf903d4b9bc530f9b8f191843961661cedcf0f69eea86500508bfd59320cb331d75001f1cafaff1f3ccd87cfe0b537ac95fcc1bed1c79
SSDEEP

98304:PwdiLvNFvHdNE7cUmOUOLW8thpv86EFptzmi4/XsbZmllNZ7pbxHi:IdiLvN5dvUFUvIhpk6EPtzp4eZmlBXi

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  432fbc7a96000d736691968335349be5_JaffaCakes118
- Size
  
  5.1MB
- MD5
  
  432fbc7a96000d736691968335349be5
- SHA1
  
  686e567a3de7d523925cdb81e395f39393045f0f
- SHA256
  
  97cf70062f25b360a517a632165ac3d0f0a28de8cc332438694be046db8d349c
- SHA512
  
  7df599dea8f99f14003bf903d4b9bc530f9b8f191843961661cedcf0f69eea86500508bfd59320cb331d75001f1cafaff1f3ccd87cfe0b537ac95fcc1bed1c79
- SSDEEP
  
  98304:PwdiLvNFvHdNE7cUmOUOLW8thpv86EFptzmi4/XsbZmllNZ7pbxHi:IdiLvN5dvUFUvIhpk6EPtzp4eZmlBXi
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/KWGameBox.dll
- Size
  
  183KB
- MD5
  
  8e0735b36577544675bd2508e9c4b62f
- SHA1
  
  17da8421f07cefb3ea39e90f499a62fe6925cab2
- SHA256
  
  271fe57637b2bee081bdedafe01c8030ccceecd727b6f0495c71f575a00da939
- SHA512
  
  aae985be67fa9521b79c3efc6841d7de9cdc018e80eac61771ce34181975a992944249b03366b79614b13ff77a760679d918193b15263d0846d2412564e9223d
- SSDEEP
  
  3072:01ocJejMQ0+pOr3VCWtqWqRXE/EbtCimxn+GS8ioP5f72d:OEjjE0TWqOeCimx+78Ht7
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  4KB
- MD5
  
  99f345cf51b6c3c317d20a81acb11012
- SHA1
  
  b3d0355f527c536ea14a8ff51741c8739d66f727
- SHA256
  
  c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
- SHA512
  
  937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/KuWoNsis_new.dll
- Size
  
  131KB
- MD5
  
  7aff208a344394104f171d8e7d5f0a47
- SHA1
  
  2a4366b88365f93a281b9288de040fa84e3d0c78
- SHA256
  
  d7b3aaad152cc2f782fec2ed2b9f123ce7a624551f7f3e3aac9384bf6d123b58
- SHA512
  
  0398b91d2be430d03be0b622ac19c5153c9bbbb74127fe1a20f4424d02d031ad574cb56c5c7ce8b93ac0b9ec70638be7a36e9d364a5732c47743c0b392f4d26a
- SSDEEP
  
  1536:XcUsV87Fox3kbAxTuOaK7xXH/PulnwPXQ9vCgzxQaNmLLmA5PBUyVc:M5G7uqbAf0cYCaNmL/5pUy6
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  0ae9c427fe7bbbbf1368c1c6d3933ae7
- SHA1
  
  c8e5131613302531c88512dada29a18886259268
- SHA256
  
  49437f4b9fd38007f3b2735f0a8a12830b995305c75118b440202980183d5c6a
- SHA512
  
  59b76b00f2b0d6242dc5bc3cb36d3ff78867445f502e34cea890c6f493c2adf9b97cec539963204ddd1c641e1a77139f46fc33dec4dc636f4b06d2edffffec6d
- SSDEEP
  
  96:vCCshwlpqUsYghN/9uvZ7CLWNCSiiVTQYBGVXRvuBDlSriklbuba1iLc+cEyzo7e:BzqUuh/uLCXIkYBGV9uVlSblbubbwtl
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  20KB
- MD5
  
  c498ae64b4971132bba676873978de1e
- SHA1
  
  92e4009cd776b6c8616d8bffade7668ef3cb3c27
- SHA256
  
  5552bdde7e4113393f683ef501e4cc84dccc071bdc51391ea7fa3e7c1d49e4e8
- SHA512
  
  8e5ca35493f749a39ceae6796d2658ba10f7d8d9ceca45bb4365b338fabd1dfa9b9f92e33f50c91b0273e66adfbce4b98b09c15fd2473f8b214ed797462333d7
- SSDEEP
  
  384:EVJOXQZkjhm+Np3aWgzxljzbbEUhU7ya4LtU0Ac9khYLMkIX0+GBty3S:EeXQcm+NpqWgzxljzfEUhUua4LtG
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  8KB
- MD5
  
  ea9831bdfaa5639bf54de71c6b2d828f
- SHA1
  
  2e54592709bdc071d67fbf798681daf58f748e28
- SHA256
  
  790a2137bef55443c1b11526cd76110a9d9a352956356b4b254a37ec4d252bbc
- SHA512
  
  1adcfcd3fad5e3280175362e9ce8197f7c9a59c5cf9ecd2b526f077eccb623c58e1639c0c520e380944e6913db5b8d23936d5cf76932c6475c1533e4506a9876
- SSDEEP
  
  96:N5uaX19Pld1xvNBFzvLnLbCxQPXX56lHpYkU6:NDDjNnzvLn356lJxU6
Score

3^/10
behavioral13 behavioral14
- Target
  
  DeskTopTips.exe
- Size
  
  71KB
- MD5
  
  2808f82f14f3ad923ef92580c344d60b
- SHA1
  
  3211fcb41312d5b2956ea3a8c2c6a9fcc2772eb6
- SHA256
  
  d25ab97830bac7dffabd23cafa005c069065d836050dfc0c33ee3c1bd699bb66
- SHA512
  
  2a64cf6e5b21fc3ad275572ea26610f6eac1ba4329c7f7ff7b90d09d4d9d5b9be3dd15fc688fb8d7d5e5db359adb652333a40576220221f660c734357de0747f
- SSDEEP
  
  768:d2JQ9iOdQkMAsxMUz/FR1UcUROgDZU9qZU9dxN9:deBSwPFR6cmOgDpah
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral15 behavioral16
- Target
  
  DuiLib.dll
- Size
  
  1.1MB
- MD5
  
  072a7dba075bbdf410084209d9cd7be0
- SHA1
  
  0841c6e27a923cc3c1b56b93fb58b40697a0caf9
- SHA256
  
  75192b27f01751bb998e6fbef58d190ea88aa5d1c4c61b3638501b6fd31eae52
- SHA512
  
  5bdcae3a6f448c5b79c976132cae6a8d6a2eda0b8e1db0a87c028ef0570aedaed1f7f15867f68203e4cb2ebbba5ca145cd59cb18f4bef5c79e291d1b106fcb4a
- SSDEEP
  
  24576:R/Wxi0+tKI/FlLzvYBjzUeMiof2CgxfTqGuFEEK3h9VsIBTPbs1KK5TXE:9Wxi0+tKI/FlHvKtMiof2CgxfTqGuFEp
Score

5^/10
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  DumpReport.exe
- Size
  
  100KB
- MD5
  
  9c5db397a01d148e9ea5f1b7bd9d9e33
- SHA1
  
  98fe8df670c9deea9e3c5ff1dadfc4a635d94fea
- SHA256
  
  dfc153d6261063f637bedcc192a70668a040d7f916040d11f69e1bce149a2957
- SHA512
  
  8ee6c583b14130d2185b59301c530e3e716405fc76e5d0b38529534e95a182c5ea830ca2bd0de8a6eace2f91d039c62ddd0f0d24a70d0840d36b7a1f993f69fc
- SSDEEP
  
  1536:+FnSHMHmrd1R7hMe6PrNCksfGfY2qHfSHZfSf0RFODzaMeaxK:+Fn6db7hN6ckLfXigZ+0XOPaMeaxK
Score

1^/10
behavioral19 behavioral20
- Target
  
  IEProxy.dll
- Size
  
  60KB
- MD5
  
  d4b84356bdd1621ee021a886a3a4cbe2
- SHA1
  
  de320fae55cbec111d1157ac13c8e199d0367013
- SHA256
  
  0b423de2edd113b68f159e70d50630c607fd61d18eb5a05ce5586c6228d38c44
- SHA512
  
  181ad864fe9802f900d0aaf95aa8b4c96ecbd3c37f1ed53f8a90610c0da135bc68322b0358fd555b66967f9e720768704d8cd512b8b3b1521c507b3de3148097
- SSDEEP
  
  1536:UZy5Ylu4ga8rHtz0DySidaFixpOt0jS/G:Legxa0paidaFsOto
Score

5^/10
- Drops file in System32 directory
behavioral21 behavioral22
- Target
  
  KXShortcuts.exe
- Size
  
  29KB
- MD5
  
  7be88d4b47596cde086bf62ee6a787d5
- SHA1
  
  dc60a5235756e6cdd9bc3913753eb58efb4683e2
- SHA256
  
  bdd337bb138f2018ef5582997f6805903e3b9bd64af40b0d7c770bd572ad929b
- SHA512
  
  dfa6c71d9e8b7065ea038e57a079ceed6acf65a65255ddac1724614a84211d0e939a6bc5d8fa66ec9c1dc01199232aab7b197032c048dea736edfd28201f91fb
- SSDEEP
  
  384:khuSIeIA4zR654qJcoiA/519/H9d+gigfSnYPLxukq2eMoRnf:khuSyA4zQJcteXFdd+gH6NPf
Score

3^/10
behavioral23 behavioral24
- Target
  
  KwDataDef.dll
- Size
  
  17KB
- MD5
  
  12a3a448167d7547b5678be8ae2ef1d3
- SHA1
  
  e560f9f221facd9e94d56d911ceb0cff87de5b14
- SHA256
  
  baaa76261d1d79b77f6fda9dd2aace358f36229d5045dc32a6d6ca96e6fb1051
- SHA512
  
  4e363dc6ab1ce0e2a98ac9ef7df5fc35ce3c4c077fae9f5bf18739d8229eca3fbad6aab3d927c6c0c323f2847a5fccb2dad31f3cc96556fe896e38ead33e1bd6
- SSDEEP
  
  384:LNn8zAHdefJD+02OK/ho6mwJnYPLxukq2eM7:J9eRS02OKu6TJNm
Score

3^/10
behavioral25 behavioral26
- Target
  
  KwHttp.dll
- Size
  
  33KB
- MD5
  
  9824e08e106141016c76e567f2fd5101
- SHA1
  
  a488f77b87d4f819e22d0e16dacb17452f1ea0f0
- SHA256
  
  82e3552d4bd884915d20d896e849311f2c256d0fcc00d4a0a6bac77db2f288fe
- SHA512
  
  7a35faf543ffef5e22cb1dce1218f6bb33813111d2c02b385aae4276cab0b8dba6f3664dffa3827819c8f7e8c8cd219c563d5b616da26cde576980f18f758920
- SSDEEP
  
  768:9royX6reiBZej10mpjwr0tjOtT9rt1CBNZXi:9L6rlZeJbpjBtjOtTOy
Score

5^/10
- Drops file in System32 directory
behavioral27 behavioral28
- Target
  
  KwHttpRequestMgr.dll
- Size
  
  218KB
- MD5
  
  3acf7dc0bfcef3a762e69fb012c49f12
- SHA1
  
  a473adf505b17692898caebf83fef109a0cb5875
- SHA256
  
  4549a9399fe7248d57053f84db2643c00f5e914ef29e70d8f4d2901c71c26063
- SHA512
  
  648f47c0c28b1a7f0a93a162139cd85b4c1dba36de3b63b3abcd95a2a343e08de7650b1ecd26aeacc2e6e96eae6bed480acd056babece42801f1188b2bc94a2a
- SSDEEP
  
  3072:wYpZfea2/MK6rZ4198QOMLcWybi5SZBEL/cWNwjRgB1sSp06KCMc8lPGOKfiyr:wYpZfkp6rILcNY8u+c6GOKf7
Score

1^/10
behavioral29 behavioral30
- Target
  
  KwLib.dll
- Size
  
  535KB
- MD5
  
  ba14a9e86cd2fea7833f73593c47b4dc
- SHA1
  
  b0eadccbdb90f82072bd8a0bba99a4b756c933dc
- SHA256
  
  1f079935526bd2641cf4f2e97b758f122a1164dd672ca9bbb3f65a468a4bb868
- SHA512
  
  58330dcd3753ee00f3829beb5f150bacb144254ff1edaea2a175d637dd394fd3c8f2c1ad8f3587ce917965fb18248f5ceded2e437ead24fa5480f10834ba7b53
- SSDEEP
  
  12288:mUc/Q1cnuCWGGZTy3XZglJ1EhTaFT80gGc:C/Q1cnuUiy3Xml/GTCY0gl
Score

5^/10
- Drops file in System32 directory
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Modifies Installed Components in the registry

Enumerates connected drives

Drops file in System32 directory

Drops file in System32 directory

Drops file in System32 directory

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32