30e07e1ffb8283f4c30c9bd643e759cf8246bee8e3bfa4de8ea30beac532a68d | Triage

Sharing

General

Target

41e52017f48ae7c7dee7a4cf08b71352_JaffaCakes118
Size

113KB
Sample

240514-r8wdvabh33
MD5

41e52017f48ae7c7dee7a4cf08b71352
SHA1

bfef133c259c4b660a9d0966a0d77707ba5b18d5
SHA256

30e07e1ffb8283f4c30c9bd643e759cf8246bee8e3bfa4de8ea30beac532a68d
SHA512

2f28054d6c4f91150f5d63659014c84981cf409e7135303697fb83c25c509078dd4b1c6adb835ef7fe4b91d95069e9300ba4877390ceaeb15e7827e5e3e47ccc
SSDEEP

3072:EwJ52Y7ZoH5XJaGWee+VzFnwast+j8g7lckSl:EwHysdV+VzJJ+kSl

Score

7^/10

Malware Config

Targets

- Target
  
  41e52017f48ae7c7dee7a4cf08b71352_JaffaCakes118
- Size
  
  113KB
- MD5
  
  41e52017f48ae7c7dee7a4cf08b71352
- SHA1
  
  bfef133c259c4b660a9d0966a0d77707ba5b18d5
- SHA256
  
  30e07e1ffb8283f4c30c9bd643e759cf8246bee8e3bfa4de8ea30beac532a68d
- SHA512
  
  2f28054d6c4f91150f5d63659014c84981cf409e7135303697fb83c25c509078dd4b1c6adb835ef7fe4b91d95069e9300ba4877390ceaeb15e7827e5e3e47ccc
- SSDEEP
  
  3072:EwJ52Y7ZoH5XJaGWee+VzFnwast+j8g7lckSl:EwHysdV+VzJJ+kSl
Score

7^/10
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  a436db0c473a087eb61ff5c53c34ba27
- SHA1
  
  65ea67e424e75f5065132b539c8b2eda88aa0506
- SHA256
  
  75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
- SHA512
  
  908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d
- SSDEEP
  
  192:aVL7iZJX76BisO7+UZEw+Rl59pV8ghsVJ39dx8T:d7NsOpZsfLMJ39e
Score

3^/10
behavioral3 behavioral4
- Target
  
  $TEMP/upholder.dll
- Size
  
  52KB
- MD5
  
  de0f2c4a5b7c7974f19f48b08b3d55d7
- SHA1
  
  fb4eea0fa23f0dffa17a141dd9a66e919a79d6c4
- SHA256
  
  ae257e13507e2980446867e3b5cfb9a5c57c2d09c24079d59667938e82c204b7
- SHA512
  
  812ad695df0188565f31e3db646ac7a41db41320bc3b03ea504dba8f027018661cc9fd47a38833df28e3db1bcfa45cf2b244c9231bf6bca6f01ddd81ff578c6e
- SSDEEP
  
  384:dNGrfGDudTR3VFKmlkYtlosjEfXyyoSwWa3C9svaAU+k9SVItAEVN8aUYwZS7PrX:mrD9RHHbMyuwdC9s7U+kJAEVN8azX
Score

3^/10
behavioral5 behavioral6
- Target
  
  uninstall.exe
- Size
  
  33KB
- MD5
  
  889515c301e7bfdd6fac809dd3439183
- SHA1
  
  bb0902cfc9798a7d1c8e0f3288c8bec0d60bb1fe
- SHA256
  
  fb3f23fade8d4c62a85a5d5cb95db292ea1c3a93ecf331ac9da58104a7dde2aa
- SHA512
  
  d9dde3b5b69c2c7e1308126c3375aa484943eb3614c04cfc1d2df41a63194e85e62f9391ef72b405c8078e8bb5d220c0f77e5d37c4a08360d321b67af3559f30
- SSDEEP
  
  768:dWwSOHQVoQM8ios/aASUsWRs25iUk68v1fT3XJPdE2JRnUWop:EwJOoN1oYaoZ5iV685XJPCTWop
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8