dbfdf8e451c3dabf8be991f38284e114cc208432b6cce1ff2a132fff129e29c5

Sharing

Copy URL

Twitter E-mail

General

Target

68f15793cd17480d51f9502c42455820_JaffaCakes118
Size

1.5MB
Sample

240522-22lwyacd98
MD5

68f15793cd17480d51f9502c42455820
SHA1

e9f561ccb6459315d7a3b5fb2ba414ce5669968f
SHA256

dbfdf8e451c3dabf8be991f38284e114cc208432b6cce1ff2a132fff129e29c5
SHA512

f1757e7de967322f87dfc08ac5d03c06e7955a0096c10de41014b5d0c41df794766ef2692fcc2768ca3494b0c8ced41d986392b9e83107e3e261ffc131699b83
SSDEEP

24576:u9IyvSiqdMexsVSzGLqVrWyTLQWTrvYtvAETM5ynvXtXJrujxUDyCBsJ82v0uwmD:MqiexqSQwFJTivAETM4nvxhaq/B5W0IB

Score

8^/10

discovery upx

Malware Config

Targets

- Target
  
  68f15793cd17480d51f9502c42455820_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  68f15793cd17480d51f9502c42455820
- SHA1
  
  e9f561ccb6459315d7a3b5fb2ba414ce5669968f
- SHA256
  
  dbfdf8e451c3dabf8be991f38284e114cc208432b6cce1ff2a132fff129e29c5
- SHA512
  
  f1757e7de967322f87dfc08ac5d03c06e7955a0096c10de41014b5d0c41df794766ef2692fcc2768ca3494b0c8ced41d986392b9e83107e3e261ffc131699b83
- SSDEEP
  
  24576:u9IyvSiqdMexsVSzGLqVrWyTLQWTrvYtvAETM5ynvXtXJrujxUDyCBsJ82v0uwmD:MqiexqSQwFJTivAETM4nvxhaq/B5W0IB
Score

8^/10

discovery upx
- Drops file in Drivers directory
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral3 behavioral4
- Target
  
  CashReminder.exe
- Size
  
  433KB
- MD5
  
  e6791bdbe847d61dd230d755959f2da5
- SHA1
  
  dd8594aeb11317135d36382a1961bc9d5893c97f
- SHA256
  
  1598a10fd9bff8ba91aca0e500cf6d0c8b338d34adf4559adf2af5c1a0964b09
- SHA512
  
  f80e64a7d15bee857a7c38fefa2cb7490a46427cce0b972ffdf96c90ea99f698e069672e7ea7570e8d76fba07a664699468009d1e6173d83cdc9fc94e60135e8
- SSDEEP
  
  12288:Q/G5VlcQFpXtvXbF0MYQFNJpZ/84m8TpV6ZID:K+s2HXbF0fu5k8NVb
Score

1^/10
behavioral5 behavioral6
- Target
  
  ProtocolFilters.dll
- Size
  
  360KB
- MD5
  
  fab8104ced422c551bcf2dda631e5930
- SHA1
  
  ccdb59de36d3ca7fe080f173bf437a98701a367b
- SHA256
  
  34fd513f254f3491a314b64f8883b289ab96a2b975ce6fa357c0ae11ed12d3df
- SHA512
  
  52608279186f108284bef7cf5e6031d67ae1d700121a22ef7da00a8ef81ae2430e64adabd2fa9c186ebf7d7d5c9df8bd0183d35071d4c1e594e8118a0f576870
- SSDEEP
  
  6144:D3mkK2/KEhmtBzDz11hqnhOvMZWZc0Nytv8TBzMIkEZ:bmkK2/KEhmf11hq0MkVNytv8TBBkEZ
Score

3^/10
behavioral7 behavioral8
- Target
  
  crfilterdrv.sys
- Size
  
  60KB
- MD5
  
  ba258fc37e7dc9c020411346c9de7193
- SHA1
  
  35a9701bb7382d32123611ee25712ec77503f1ad
- SHA256
  
  0d67907e58ec9a9b1349ed2133e3ca92daf74802f84b1351d8f9083715b83f64
- SHA512
  
  e45227a1105c418fd0d0be79f13c486c5d14470aa84c21a6d8fb6029518d44ad2c4a64e0f8357372e9396875c0640e0c9abbeda7f2a955f8cd3809e953ebc2d3
- SSDEEP
  
  1536:3VNKHJ963QUTqRJ6EUY2yE3C93u2Ha1YkDAZZsOUHF:SHJ963Xk9IS93u915DAZZsOi
Score

1^/10
behavioral10 behavioral9
- Target
  
  libeay32.dll
- Size
  
  1.4MB
- MD5
  
  47a9d585dbf59f54574d978c4200a520
- SHA1
  
  ee99ab151751ee720833efb0c3a031d09bd13833
- SHA256
  
  421454bccf67fe6def1c13ff6314fd3fb69d667a421a1c1461209164bc9ad780
- SHA512
  
  d23516719ff06134c8614d27813b828b7815298404824623ae25a35dafde6515ebf80476405235933faad9bc70acfe5e295e8fabe5af091f544a23f3e2a0b565
- SSDEEP
  
  24576:mWjg+KpPcIQ7Wx3/BBO/xHZhq7itAyzNQiAUpo0e2u4jJGh90/+SQ:EUq7OJHZhqiZAUpo0e2uKJi0/+SQ
Score

1^/10
behavioral11 behavioral12
- Target
  
  nfapi.dll
- Size
  
  124KB
- MD5
  
  04a835251535006c85473a604fba8bdc
- SHA1
  
  4bed678d9836e20d1f48792a8f4ba1d41e94f629
- SHA256
  
  e99db65a51db72018f0469b6d5096a2d469b790efdeec50a955b8ac4e19f16e8
- SHA512
  
  e47c5072fd8b581e8312148ca48490a86d4f51d58e6acef90d3d3de8bca5660d62a1b935357f9307c6f89cc35d1d332b0f42f402abf87a8959d4c29af8e5ee67
- SSDEEP
  
  1536:sr+PkxJ8MsJvDT4cOApaeaTJ8lxu5lAdzliDofmcpoBzAwI6U/VIWpVDSUt/aup:sr+5MstDTHOApXTZmBIF/aWpVDDtSu
Score

1^/10
behavioral13 behavioral14
- Target
  
  ssleay32.dll
- Size
  
  368KB
- MD5
  
  2da6e9df4979ca65a01c4df6eb5600d2
- SHA1
  
  8bb90aca4e3387629e76d5c8cb53743990d891ec
- SHA256
  
  bfb7a9a4d5501d21cd575ec6f65b10ec3d43e6bc137d7b6469daf24ee0b65d14
- SHA512
  
  e146c42fee06702b80ca46d7a281a8c0600b9a35213accac29dc3c505d9d1f0405c4a69f22258042fbe4d35278c2c47ba878b1f2bfaa739eb1501428ea5f90af
- SSDEEP
  
  6144:tS4YNV1eN5+tEmD24Y3m5staz+5UGhB5v7gwOmnpRt+i0QKYU6PuCv7CNbA2WQzY:1YNV1eN5+tEmD24Y3m5stazIUGhB5jgm
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Drops file in Drivers directory

ACProtect 1.3x - 1.4x DLL software

Deletes itself

Executes dropped EXE

Loads dropped DLL

UPX packed file

Checks installed software on the system

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16