d188955e07254e5a2f367f236ed7e3f199ef8e8c759e48d6f9946d8fbfd0fa9d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

266303070fc1bd775014164fc31d6104_JaffaCakes118
Size

230KB
Sample

240704-1ybfcs1gkj
MD5

266303070fc1bd775014164fc31d6104
SHA1

e303b77eb9c24e75447229b7c06390fc7272c079
SHA256

d188955e07254e5a2f367f236ed7e3f199ef8e8c759e48d6f9946d8fbfd0fa9d
SHA512

ba3d35218148457e0fec722b8e8230f458effa8c71a08365d2c552de1aa94f70faff09228e5ce6f4e739e41b99018cfd2188cafee5d6ea10889ae8f2b05215f7
SSDEEP

6144:P4IpXL2U8z2XqRe0mLGmZAgirEbka7Y5W:lZL2U8KXBPamZSgY5W

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  266303070fc1bd775014164fc31d6104_JaffaCakes118
- Size
  
  230KB
- MD5
  
  266303070fc1bd775014164fc31d6104
- SHA1
  
  e303b77eb9c24e75447229b7c06390fc7272c079
- SHA256
  
  d188955e07254e5a2f367f236ed7e3f199ef8e8c759e48d6f9946d8fbfd0fa9d
- SHA512
  
  ba3d35218148457e0fec722b8e8230f458effa8c71a08365d2c552de1aa94f70faff09228e5ce6f4e739e41b99018cfd2188cafee5d6ea10889ae8f2b05215f7
- SSDEEP
  
  6144:P4IpXL2U8z2XqRe0mLGmZAgirEbka7Y5W:lZL2U8KXBPamZSgY5W
Score

7^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/DcryptDll.dll
- Size
  
  14KB
- MD5
  
  904beebec2790ee2ca0c90fc448ac7e0
- SHA1
  
  40fabf1eb0a3b7168351c4514c5288216cb1566d
- SHA256
  
  f730d9385bf72eac5d579bcf1f7e4330f1d239ca1054d4ead48e9e363d9f4222
- SHA512
  
  8bdbbaaf73e396cf9fd9866b3e824b7e70c59a2bdefdb3236387e60d0e645d011265fe79fb193f6c0d6abe2e9c01260720c71cd8f068fcc4624760511c54efaa
- SSDEEP
  
  192:apY9VuCnNCbs8dNyHdrvr5T1KEtx/9ehuhiDTUkSv/DxRyeHk51I7n13Xm:aptMNUjyVvGWxauhiDDS3DnyK7nF
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  cb814a4c1dee60973379e6c3c9386777
- SHA1
  
  34cfe1505f1d366f097ec1bc1e45702d545d9fa5
- SHA256
  
  eaaac5d639a5371c27af960463380db9c6aa7c4656fc2523b6743436c72ecc18
- SHA512
  
  be562bb4b4b00bc2343bde83b9c4f5bf7e2938c7af0ee069c2dabe8ad5681676efb05482ec0531faf6c19f7771e8b118ceda7dbc2b28c14d375875d1046ca244
- SSDEEP
  
  96:Z+kBC0x22epxPEvC4FkWE+in1/FMvsCGRfRFqCB5tOGhEl5VN:Z+0epxPE1r8/FtmCDtdg5v
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  0526bedbefd95d8ab1330b665e78cc21
- SHA1
  
  1a59a1fcd25372b4c8b6dd5d37aa732b15879486
- SHA256
  
  01890288a95401c1cbda6d1fc1fca77f29b4547a968f979d552a9b4bfe19428b
- SHA512
  
  0018aa562b237aa295a98a8de8a008ae5ecd5bf299a0f0e81011f4114da8dab581bb5d1dd1f953815abaa03d54803722cc611b9e53ffeb64c8996c652559d4b0
- SSDEEP
  
  96:G3X1XJX70VnIjKdpClMdOfHFI2NaeI0Q1qND1qN3riUTEVXScL:Gnx1AVnIudpClyOtIs1QUhUZriUTEVX
Score

3^/10
behavioral7 behavioral8
- Target
  
  Uninstall.exe
- Size
  
  51KB
- MD5
  
  dd9e67385a2d790634f3610a2624a6cd
- SHA1
  
  fa44223dfff5235db425b41789dae4ece9e8099a
- SHA256
  
  a045875008e7a170e8ef803c48a2c8072d48d423a8d6f5c52fd376f4c4bcb300
- SHA512
  
  8f6e52e550aebca87e73be8f2918316db63186c2ec8c77316cd47a9464ac1c1ad2af5412c961a72ba249512a8e45ba50d107049e7880a5be3f040eb005482a84
- SSDEEP
  
  1536:PXSXF0L6OvLDMN2LfBS0DamJQqAELVigLQCi:PiLewiDamJ/AI0LCi
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10