10d02fb849dd8c2b238ff80d5c3e34fea0f06ad645520d7ecc055f68859d603a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37cd02c6c9ba05fff06321ff85fb5aaa_JaffaCakes118
Size

345KB
Sample

240711-fp4ekasfqh
MD5

37cd02c6c9ba05fff06321ff85fb5aaa
SHA1

ae76279755e043315a2ab3b04420e310b46d0398
SHA256

10d02fb849dd8c2b238ff80d5c3e34fea0f06ad645520d7ecc055f68859d603a
SHA512

e9d4d0c8758ad09e28ad8e9cc79b24d1ceee30956d0b510958a36d5b7284f9127abf878178b484cd02d68b099fd9b70ecff86ccd5517790f39f4ce7a201c2515
SSDEEP

6144:We34a1RgSauaCW506jr4eyQAzpqJmDKXOcafmRXGjpx6JTK:T17aS12h3AzXKXOcafxyJe

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  37cd02c6c9ba05fff06321ff85fb5aaa_JaffaCakes118
- Size
  
  345KB
- MD5
  
  37cd02c6c9ba05fff06321ff85fb5aaa
- SHA1
  
  ae76279755e043315a2ab3b04420e310b46d0398
- SHA256
  
  10d02fb849dd8c2b238ff80d5c3e34fea0f06ad645520d7ecc055f68859d603a
- SHA512
  
  e9d4d0c8758ad09e28ad8e9cc79b24d1ceee30956d0b510958a36d5b7284f9127abf878178b484cd02d68b099fd9b70ecff86ccd5517790f39f4ce7a201c2515
- SSDEEP
  
  6144:We34a1RgSauaCW506jr4eyQAzpqJmDKXOcafmRXGjpx6JTK:T17aS12h3AzXKXOcafxyJe
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral3 behavioral4
- Target
  
  DsSearchBarU.exe
- Size
  
  710KB
- MD5
  
  abd290817d46551a91589c79af18cc21
- SHA1
  
  5f59fa91bdde3f7b1249bfb8b8036b4180dae673
- SHA256
  
  1e37e8e651f6c71fd93f3dd62fb5bf856b1368a048a879a16561fffb87247247
- SHA512
  
  f70cb21623848399b87b3cc135b6a853a88b2483c72e044b6bf90acc9cc5ef9a9fa2e0c87c760d4ad4919724ca60b20f43340acc72c294db9e3c5a1d2c718f73
- SSDEEP
  
  6144:FSVeS5tTZvGgnlcdFiCUz9buLkz3+mNtYgfYZtdy/1ElXEbs2eOdIox+GeP9:FS7G8OdmpsmrYgfYZXydEQecIox+Z
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

behavioral3

behavioral4

behavioral5

behavioral6