125f296c4f5617819ff56818e3b6c6e2cc463a994e7061a8a5fc58dd189ea3e3 | Triage

Sharing

General

Target

5e8b946264a8f10a8ccfbb5598a189ba_JaffaCakes118
Size

1.0MB
Sample

240720-b3m8aa1arl
MD5

5e8b946264a8f10a8ccfbb5598a189ba
SHA1

36a0e9105e946f88fa07f39b33c2a92478f8eacb
SHA256

125f296c4f5617819ff56818e3b6c6e2cc463a994e7061a8a5fc58dd189ea3e3
SHA512

52406dfac8440ce8aade839ab4bc63dafed96940aebf45eea5642b2ef5c0834c6dbf500a7c7ecb16a78e4697cdaf07593d2b41c3f85a02d832c9d1decfc00e7e
SSDEEP

24576:7puzpzyeFb/JPjsO1kcAa/3gJmuF054RV1tz8JGn:7puz9yeFb/J7v1kcAYENz1NKA

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  Keygen.exe
- Size
  
  26KB
- MD5
  
  744b5527c34bbf6a0f302441f73b53dd
- SHA1
  
  c206ea53b3d90934bb6258bfd773a55f76819090
- SHA256
  
  1da9b44e34d566802778a16af35d08810fff35229496a60555d4eae8f11a4088
- SHA512
  
  816cb5296ca7817ea83e58b5a54436a4fda424c78048553876d8dbe7742e86f2d4f3f8c3a8e3081f49b6e557935298583abddca0440c6946c43c478135392443
- SSDEEP
  
  768:PzGGumVu4k+EhdOoORX1iHMz0R9ZXePMPKB/t:rGd+0MRX1is0gPMPK/
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  WinHex.exe
- Size
  
  1.4MB
- MD5
  
  0bc48abad1ce6dc97a649e42f31d668f
- SHA1
  
  66b405640d43de81951e6202c2d7c239949ed6a6
- SHA256
  
  8fb578ca01388b5e2d6749418ee072d1b52a7c03e0aebcf0265f88f74d68e138
- SHA512
  
  a5f4ddfa5d9123b9705b77b8ca801e72bcadf30a6e8c380284f4ab5357ad02c88a31471e8c09b469d70d2158861cc793fb2c91303f183779727c5bb63bfed19d
- SSDEEP
  
  24576:3AmWVRjgsSykFQtV7GF/1JmbxEzl3trUuzOsGfO5hdOhPhvd9lWhM5GUMn0Tjl:qttV7m/Lm8tHMO5o5dzwUlTjl
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4
- Target
  
  dialogs.dat
- Size
  
  150KB
- MD5
  
  45c6e0a1949c5c4feecfa8c66fdab2a6
- SHA1
  
  50d286260a53b616168c85553e2b27a0b061afca
- SHA256
  
  2f7eac54a270466b035590faa774e6c6450f81645d5d5688227e75230f8b7b7a
- SHA512
  
  1dc516a3879bef83f76cd2f88bf0d1cb93685a890e5937b74b8de9d1d0a5abcef7834e69d9759e744183c23fd0dd7cd63b1b96363b39c5a3c36caa993eefc75d
- SSDEEP
  
  1536:L9DPZUtR0JUtRe0CWI1q6bbxcg3Xk1REv4bsBl+q:pDRUtR0JUtRevbqyxckqEvusBl+q
Score

1^/10
behavioral5 behavioral6
- Target
  
  external.dll
- Size
  
  7KB
- MD5
  
  3a4e41a3eb4c9057ce38965f2c87a103
- SHA1
  
  5eb4e01370b3d003148dd9bdd860f2e2eb1e0468
- SHA256
  
  0a9705575b0b40324d3caf404db58bfa6a8a098d7dc5b0ee78ec5da1aac1ad4c
- SHA512
  
  fe8d2840bc9c877499a1945dcb4391fbf08ed7524769a8c5497e959aab906c4a6a1a05458f9356db66eecb78f259e749333eddef27ba46b0a7391d3c056a19e9
- SSDEEP
  
  192:xWhUnOndb034VZc9ZdDDOBVWGV+U28eOxl9Ac:UZbIDDcWdml2
Score

1^/10
behavioral7 behavioral8
- Target
  
  psapi.dll
- Size
  
  14KB
- MD5
  
  2959bc8100891018ac69ebd55b1becc3
- SHA1
  
  7ab48be94f3e792f9ef34e8df4756235e81d526a
- SHA256
  
  1b9491364db5af8c6c64c91858d1ac74461d2931a10a5f7e46f1679dbbd7e950
- SHA512
  
  38e6e6dc98cdb538a3736dd62cea57fb81d1aec27142f4720d656ab30ab94aae0a8fba6033be292dc1ea428f61473bfe24e2226120f3e6eb65f81e1f6a2ee2e8
- SSDEEP
  
  384:G1ncyubrbVlgocG1FAt7PyrdORoGDrbgL5ZWZkYWO:GOyyvVlV1FAt7PsdODbgLp
Score

1^/10
behavioral10 behavioral9
- Target
  
  setup.exe
- Size
  
  27KB
- MD5
  
  8bf8d9d1ec6093701cb0694f269d26fd
- SHA1
  
  e3a7c8ad993c5771792434c48e823f86b6a89640
- SHA256
  
  fa5c38f264aba0e77e8752feb1ce2dfec1cf80154c136e8b816f251f1ac2ab76
- SHA512
  
  ee06a25a995c77672f13ca6c9fc5477cb50c964ef4b50b4fa0dab38a72c62f5f2485cb4d54e1edcc8f504d0ed22b420f0d931cccb4b529b0db2761ab68c5a42c
- SSDEEP
  
  768:ADTNi7eKAKn3zSVy/E7fI34RocT/etFbZcoQiw/ZOuYoE:qBi7e6zSFPX/eioQiwbYH
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral11 behavioral12
- Target
  
  zlib1.dll
- Size
  
  58KB
- MD5
  
  80e41408f6d641dc1c0f5353a0cc8125
- SHA1
  
  6d957ba632df5b06d49a901f2772df4301610a2a
- SHA256
  
  b09537250201236472ccd3caff5c0c12a5fad262e1e951350e9e5ed2a81d9dde
- SHA512
  
  857d4dc087c73f00d79bf70edfc67ddc0b15a86a4fff366d91e5ef6684af43eed7dcf8579f6b4fb35dedd090973e2bde1a82aae07642136b608eeb1d567e5c03
- SSDEEP
  
  1536:b/jUwfZ7BURaHUry7nToIfYIOlIO+CM6:1x7BURaHUrgTBfev+CM6
Score

3^/10
behavioral13 behavioral14
- Target
  
  安装说明.url
- Size
  
  260B
- MD5
  
  ed83e978f409fcebba2825b084f2c140
- SHA1
  
  4548b5565354024dff5f387fa825fce7d11e67fe
- SHA256
  
  ac996e7c6b803289cbb4eb6cd62cc7e63dcd456aa18dd7fa88aed066b06218ac
- SHA512
  
  2257a6118aac1a6368749357433e037798d1765dee71addb73fa3e98b27335bf7000786a0814d6a5b3a5f63eb25f13e49559da8e192f48dd230d1c344763a377
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16