e3546b7428f06eb927a1d7856d31365b7efc7adec7eddc06c85e37fae6723f99 | Triage

Sharing

General

Target

6fbe61a6763b7878afc25b418ba16d94_JaffaCakes118
Size

5.5MB
Sample

240725-qmfwlatenh
MD5

6fbe61a6763b7878afc25b418ba16d94
SHA1

02413cff6defd9672e66336dc749eb22dcdb71f4
SHA256

e3546b7428f06eb927a1d7856d31365b7efc7adec7eddc06c85e37fae6723f99
SHA512

b5dbd3383f22f28b200567b724674a431189811be6c3e2ebc72ca99d032d1a455c020f298399ae6a30ecca4792a5319a7ecfc57816e7fe6b80359ceec62f124c
SSDEEP

98304:CiuHpLm3wUfC17xSABTnaJ3ZOXTa9124VuK/G8vQC5OMO9CBIcTR:7uHQzSSIrw0ja/RuqKMOjUR

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  6fbe61a6763b7878afc25b418ba16d94_JaffaCakes118
- Size
  
  5.5MB
- MD5
  
  6fbe61a6763b7878afc25b418ba16d94
- SHA1
  
  02413cff6defd9672e66336dc749eb22dcdb71f4
- SHA256
  
  e3546b7428f06eb927a1d7856d31365b7efc7adec7eddc06c85e37fae6723f99
- SHA512
  
  b5dbd3383f22f28b200567b724674a431189811be6c3e2ebc72ca99d032d1a455c020f298399ae6a30ecca4792a5319a7ecfc57816e7fe6b80359ceec62f124c
- SSDEEP
  
  98304:CiuHpLm3wUfC17xSABTnaJ3ZOXTa9124VuK/G8vQC5OMO9CBIcTR:7uHQzSSIrw0ja/RuqKMOjUR
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  99bc22826a0568dce241be3a4ffd0c0d
- SHA1
  
  62e4662250abdf10d23a61076fd7cbd00a5c5b6f
- SHA256
  
  120e4fac0538b7e7b75934706668063a4e7785d0405dca43fde36d55f6d968de
- SHA512
  
  35b016b6e2dc850e5432becd57f35faf73b180c0a6f822a406cf9d5439a87126c41c49aac025cdeecd38bbd01705ddbd8c217cb33134e978ecc9624053b52be9
- SSDEEP
  
  384:sKlm7i+c3QW6ckPhyDEaLnr2bbBBIXwZ:5qi8BcyhEhLCbbTI
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  6KB
- MD5
  
  c6ca47bb4198f483c8b31fd90b779acb
- SHA1
  
  ea9024cb535fd5471f30d27b22318b59cb4d31f6
- SHA256
  
  f90ebff31051802116def3349310f9b0e3dbee0f0236d54f364149e1feb186bc
- SHA512
  
  b761b4ae89ecf15edadb3015fe0d3012048f1480b84ec8d30997c128e210818d0da9c7ec75de9efe8e1e08f84501c314a32c109f4ff1e8adca2cec5a73fab7db
- SSDEEP
  
  96:z1C0Qaep2wbE+WH1/FMXF6CGQhFzK1KQ5FnhElMmV4d:Vep2w5k/FyEttgN
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsisdll.dll
- Size
  
  228KB
- MD5
  
  f6bf86cc1a4e9c901c04b6e8280dc7d1
- SHA1
  
  47103d46d93eee1cc4d0826cc37740ae0ad5fecb
- SHA256
  
  c5a5434bc3dd076842f6d794f91d33a9571e63e8240158bf3022c384d0d32c6e
- SHA512
  
  26240295781c3811bd588c93fafa59e02402c44cdab790c1ec3add37b2f6461958a5b70d6c212f807a82c2476d6ce54b1299c4b1a352a6e13621568fabf95f10
- SSDEEP
  
  3072:tNbG/kLDLNgMWkAHdq9Fd2yDh1sYVuDh58vw00xhzDMQqBOcexZY1SlsmeOIKwHq:OdHwDhbmvpxhzIQvteOmbK
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  123key.exe
- Size
  
  180KB
- MD5
  
  14152c03062cd3fe111e105cd6e10e63
- SHA1
  
  61b77bc94727fd8d9bdfdbe0254dbf0c2d35f89b
- SHA256
  
  634cf93551b05be30974caa15e30bf35a55b28cb9bbeec916c3aa7122e757bc9
- SHA512
  
  d1cb0e0660af23fbe9b831e73c46ce6121f0b25b290b8e01f190394ccd0cb460e4b968b9d99bd1c9351280a89f82fe43ca13cce3897b298e9b3d229a6de7ad53
- SSDEEP
  
  3072:YQVkNghz/ZOOfbSXHiwpm5+uut5i1oFEweQxw2mhyfR9ZkJSg0qSjyFukr:YQVeghzwOf+XHiwpm5+uut5i1kEweQyL
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  acbtkey.exe
- Size
  
  272KB
- MD5
  
  02500725b7d8f4bcd49fc3cd98aa635d
- SHA1
  
  4f646133f6d9c3e41b513617a0211f5f2320e11c
- SHA256
  
  0a444d276b016f2cc1a3c35632d6e41a28a67b58e6615e436d400ab4afe83053
- SHA512
  
  85f57acd4430a37861591ae155716104777ad70fa0dcd92e23314d5cf3865d9e3945f92c8f6172c26d25e7478f61571997e6c03adcada36761b07246dcce85e2
- SSDEEP
  
  6144:JdyPCvF7RQM3IVogPlcXQ7TxzQpJlY+PWpjl7AXD1B7uNFObGExZn92ikTjzuS:JAPCuogaPWpjCXD1BSibGExZn92p
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  actkey.exe
- Size
  
  248KB
- MD5
  
  2da86535b551b36498ddd68194db6476
- SHA1
  
  09cad0f2d36161241c5911dafac72a6110de698b
- SHA256
  
  a7bb866815122c3ac30a93eb134f9c3b3ee1d7c4f97b5400ab20161c3fe00de6
- SHA512
  
  817bc20b950d3b0a24d5e22bbcbf3d3d8bd22f1c558ac75498b84ca13b14e43f0bcf4347443391be46722a0b16fb8a2c41a3ce270e35519baa8972bb393d6ba8
- SSDEEP
  
  6144:moC6yigMKAhJPOIJR8zCnG2ofj8efAVcXiWGC8QtdImYiOb4fJKqayr0RD:MfgrhJDR8zCnG2ofYe4VcXiWGC8Qt+2A
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  ariskkey.dll
- Size
  
  47KB
- MD5
  
  5e12a61f6a69fc9df1dc1db425640b20
- SHA1
  
  fe0c6eb8f0478284e4656c12d1fbe604592f2b3f
- SHA256
  
  105976aab5858c30521f04a5d1f6a2ebcc7899407038d9c3ce54c39c5838bece
- SHA512
  
  5b28027fdc6b929c21623d9e19f0e037570529fd9472cc87196b6afabbc98515a148df01c9a5420b90f25524c49568ce3567b2174d72916e4ff55644d3829046
- SSDEEP
  
  768:AzjxsIZAUXXu3kyHXymgyawIYpXEVQmVJT3nT89ZPaL3aKbXll3TnErYlEQ:AzjPRXu3zXFtawtpXM3T89xKbXf3Tfl
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  ariskkey.exe
- Size
  
  48KB
- MD5
  
  0c6c761472d1e673405023a8354faa8d
- SHA1
  
  63559c9d2c60879ce273b328ded4eb9dc2fafdcf
- SHA256
  
  b40629f5fe149a9ae34d41d9bd917e76fe3541e2896fee93ed034a2a03551f17
- SHA512
  
  948ba22a0938bd0d3c14dae37976729970e7e11f2ea6d06fb72f9dd2441aa54c7548c6506f2a469ee3498b44df2cdfb8aaf2a42badb9040fa83da8a3b9b7372b
- SSDEEP
  
  768:rVzu2K5WeGdyuGpwXffWa3nB/aYy4GUesKv9+wsy:r82sbGdyu6gffWy0tNUesKUc
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  bckey.exe
- Size
  
  224KB
- MD5
  
  0834e2428015216aa40db3252a3dd65a
- SHA1
  
  becf7a531bde0d8186016c9720083cad73c230e0
- SHA256
  
  0802766a66285485a963dfb96a29a094c8db60d70762468058d9b49b4712a142
- SHA512
  
  1c0b7ca5b4edce554a58c27a3dc27b002deb2a6ef3a19e045d0b1f48516e80662274c3a49470cf1615359ca92411b74269ea82c70e0f249178cf35c7ff487fa0
- SSDEEP
  
  6144:JsWAWuqKcQ6/vdxkpnZP5o0gC0MmX3gWAhuRE2RDCf9iPyiqqqDLtm9+J:hVxkpZP51gC0MmX3gWAIRE2RDCf9iPyX
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  bckupkey.exe
- Size
  
  115KB
- MD5
  
  b833dca500213306ebfe95ff2eb796d4
- SHA1
  
  635b31cfe29b308de31d6f081b37db50b6ef93de
- SHA256
  
  0a87f4ca889a1eaff10c4ce944f8e04f4217cbbd28658e322fb194b5acc08af9
- SHA512
  
  42f6e21589565350bd958f34de85ac75315362620b844566e387ce0d4559839a908a0debc28542e4e41855f6488dae1fc685c30cebea511e60778b32c9380325
- SSDEEP
  
  3072:oqG/iHUnDYP4MrvHBYAfdpN64zx5Xa2AoZviuFaU9L16nxfCo2OynhHxmHikNknh:oqGnDYPN/BYAfdpN64zx5Xa2Ao1iQaUN
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  efsdll.dll
- Size
  
  250KB
- MD5
  
  3cf3f67e9772744492b9d679e3c8dd0e
- SHA1
  
  0b6275eb34aaccf15b769c5315c84d06dc5951db
- SHA256
  
  8a9b1e250138c13db59b2d66e9db397442f0c34ba06762d01fc0e63034d99c77
- SHA512
  
  588d4876d40a5751bf7fba847e448d6102f2c232e1f5ed46e2708a6e1e75443b2c5b1d51452272f15a5899f50b946483f0c46b80acdb2388b3249bf70498a581
- SSDEEP
  
  6144:RDZ9CBn0f1Lb2/pd9nG0f5lkcUO3OhnOZ3cx5l:BCN6hb2B/nGikcUqGj
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral23 behavioral24
- Target
  
  efskey.exe
- Size
  
  194KB
- MD5
  
  657ffadc7db6c8154618730f653fc17d
- SHA1
  
  fd6cb8a36506e530612cc6da1ff32c361cf35c71
- SHA256
  
  ade0b22c4e3dcfde7fc63256c5d97b1f6d03d36e1edce83263f58925d638eff0
- SHA512
  
  708889928ab40c4659ce8e71c89504317dccbf6320504f4cb382de2824295df7f7b6b8a853bc879016a45f4c1eaf2439010ffc1f4cb7ed9b0208ddb52a9a8058
- SSDEEP
  
  6144:3U9rVJ56cLxGnl8JTtE6xNPOTSEaCy/r9F:qVJnLxYOtrxsG
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral25 behavioral26
- Target
  
  fmkey.exe
- Size
  
  380KB
- MD5
  
  dd9ffdbc76d1e52a2b19fa0045d9e8d0
- SHA1
  
  55f3658546dfb4497f6816fe3651d17175f4932b
- SHA256
  
  4aca9cc452e3251db66610df9eaf9b19d680d240210238f0fda86552b241098c
- SHA512
  
  f1b52dd694266bcb9919a8d406e7d26809a17131cfc7e99df16693e310e583d57efc134225f90cdb92371d2f2ffe87e3b80d8e354829e55fdd0cbcd1a7d2e3c7
- SSDEEP
  
  6144:3UfklXypxzG3PsDgcsO12BbjmFKV3uXv32B2FAf0pFGmccFSdRrrJoH1h+EP/PmY:sklXypxzqWtsO12xyFK3uXv32UFAfAGc
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  iekey.exe
- Size
  
  804KB
- MD5
  
  54091cf4bb8407bae8481cb533c86145
- SHA1
  
  1db155789426130111bdd886aecb67d49222e937
- SHA256
  
  0612cc2e6e5fd88496fff20bd98bc291ef28ac92db7d22149eb01b6648d42e2b
- SHA512
  
  ae06c6f0a80f8c4ba5e4791f10898b3c86fa22784d2095bf0df67d31887327643f0c0492107237ed364881a02a2a60ddeb022d4b75a978d738aaab67235b991d
- SSDEEP
  
  24576:ItC45XbRX3kTQU4LUyCryaeR3JuY/uGkIA:ItCIXbWTaUJsR3JuHGkP
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  lnkey.exe
- Size
  
  84KB
- MD5
  
  835e9c6306064c10fe42ae11906156d1
- SHA1
  
  269824a2d69389572da5cf78fecd45fb14c0d8d8
- SHA256
  
  5a34541494fd837439e03a1e97382a92bdd99f3b1f7ad4cf44f4602b9c0255f1
- SHA512
  
  450202d58b2b9b0faa8abb83b361b2f7389925826ff294c33f527158ad8f232b6e5b31865d39c307898b4b6a1c4c259f1ab91337e31b8e6dd53e8ba585173023
- SSDEEP
  
  1536:WiMIl3Dgyn/8JeX+RFJK0ps1pCwd/RUOIwszM99U8slPn4:Pzgyn/8JeORFOzFl5IwszM9aPn4
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32