de8c8b9da365ddab4c02abcadaf9ccbf3f4b84c5ff5ea8daec4ee6165a66a68f

Sharing

Copy URL

Twitter E-mail

General

Target

725aaf787e45af3724762bafed23bd6d_JaffaCakes118
Size

5.1MB
Sample

240726-djjrvssemq
MD5

725aaf787e45af3724762bafed23bd6d
SHA1

0ba4558a6bc61a9ae4f29ad4cc17e6216e05f244
SHA256

de8c8b9da365ddab4c02abcadaf9ccbf3f4b84c5ff5ea8daec4ee6165a66a68f
SHA512

3ab62e87a02863d45dd83c574fa14070c688a71f6c1b74cf7268f84a68833354d7e90dc42af0b9e2cbced38d9442236d5eb47ba8b33214a1606d52089fb0c580
SSDEEP

98304:M/bNJcxgxcZIfFsMn/d+mpdlGndCQEJ/hJ6ZYWo5egHVCcOI8emUhZHBEGY:M/bLQ8B1NLkEJhbvUcOwmUh9BE/

Score

7^/10

Malware Config

Targets

- Target
  
  725aaf787e45af3724762bafed23bd6d_JaffaCakes118
- Size
  
  5.1MB
- MD5
  
  725aaf787e45af3724762bafed23bd6d
- SHA1
  
  0ba4558a6bc61a9ae4f29ad4cc17e6216e05f244
- SHA256
  
  de8c8b9da365ddab4c02abcadaf9ccbf3f4b84c5ff5ea8daec4ee6165a66a68f
- SHA512
  
  3ab62e87a02863d45dd83c574fa14070c688a71f6c1b74cf7268f84a68833354d7e90dc42af0b9e2cbced38d9442236d5eb47ba8b33214a1606d52089fb0c580
- SSDEEP
  
  98304:M/bNJcxgxcZIfFsMn/d+mpdlGndCQEJ/hJ6ZYWo5egHVCcOI8emUhZHBEGY:M/bLQ8B1NLkEJhbvUcOwmUh9BE/
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/GameuxInstallHelper.dll
- Size
  
  94KB
- MD5
  
  4d3ac88054df63fc810427bdaa96c458
- SHA1
  
  e4d554e03ba91f6b53a2a80253b339f56e303c94
- SHA256
  
  b07ffcd0af80f6b9fba09abe816ba2f0ff0d336639f1768fc317291bc635ece6
- SHA512
  
  d4732ad89bbb19b316dff1b9c534acf98bb985c89d1295f08e24b21531123426500b3712979dda2f0e941a5969c0cbca15bbd52f6c167653f96a494a6677ca54
- SSDEEP
  
  1536:B+cZE7LuH82vbVSEru0QrtLMNYxKoqbEnz8Gj1Nh5vIexy8Cy/3:YcE7LV2ULMZowGjJ5vIexy8Cy/3
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstGameInfoHelper.exe
- Size
  
  99KB
- MD5
  
  3d3d2bf9c42dbdf97247775c00f22190
- SHA1
  
  7a046170aaeb5e1a29d8c8cd7c32225f49237aa1
- SHA256
  
  59f09ba2c79a209008e76d0478bb691a9fdb2180d84318d9fc73b10401aa853a
- SHA512
  
  6e66c4ff467e286cd5dc1d4ccd412fec32cfd01514db6c339fd275eaab5f3b549e223e9330bc61ff19048df70b81b66dfcc78ac351aa2c5ff45cf8d197140466
- SSDEEP
  
  1536:3HzOAUoqkqff6SgsbBa8zl2P2Mv1LkZ0v/lAZMnLHI595a6QNt8kcTT:3CAUoqkPSjlsboGnLHo95a65FTT
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/IwinToolbar.exe
- Size
  
  524KB
- MD5
  
  1a516cbd48db6ed2bb62ace288b1ab8e
- SHA1
  
  e74bf3599e67e190cd695c6749bfdab54963881f
- SHA256
  
  a8133ca3982019a1c03a70743a3880a64a6b3f451b7de9559bb5f1f69572db02
- SHA512
  
  749e2bddaddbafe389b4895f1dc5a3784ad22296f35b89e75bacaf2e5a080889a2c515d8f67cb7f0722fb1b9d08f6f7993060618ead558aa6c493720dc638b9b
- SSDEEP
  
  6144:yT96sAXczIGIUpy1BsLEQDpvs5qbk7kCeHhxZWZoZZnnqPEH:mzlYBsL39ykCeHFRZZnn3H
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/iwintoolbarinst.exe
- Size
  
  1.7MB
- MD5
  
  2f8fd5cd8456f3929de62b0b74a3c106
- SHA1
  
  15122b6027e062282b63c777cc1a19946dc870bd
- SHA256
  
  6ae46ef84b5c10dba02ee1b9ab6972cef190e1345fd9033d6ca95fc8eee1dd47
- SHA512
  
  58ab84b15196cddd6f8fa7678aac3d3bd94760ac6a963bd41111efbd1f849b80245aa7c23b261804d786c712b227a01d188f08b7c70320e7abae3b148649ef1b
- SSDEEP
  
  49152:nkVCcKKu4trz8kkEDZEU8WxHbJ5BT4CuDt:kVCcOI8emUhZHBEn
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  e54eb27fb5048964e8d1ec7a1f72334b
- SHA1
  
  2b76d7aedafd724de96532b00fbc6c7c370e4609
- SHA256
  
  ff00f5f7b8d6ca6a79aebd08f9625a5579affcd09f3a25fdf728a7942527a824
- SHA512
  
  c9ddd19484a6218f926295a88f8776aff6c0a98565714290485f9b3b53e7b673724946defed0207064d6ab0b1baa7cb3477952f61dbe22947238d3f5802fa4f4
- SSDEEP
  
  96:57GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgN532E:VKgfwgcr8zylsB49Ud0qJVgNQ
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  AdminWorker.exe
- Size
  
  205KB
- MD5
  
  9efecde196eec608b1abe6e14e18a717
- SHA1
  
  b6f7c05d49a0800af042a9d106fa0cc59b3158c4
- SHA256
  
  234954182ad57f807439aa295999ac04290b73cb513a057bd4fcc575126c071b
- SHA512
  
  4578903020fb195ac773b42eff0aa467672a1eb0ac8feeeebabe8cf129dcb27c9b34734d00fc84e10f1a23c6a5d91768c48480965f0db542d0cb5df032db5921
- SSDEEP
  
  6144:D4IETtYGgG1gwsh7HCCPdxOQOeL7H5jsw1xGgx6885j:D4IETtYGgG1gwIHDPs47hDrm
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Uninstall.exe
- Size
  
  124KB
- MD5
  
  0f98374016e2f3a77034ecf068624e89
- SHA1
  
  6c363894525531dfd2135d648cbd18341c0e0c53
- SHA256
  
  3958f341474249b0fc1772c46bf4b2a8f6531bea26caceb44ec5c6c7aa1619cb
- SHA512
  
  2d6e5e928a23767203c86a01e9cc9bad99e430d57175a71b7743deccd2b665dfa5e88e7614825709b446b107edef74fdb2cc5fcb9377723799b3c0e125459756
- SSDEEP
  
  3072:yLk395hYXJTS4Z+H22Zip6dmDHgG2ojdotyeILc:yQqI4ITsp6dAT2ojdoIeILc
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/GameuxInstallHelper.dll
- Size
  
  94KB
- MD5
  
  4d3ac88054df63fc810427bdaa96c458
- SHA1
  
  e4d554e03ba91f6b53a2a80253b339f56e303c94
- SHA256
  
  b07ffcd0af80f6b9fba09abe816ba2f0ff0d336639f1768fc317291bc635ece6
- SHA512
  
  d4732ad89bbb19b316dff1b9c534acf98bb985c89d1295f08e24b21531123426500b3712979dda2f0e941a5969c0cbca15bbd52f6c167653f96a494a6677ca54
- SSDEEP
  
  1536:B+cZE7LuH82vbVSEru0QrtLMNYxKoqbEnz8Gj1Nh5vIexy8Cy/3:YcE7LV2ULMZowGjJ5vIexy8Cy/3
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  00a0194c20ee912257df53bfe258ee4a
- SHA1
  
  d7b4e319bc5119024690dc8230b9cc919b1b86b2
- SHA256
  
  dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
- SHA512
  
  3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  WebInstaller.exe
- Size
  
  119KB
- MD5
  
  fa8d5d7db8a672477f58c3288e80f2b4
- SHA1
  
  c9c5646a56f2821524f1bd2ec96e8791e02f351b
- SHA256
  
  7d66b5bdcf642395fe8f90360568c5b217e14ddb900cc1162a49fc57db4bb459
- SHA512
  
  3b93a81c3af546e682a6523ae626e0ef0572b866cd1390797e91d4450103b8e0ba3a9ad80ea37c291abaea815c1455bc3bbbb0fd4af75a6d258137b3b7dc96f0
- SSDEEP
  
  3072:9AcmfYSVXXSFKnYkWKvkowrCnK+mnhAB4i:CcmfYIX9YbKsoFnS+l
Score

6^/10

adware discovery stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral23 behavioral24
- Target
  
  WebUpdater.exe
- Size
  
  180KB
- MD5
  
  8bc2dd64d834629522ac98e060b2b69b
- SHA1
  
  914bcd2f38ee654a1faa9362221449aa51d5d36a
- SHA256
  
  bbaf76834f9266fdd75d79ca4851df68d35b74ad481cac9d8a7358b882e7db78
- SHA512
  
  8c3e1511795a0666cb94d14c813d6450fc9a518789b276461cf46bd07d0056473eb740dad2ffe48dc54f498b84daa6b85128bb73b4e75e955dad02f938715b72
- SSDEEP
  
  3072:HUjqLbLz/uWcxjLInqvqQeUvfnR22jc+9vhqKlx5im0:Hyu372lLIniZP4kqKjEh
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  content/iwa-ovr.js
- Size
  
  5KB
- MD5
  
  8aeb23a43bad2fc8de5f7e4aececac2a
- SHA1
  
  db9404e8bce25a3e19ebbae6410e8f635f3dbe85
- SHA256
  
  0cdec0385c4f087fc4520ea5b8bdf45275166592100866dd1dba8851fd83ff38
- SHA512
  
  e6133e88c6ee6b3075e3bbfc197bc142222e6b14d102f8057e3edb00048216ee63bc083ce15ac770452e807105790ed69c479e245c95278e0ecdd65b25258eaf
- SSDEEP
  
  96:FEyzI+6/5S0WQJqLg4MEv/wzeNywJnLdHbON4rUvVwX3kiOoauxmQQXdH5p:FYg0pqM3KwMHb4skL
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  content/iwinarcade.js
- Size
  
  100B
- MD5
  
  28494ad572103e06973dedc5fe9a0666
- SHA1
  
  4ba036fc7689f6892476d6bf8d18cbbfef3871ff
- SHA256
  
  bdfcc77706582ebf878ccc6158f52ad2e17111baeb0ac4a42c8fa8e7ebfa6c9d
- SHA512
  
  1db6dcd0fa8222fe6767433408bfbed4b196b4a0bc52ac42e1bd1756013654b3c5c68a3c69f2c42b0d472a368fd98ed693a846cc076629b35433b8e5bb1d47d6
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  firefox/iWinArcadeLauncher.exe
- Size
  
  45KB
- MD5
  
  28bd5ae31c863f05f5398b7668208435
- SHA1
  
  28fc30b5eae707b86d2c3efc307dceb790a5fdcd
- SHA256
  
  724c52bb6b902942e7d90264e5ed9ff258ba18bff5feccb47b7c5d31e8a3c975
- SHA512
  
  067673947e650e3d46ed93ce5f79931ecee05f03b39ec0f2eb26d500a3e816a23ef6b3bd50fe3febb4961508bd9af10c269b75c27e7493bf726bf166f62c5908
- SSDEEP
  
  768:+f3VmVhsRI26KR+gO3iWn+Cyb9+6otVhyL3UF:Q3AkKBznexot3y4F
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Deletes itself

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Installs/modifies Browser Helper Object

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32