1c10cedba382981455f0fc1b5ad2f98798478837ee622fa11097a80be7b967f4 | Triage

Sharing

General

Target

851cca464f55f99491afed8f4aa1f0b2_JaffaCakes118
Size

26.1MB
Sample

240810-g9g8hayhjk
MD5

851cca464f55f99491afed8f4aa1f0b2
SHA1

6b3fd3ef58f94598dc86f28062f9c4b6a329c321
SHA256

1c10cedba382981455f0fc1b5ad2f98798478837ee622fa11097a80be7b967f4
SHA512

ecb5806946166874ed6607f3aeb08314afe3b758f03aaa3ae2e5e15a7a0db29667c385b5c6df7a186bb77b339d925e95a93c36d8acaf68562ae6db3c9575afe8
SSDEEP

786432:Mg5cuUv1obeyXWCN/cDka7fOYEKatWjAG:MBGPXWCdcDkQtatWr

Score

5^/10

discovery execution

Malware Config

Targets

- Target
  
  install/CheatEngine67.exe
- Size
  
  11.6MB
- MD5
  
  60bc92a679c5864ff88c777855242eff
- SHA1
  
  f9af39a0983b5878451d9d365da2ec8d51572e54
- SHA256
  
  a4676e3fb1d1514d631e1ccb0a82d374068a43c43bf5d4ebf48c5be1f46c7b0e
- SHA512
  
  49d54912ab2b11ed2ad5fbbf007b9d6e0aba02937ed21489bd1ad7c57f278764878e4f2ff60317896e627e1cfa470c4acefd86061f9e6072137246aa5c0f78ec
- SSDEEP
  
  196608:MkU/fsNbpUGJJ177vcsCQypVRUBSCwBpvvDMs4VMY0I+RSIxBauMTTAraX:MXfsgGV3TCdpV6BPCpDMfXEEuNaX
Score

4^/10

discovery
behavioral1 behavioral2
- Target
  
  noinstall/Cheat Engine.exe
- Size
  
  330KB
- MD5
  
  137a55c26e9ae8a92bf8cbee0b70ef61
- SHA1
  
  32fab66aa6acb3cd130f92991d64d65ba1045fa6
- SHA256
  
  6b4b25165fb825ca82a774413263bfe5c4840dcde9eb9efc1470c6d8a9554857
- SHA512
  
  83187a7a4099006bda6f14b5a5525cd1e7b6e791c159958721c23007ed51e6a39c66a6cfcca2769df5c08c4a99da1c8d81b6c527e1bbe13d2e9148937a4b1a2e
- SSDEEP
  
  6144:fjpISCLahZZvkSadUSjngHRjPYvv2tUrdgugEkkoSE5m2uw:VIBLMT7EgHRYGtUrdgugEnoSE5t
Score

5^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  noinstall/CheatEngine.chm
- Size
  
  299KB
- MD5
  
  bb80fec3b6e843b61859914480706cd9
- SHA1
  
  0ced874bee5bda6059b5195911aa117693d9d2de
- SHA256
  
  2d52f9d59211f8906ace16525721b1400343bdf720f062cf111d84089f129009
- SHA512
  
  78d8a024dabd111b59beea4dc21150c7fbb3a6924201d2f3ff9e720e4bbc967bbff285ba2064bc35c260ffde433c639fdc0252c47ae29b43398117eda21cf648
- SSDEEP
  
  6144:/UuFqUYSsTDiKebI7F03RPf2rB84daXcXrcURJo8tGgqQdB5+cbsQe/zQXE9LA2:tFhYSsnl0I7FG8S4daC/RGg1bnerQILf
Score

1^/10
behavioral5 behavioral6
- Target
  
  noinstall/DotNetDataCollector32.exe
- Size
  
  121KB
- MD5
  
  667c6978388f40406438a0aca762b3bf
- SHA1
  
  6ec47c1dc082ee96a9eb30000934040fb8d7b991
- SHA256
  
  e40ef87edad9321657b7770c926534481031726cc37c20c898a4c1f15f94058e
- SHA512
  
  57655d9d3dc482eb231817853c315efee6daa2d0866df79fc2ca66ee229f342920539e77492ca7ebcc046f2ad2538e2d68ae1f17ede941054030f75ded9ad4e1
- SSDEEP
  
  3072:qdWP49epAIAbhW7bwrLmg9OwVzfFszDYz62f:CWPHpAIAVZ9BfFG+zf
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  noinstall/DotNetDataCollector64.exe
- Size
  
  140KB
- MD5
  
  8d59b498eb8311edd5c29f3930f4789b
- SHA1
  
  afd7a0e7e81375d7f299f4c6a56aa55b54db642e
- SHA256
  
  d26ea9b41f172c146633d2e4fac8c50a4b0c6bb343a37cf5fb3c17598bb49971
- SHA512
  
  c64214d99d8da1a906a94f851f452ba7b6606ab26f6f116157d27d4f1cc97e5844ceb0d1a2f3378f39642ac3751150725d46fb068cba23baae6c0ffafa8a47f4
- SSDEEP
  
  3072:yaiK+WTbu+lRKrDqfZtSMwcEUX+U5Xgu3S7xDkzozO27:xiKlTS+lUefbnPX1XF3CD+iP7
Score

1^/10
behavioral10 behavioral9
- Target
  
  noinstall/Kernelmoduleunloader.exe
- Size
  
  192KB
- MD5
  
  59fbd00811ceac5522ee0d25116f2741
- SHA1
  
  38cf158a099a3bff8e9f22f7d4781c5605c751c9
- SHA256
  
  324c8bf32f7bb5166a497041753ba0339cf00ef406a044fd13e28024ff3e2ce0
- SHA512
  
  48797d1e8670d5fcab7c10a2e20eed99b3fef8f2576da9f26c79d80cdd66bdd617ccdc4f6b973eb5bc97f791e6212c8b205b737523aa79f9a5dbbdd0eb45414f
- SSDEEP
  
  3072:VRZSfhd6qzuP1WOqIrF0MSZBAy4M3wKhOGkEtzIzk2u:VRZSfXdcrF0MS/ApM38ENCtu
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  noinstall/Tutorial-i386.exe
- Size
  
  2.0MB
- MD5
  
  5fa2543d58d8a3ec04bd8ba76cf09d6d
- SHA1
  
  569e04393e7acfb080215276945f5613aeacc150
- SHA256
  
  2cbe3ceddd08f5ba349e21c03643e48d9309e1059b1e4576535cd8d145a8f321
- SHA512
  
  0c23ac81bba1732f89b4739919b666ba3acce3175eac2438ff0d6074fd107ba6fd1d8b92415a51f34102d2d8d013610876684ef2b35f4eefaff285ed1029f691
- SSDEEP
  
  49152:Lwbk5pWCAqiGXxsH+Rfp076Ymq4UCGBeo1/LJN34zXi2uvkl8Bji078A+l/ziomd:LwbEp9s8+6pq4UCGkmeFu5Xko1
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  noinstall/Tutorial-x86_64.exe
- Size
  
  2.8MB
- MD5
  
  65a206407b424173a612df7fd8e002ea
- SHA1
  
  a834883fcef6491e6ed12d18e8d01ab988708278
- SHA256
  
  3dbffefc2c399d980a212801d0f99107839ba208bcf89ae0ccf5b31a58eed95f
- SHA512
  
  63632dec8fe215b126d2d1d332b22db5591eee50bd5454ccf051604b90c52bac83280ce8e48552e6b5ec8418d8907ea7f1da5a72ab0fc271521e021ed8ada2bb
- SSDEEP
  
  49152:2OGtVo0k51WipMBq0MPkoi8E7i6WuDgRPJ6eR:2OGt651fqJfWx
Score

1^/10
behavioral15 behavioral16
- Target
  
  noinstall/allochook-i386.dll
- Size
  
  317KB
- MD5
  
  6e808a8b417331ea7645b6a9ffa4b8fe
- SHA1
  
  a549e1557c3a9618c4b0b978a8b710cb8aa643b0
- SHA256
  
  b8df41c3153c2a3212523099c71bc81ac97304dc886d8b4670a4f9a7ae6c3568
- SHA512
  
  5d79d4302add9e63201da1a1c75b4e72853931ed926bc4fbce1397777a1c15574e92f9bc4c5daa9bd86bbf462864806fae1b280c7e4013f1275dbfeace7795f7
- SSDEEP
  
  3072:jLYEDJlXw5pAnHp2ukwTX6N8B4A84zMtEl1knxgaPZ3nbanlYZn2l1S2CvznzA2p:jLYEDJAAnHp2uk2KNO0tEQV+bYzRp
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  noinstall/allochook-x86_64.dll
- Size
  
  457KB
- MD5
  
  ba991541c10506a7bd4a9dc6a7382e2e
- SHA1
  
  0d1b97844d3d369a80fce39b438ce57984622aee
- SHA256
  
  060f98f88f6280234578b06894c35136887ddd4c635c84a98e0297f5ef381870
- SHA512
  
  09230d66ed23d2921007f1a2dc019317847ac4345d71e87caba74fbfc7a8f1e2175d3d63e8b74d5339410306d07f091ac3dafd8731331a960b432704795a4702
- SSDEEP
  
  6144:0ch6UtcJYg8yRAkB+vsoqOvfkv+y3ilZkaCpzi0:L6Utc6gdcfkv+KIQ
Score

1^/10
behavioral19 behavioral20
- Target
  
  noinstall/autorun/dlls/32/CEJVMTI.dll
- Size
  
  49KB
- MD5
  
  b02fa5c8eefbcd010aaac97a94ff62bb
- SHA1
  
  fd88f2fc529515252cbcab507f322b080853c38b
- SHA256
  
  7bd0d77fd790215bb67337f9f210b05aaab0193d105b8ff86ec422e9875eb033
- SHA512
  
  1d18cb2cffbf83ef949c2a34fa28c4e011c623c62ce743c7f320db1acfbd41bea2ea6d3f0d93a34874973fc43367d6562c630f8b7912b22be7ccc61851001a18
- SSDEEP
  
  768:+B4cf1fqCWPiiyDf+TTmhX2cnX3/OtC2MD0OK9BRbAlQ4z:El38CfKmhXv/Ott20OKvR
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  noinstall/autorun/dlls/64/CEJVMTI.dll
- Size
  
  60KB
- MD5
  
  cefc5c56720ca850ccb20faf47733bd2
- SHA1
  
  55f25cf4a7de12607b085e8cfdba0383f0207e9d
- SHA256
  
  f107dd69b4115864d289f364fafc0e045fd3e9fc4bde5586ce8c1bcf59cc65a7
- SHA512
  
  1b6fba56feac4f4345b2f6ced82a3dddacc3c0cb6f49c1d30105a8156b8de851e34b9e31478c658c60d907c9f26237d2efb7c2ab85adb49905fdcca6349a4dee
- SSDEEP
  
  768:wm0hfdOrlHVzBkzORZN2UE0TjwNwqGN4cOlA/eQ4z:wNuVBaOohMFOlA/
Score

1^/10
behavioral23 behavioral24
- Target
  
  noinstall/autorun/dlls/MonoDataCollector32.dll
- Size
  
  190KB
- MD5
  
  2a0625f1247a36f0c58fb6356c9b0f73
- SHA1
  
  e71b7f224b10fa37d6eb785a1d75748db2ded0f2
- SHA256
  
  66296ae2c3a2caca3aceb6d84bf485250ec32a17501c1f9c31104e9d31aec312
- SHA512
  
  46a08967d5ed1534e218e2bc97d1bb72588e5637d3aaf2cd1937e08c2e7314f04732f4de80064b29be6a32c14b1b050f3a08b41551ff13993e7403218db1b18b
- SSDEEP
  
  3072:WpWUzBE58QJE60UsWqB9P8hRr3mdceO+q6ZlZyvR5sVYhqzSzC29:WsUzK+Qi60UhC+mdc5uyJWgw4r9
Score

5^/10

discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral25 behavioral26
- Target
  
  noinstall/autorun/dlls/MonoDataCollector64.dll
- Size
  
  220KB
- MD5
  
  6b2ce7688e20c69295307f37518c3d82
- SHA1
  
  fbabade6e6596570f47d99a7318176b784cc9950
- SHA256
  
  eb4b0f32c93ba24d84a4e45cb56abab68bc05f857217cc9319feaf1925e831fe
- SHA512
  
  6ec14e6d4cdb7d7eac3b96d8d5f8e22921d0ba3e1527ab39f934220a478305642ace3f186245aa980e07205e539c31d922fdfa2ac2046f70cd42e491044538b6
- SSDEEP
  
  3072:LxEwnfcog9mELFOMsTFTPLTuMXJPDSvky54MpOBm+k7K7Ai29QnOd8zBzf25:LxIVd6ZLTt1OvkyKMpN55i2jgxe5
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral27 behavioral28
- Target
  
  noinstall/autorun/dlls/src/Java/CEJVMTI/CEJVMTI/JavaEventServer.cpp
- Size
  
  8KB
- MD5
  
  59529578cde1ae578abcaaa331aa4fba
- SHA1
  
  33ab98509ed784580a259d1b310827c50b842f50
- SHA256
  
  e3795c3b94c84491a368c78fcbc4076bfadca038afe74da2fa7fab7415945658
- SHA512
  
  acbd3884642e466d29fbe6d6a7337ccbaec55147ea735098f9e463c6875b52b255480745847c3efabcbac72f9b72dd45cf259880a8d4700afb68c3c07ac747be
- SSDEEP
  
  192:reWH42e/J83LkXasXVHMFyWH9MWUnsUeTxtbPYN9:C42RA4VL/RV
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  noinstall/autorun/dlls/src/Java/CEJVMTI/CEJVMTI/JavaServer.cpp
- Size
  
  41KB
- MD5
  
  afaba48ad9afa999503ccaac45df0710
- SHA1
  
  45fef1f5289cb3fd353f43efd13ece034803c9cd
- SHA256
  
  e02208ca6ebed1999d9761cc865ce98eaba28966dc32f40b5789733e52783bf9
- SHA512
  
  66b995a75c6f90177bce4dcc93783b1409d20b8ff1c318b79b8dd7c8fe6a1dee2f0ab906f30c5390d1c7b043d4e99717bf6fbc267318932d066721294c663552
- SSDEEP
  
  384:Qw5oITw/RTdMaf2lBpn/Z2jc/AKJlXCR5A6Qw/iNufJiTTvMm5ETln6H:V1TwU7BJRCZQw/iNuBiTTvMvl6H
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32