f07a901c1cbd3bec80c478a78035e867a6ec34df098fa0223894cb785e6422ef | Triage

Sharing

General

Target

8c6ac98f51683033bb733e1c8b33e1f1_JaffaCakes118
Size

2.7MB
Sample

240811-3g9b6sthnq
MD5

8c6ac98f51683033bb733e1c8b33e1f1
SHA1

4e780453fae412d9d08b20306fe823db23f1912c
SHA256

f07a901c1cbd3bec80c478a78035e867a6ec34df098fa0223894cb785e6422ef
SHA512

20e2d05043cdebd4ca40dfc5d184aaa12224c789df9ac73b30f4cc00eea5efb730556472eddaf683971de018f2960057a69e2b360842ebb5d35f112f08f17653
SSDEEP

49152:7DTEMKZCij/olVkkAwrpokbtHx0brrEbTx4l602fHk7ArJUwJ8KdP:HTEMz3e8o4Hewbd507M52g

Score

7^/10

discovery execution upx

Malware Config

Targets

- Target
  
  8c6ac98f51683033bb733e1c8b33e1f1_JaffaCakes118
- Size
  
  2.7MB
- MD5
  
  8c6ac98f51683033bb733e1c8b33e1f1
- SHA1
  
  4e780453fae412d9d08b20306fe823db23f1912c
- SHA256
  
  f07a901c1cbd3bec80c478a78035e867a6ec34df098fa0223894cb785e6422ef
- SHA512
  
  20e2d05043cdebd4ca40dfc5d184aaa12224c789df9ac73b30f4cc00eea5efb730556472eddaf683971de018f2960057a69e2b360842ebb5d35f112f08f17653
- SSDEEP
  
  49152:7DTEMKZCij/olVkkAwrpokbtHx0brrEbTx4l602fHk7ArJUwJ8KdP:HTEMz3e8o4Hewbd507M52g
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  31KB
- MD5
  
  83cd62eab980e3d64c131799608c8371
- SHA1
  
  5b57a6842a154997e31fab573c5754b358f5dd1c
- SHA256
  
  a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294
- SHA512
  
  91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9
- SSDEEP
  
  384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/KillProc.dll
- Size
  
  24KB
- MD5
  
  f2223ee8d3b5a26d9386dd90fd6326cd
- SHA1
  
  edf24705bba2a459637722af3b7a8b7bac23d2ed
- SHA256
  
  488aa34c7d2da0ab4a6b50463d5bb7fb402493602d3164bd1d56a2e93d97237e
- SHA512
  
  59bdc5368c9dbcee3f7807a653618becac2c36ac4b4c5b3e8906f32e55ddb0620af30e1c771bd9e3145b7caf996c1cc439066e1ce17cbe6f3ed9248c2e6e4428
- SSDEEP
  
  768:p13K3oHsFZLEQOkfb5CtRvBFj3d6dLMk:p43oGgQzotRZFRsH
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  9384f4007c492d4fa040924f31c00166
- SHA1
  
  aba37faef30d7c445584c688a0b5638f5db31c7b
- SHA256
  
  60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5
- SHA512
  
  68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf
- SSDEEP
  
  48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/NSISdl.dll
- Size
  
  14KB
- MD5
  
  a5f8399a743ab7f9c88c645c35b1ebb5
- SHA1
  
  168f3c158913b0367bf79fa413357fbe97018191
- SHA256
  
  dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
- SHA512
  
  824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
- SSDEEP
  
  192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  17KB
- MD5
  
  09caf01bc8d88eeb733abc161acff659
- SHA1
  
  b8c2126d641f88628c632dd2259686da3776a6da
- SHA256
  
  3555afe95e8bb269240a21520361677b280562b802978fccfb27490c79b9a478
- SHA512
  
  ef1e8fc4fc8f5609483b2c459d00a47036699dfb70b6be6f10a30c5d2fc66bae174345bffa9a44abd9ca029e609ff834d701ff6a769cca09fe5562365d5010fa
- SSDEEP
  
  384:w9JzaeWrF8d22hXAGFkr2WqErkuCYMAWS5Ns8AXXki:wLaBrrTXr3qruCYuS5qk
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/ZipDLL.dll
- Size
  
  163KB
- MD5
  
  2dc35ddcabcb2b24919b9afae4ec3091
- SHA1
  
  9eeed33c3abc656353a7ebd1c66af38cccadd939
- SHA256
  
  6bbeb39747f1526752980d4dbec2fe2c7347f3cc983a79c92561b92fe472e7a1
- SHA512
  
  0ccac336924f684da1f73db2dd230a0c932c5b4115ae1fa0e708b9db5e39d2a07dc54dac8d95881a42069cbb2c2886e880cdad715deda83c0de38757a0f6a901
- SSDEEP
  
  3072:8CkSJJ30k1pn2T4ISnUGN+E8KnCOxA17jxLmRtWHyPDQFllOdJiSg:tkSJy+c30UxbKnA1hLKWSVdk
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/xml.dll
- Size
  
  118KB
- MD5
  
  42df1fbaa87567adf2b4050805a1a545
- SHA1
  
  b892a6efbb39b7144248e0c0d79e53da474a9373
- SHA256
  
  e900fcb9d598643eb0ee3e4005da925e73e70dbaa010edc4473e99ea0638b845
- SHA512
  
  4537d408e2f54d07b018907c787da6c7340f909a1789416de33d090055eda8918f338d8571bc3b438dd89e5e03e0ded70c86702666f12adb98523a91cbb1de1d
- SSDEEP
  
  1536:U2A8OSGjylgkara+70LICin9zgtg2LxowhtJu6MqSNicNEtIfF42q2KC:OzjLkarn7O+n9z2L6whFtGF42bK
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  content/aboutTabs.htm
- Size
  
  143B
- MD5
  
  30b063c23ccd0e573f7956a49e6ad2da
- SHA1
  
  b43ddff041bd7e3fdec541b0b3004ecd661db8d0
- SHA256
  
  dde0330a494598aee2dec1ed467b0ce99400b860a9eec03e59a963090736cf9a
- SHA512
  
  5af5794bc10afd6692ef9eccfb860248fbf656361fd6cbbe399e497bf0f8c9e9e603eb0dc3781344a53ae84578e1618e60a9a1096cc3a0b149e2e4c82c8c43c4
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  content/ctoolbar.js
- Size
  
  1.7MB
- MD5
  
  67bbde81868f87aadcff51e1ab8c43f5
- SHA1
  
  1ec5b1365e0d98090cdd61e817194433dbdcc07e
- SHA256
  
  25673018ca79225368f4efa64c74beef6809f2feccd889a491aa064724c5b5df
- SHA512
  
  bcd232168ddc7245a8b582a4662d357318d487ff50040ff923dd8ba98a4aaeaa44c8583d4f25c49acb7f6b15b232af115d93a17519d058c4074d06860f98e5bc
- SSDEEP
  
  24576:mpkMKjiVPRAglJtKkjs3PvsUPEYiwULTr:mpkBjitRAglKkjs3P0UPEYiwUL3
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  $R7/components/ConduitAutoCompleteSearch.js
- Size
  
  20KB
- MD5
  
  9c6c85bd90c1878709c60ada200fca2f
- SHA1
  
  379dac037b14fa21a56b08f4dba13c8c45a4b4cd
- SHA256
  
  e28ab509efd87e81c3785858392e7e1f892fcd92b3a5e8e16734beb6fc5a3599
- SHA512
  
  cac9fe78137104187ba7cb2ad20ec40a8a28538b24619586f5fb72e01702e0595e5b1b0a59db69e7ab3ef9cce9cdce915ae0d4066a450aab8e9a64aff4205d92
- SSDEEP
  
  192:7j1DVelhxsk/M++iFdoK6dV/23RD8OQBM8G3j/pZ5HAwxIbUd0xC/iaG:7j1DVelhxskEFiLoK4AD5TFr5HAcVdm
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  $R7/components/ConduitToolbar.js
- Size
  
  3KB
- MD5
  
  b0a34c5ed8fe438ec63a25ee49f00804
- SHA1
  
  8f3423256f034fa2d2124b4da872ea3c31918865
- SHA256
  
  e2eab66727f84f0683c19f7255d84c9c17bc68db265e4612d7c965fb91d0aab9
- SHA512
  
  dfb1fcc275536fa04de7d7a7184fe818b3b40dcfc0fdc935d27465b660e9d311e3a3a197e300d1c271b50f78a29ab66880ad0254855cc20873a403d12566cd8e
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  $R7/components/FFExternalAlert.dll
- Size
  
  51KB
- MD5
  
  ebebdbf1df7621623bbc5af82b533542
- SHA1
  
  79807e07b5622c0bfeea6d7056dd418ba6667bb2
- SHA256
  
  16e9938d330e3c2136f067376be3da206f928919cbf3207bbf34781f98902a9b
- SHA512
  
  9678550490ca412d4d1f3f1e98085d97fbf663b6018d90289e124e062a0f2e300f7e36e5fa1385257f04b6cef8f703e5059703fdc4fa23f54b30d468ed081488
- SSDEEP
  
  768:/67JzH2IjMH+asRPfyVCaO2P33k3Ql0faYM/LPg5YRUx9J:/6h2IjqYF2PqfglRUx9
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $R7/components/RadioWMPCore.dll
- Size
  
  99KB
- MD5
  
  696f6787818300362f15485d654f6887
- SHA1
  
  1ed56308df4da59efaa1ffddab00f6fa08783d0d
- SHA256
  
  e4002c31fba34f976b135d07b2b03f6ca352863907ce521b1c1d7b6215947eb3
- SHA512
  
  eb6d7f3feef54ddfb3f0fbfa876480f8c75902774cc529fffa8e33fd6c689134fb824033a55e7ab0c4e428cebe9f3220038addd99df74fe562f7692da8502531
- SSDEEP
  
  1536:ji63tfvHRjEw1L0d0tGBOpWNJjxyHLHnS5GIHi:Td3HxD1LGopsjxyHrS5GI
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $R7/defaults/fbAlert.js
- Size
  
  4KB
- MD5
  
  02beb29f12ef02d4fb4ceb94a02f2071
- SHA1
  
  87c2c54bb1623217a44c52b3d11fcd1dc58a1cf3
- SHA256
  
  2275e3dca1093cee646e1522c61ee4bb1f2d632fd8e0402a9cb7a30d5a0380a6
- SHA512
  
  676fb9c855259f7f9445b5ce697f0d439043f5563d3de7a2d4a85f2aae321e01768276ae6488ed94ee8c98ff186575dd759baa384ff2655032032d2feb84ca9d
- SSDEEP
  
  96:xDRtBOS7XEF7492uMbY3jyQei0diVD90MlYQTXSb79XHLHIuBlGOFFMlgBoJQE/d:xDTBOS7Xu7492lY3jyQei0du90MtXSba
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32