afe4c1ac48c58f0671f15c3741e7e822d4f84fb99d05e14117005cc80912bcf6 | Triage

Sharing

General

Target

8aaf4eba60924032f832fc6223780678_JaffaCakes118
Size

1.9MB
Sample

240811-rk8n9sxdjd
MD5

8aaf4eba60924032f832fc6223780678
SHA1

65e0491be8ec8f574287d4ea60d7bc3f0178f654
SHA256

afe4c1ac48c58f0671f15c3741e7e822d4f84fb99d05e14117005cc80912bcf6
SHA512

899bbdd146199277d757b7751171527270ae978163eca30958f41b563ca894cd2e695efd63389d6c6e2200805e77c682f0785eaac956a5f56fcae24faefe402f
SSDEEP

49152:5VtR7tQuV7hQbAyXUvZ5BjgPotU1tdotFDNZmJpASMNRGrHK:ftXrV7iXsZ5Bjgg2dothNZGWSMWrq

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  8aaf4eba60924032f832fc6223780678_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  8aaf4eba60924032f832fc6223780678
- SHA1
  
  65e0491be8ec8f574287d4ea60d7bc3f0178f654
- SHA256
  
  afe4c1ac48c58f0671f15c3741e7e822d4f84fb99d05e14117005cc80912bcf6
- SHA512
  
  899bbdd146199277d757b7751171527270ae978163eca30958f41b563ca894cd2e695efd63389d6c6e2200805e77c682f0785eaac956a5f56fcae24faefe402f
- SSDEEP
  
  49152:5VtR7tQuV7hQbAyXUvZ5BjgPotU1tdotFDNZmJpASMNRGrHK:ftXrV7iXsZ5Bjgg2dothNZGWSMWrq
Score

7^/10

discovery
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $0
- Size
  
  404KB
- MD5
  
  1f57eb5b92b2ac7f9d71a77d184d8c13
- SHA1
  
  c067f10ba008ec0d6097bb447b7121e7c17f87c1
- SHA256
  
  bf645eebea6f0591dcc5ab1afc17b62cd476d83e4b2fba44c060a9e3604e40ac
- SHA512
  
  36f80ab01e68455c20cfe2fdb8a78a2e0d78749e668ff2b6bc5e1f2eb53527484113531b4f9190788cf6d5cbfd852f2d1f2757f742968ccd8319bef3827728b1
- SSDEEP
  
  6144:8YPRpy9PGw2H09lQEGpX+3OoxHkC30+fXReo:8YPy9RQuCnpX+3OoxHkC30+peo
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  eef9e469e8a30717974499f277d97e2a
- SHA1
  
  2d33c25984ebd9116beeb55cdde4c5c86c023e5d
- SHA256
  
  1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078
- SHA512
  
  d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48
- SSDEEP
  
  192:8np6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+MTjK72dwF7dBEnbok:8p6UdHXcIiY535zBtMTj+BEnbo
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c6f5b9596db45ce43f14b64e0fbcf552
- SHA1
  
  665a2207a643726602dc3e845e39435868dddabc
- SHA256
  
  4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0
- SHA512
  
  8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a
- SSDEEP
  
  192:qADKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQbVUSF:qAViJrtFRdbmXK8+WVUw
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  66bb40a1defb0aef9865919689d4aa96
- SHA1
  
  90cc473004f4351f25d026d13b3f7cb19ee23908
- SHA256
  
  82772146a77ac3bf5e3564361ca0de0b612a44482de4cf418c3deaa3b2ae7f1a
- SHA512
  
  1f26650b7d0068b7e8ad1ac861e00bd184c8bf47363e4766b17a9aed5985f8a54efdde87b30cd9b649d6f5b8eb991ef9d06d4501eac264e1ff096506786133c2
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PROGRAMFILES/ngsrv/lang/howto.chm
- Size
  
  13KB
- MD5
  
  3450f5afc2270974bd870792f6c64de4
- SHA1
  
  c75f894451db9fec2886b6d41f761aec6f62e540
- SHA256
  
  3f15402af2bf905fca59876450cdb6091d4a6d8eff9490a0c9a3ae48871aaa11
- SHA512
  
  732875465c4427b232061803b37dce28fbc384c6c46c95aea758be6e838043917a3f367f3245e633974d614cda331f113b359617324d8d546dd346e0c65d1cab
- SSDEEP
  
  192:PQ2AcTiSku9GN+roq4yft3oEyJjNjgG6NDY5e1E:P1AQroqDtOjNj0NDfE
Score

1^/10
behavioral11 behavioral12
- Target
  
  $TEMP/4673551D-STFT12-4FE7-A218-48BDAE051E2B_std/NGSetup.dll
- Size
  
  168KB
- MD5
  
  481815d8cd7a0f149deb0e0c34a0192e
- SHA1
  
  f02977bf518461cdfe8d3c6b2bb71089750a5ced
- SHA256
  
  3a1e9411ead9fc77543de2a8688a0b0a35c680502a7406ab5bb95f3d1ad956ff
- SHA512
  
  d4bc27da3059a413535399b1bcdd00766a329f0da10cc4ad33883857a4057473f9fbb31db99f847d75551768bd03fbe79342a879e47b155fefcd0a900c18dade
- SSDEEP
  
  3072:jxNdNszPkK0sdgsudX0nqChB9FibMJOaqbqbyxghpIUPRjyMcyclsb+7/:jxNdyz8K0SgldX0bhBbibnOJjyMc3sb6
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $TEMP/4673551D-STFT12-4FE7-A218-48BDAE051E2B_std/UnloadModule.exe
- Size
  
  40KB
- MD5
  
  19f3563083f673bf46de1c11b0a4e80d
- SHA1
  
  73c98e29a0a1a5724f7636db7b483518a8c9be4d
- SHA256
  
  30b8ae584e837b32aac6a33f92b5f033e8e163be68605395912874ccf2c7b0af
- SHA512
  
  f695e8c804394cb728953292dbc993d5a70845106b7a991a138230b4d484a86f186924c84bdc25d90279016ade6b75dab4febd9b7404649e34e2221db1b11171
- SSDEEP
  
  384:6aY2oZgEAIPmQmGrubWLftv5UCX7ZQA4yw0BxZXAyJc:6aY28gN1QaMHVQA4J0PZLJc
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $TEMP/MoveOldVersion.dll
- Size
  
  116KB
- MD5
  
  31b08693ada2912f242988bec93203e3
- SHA1
  
  b41bcdaa2b9f553aae613efa80f547130d1dc237
- SHA256
  
  46891c74d66ae79405cb15aed74d8b2b90a4fc556aa20b840ee888f7668da6b3
- SHA512
  
  b8f9bb31c431347902e1d3ffa9ca961ee1032d2ed765d2fa9d61168c5e99629bf77a737d87cf80fc8f6d92ee70173e51c769301e335273ef37127048c4bd4ae6
- SSDEEP
  
  1536:mRiEGM5qzb6rb6jlS1PgThWrBTGv+Cj8SrZll1V:ciEGiqz2wl8VQWM7Zll1
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  InstDrvAction-32.exe
- Size
  
  20KB
- MD5
  
  99176495b6727a381e7b71fdc972388d
- SHA1
  
  0ccc5dcc4a5bc72faac28cd4f824813249688576
- SHA256
  
  046ee3ecfe6770e6b9c2a656ba096d7adb2503adcc1939f9ee765da044c6b0f2
- SHA512
  
  fa6af250331630a8ee5cb5ac25b7bd30ce1ed9aba3030036dadaf316deed559d8661a341b96ad09d8831d49adb5a9ba05c81f21255d3a59604d8b2ed23704f1a
- SSDEEP
  
  48:Sb6FJsJ3Rgu9Y3bgOgJoh4oyl1h6Q5uOlYagc:RJsMoY3KC4oynh6Q5uJ
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  UnloadModule.exe
- Size
  
  40KB
- MD5
  
  19f3563083f673bf46de1c11b0a4e80d
- SHA1
  
  73c98e29a0a1a5724f7636db7b483518a8c9be4d
- SHA256
  
  30b8ae584e837b32aac6a33f92b5f033e8e163be68605395912874ccf2c7b0af
- SHA512
  
  f695e8c804394cb728953292dbc993d5a70845106b7a991a138230b4d484a86f186924c84bdc25d90279016ade6b75dab4febd9b7404649e34e2221db1b11171
- SSDEEP
  
  384:6aY2oZgEAIPmQmGrubWLftv5UCX7ZQA4yw0BxZXAyJc:6aY28gN1QaMHVQA4J0PZLJc
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  ePassNgMgr.exe
- Size
  
  728KB
- MD5
  
  d67a96027cb2527a520367a6924ce123
- SHA1
  
  b97a7b6cabe6274582ba8cc606e5daf90f2e0c33
- SHA256
  
  651b4ba402cdda466c929c31ebf0a752e238d3e033432ea00ac60ba77cacd028
- SHA512
  
  8a1f650638f2c9040eda2ae2c5e2c97ea7c56415bb2876625c09c504b45444c5dba7b7d07080676710f56017eaf6f3f4b075bd631fdee29b373a44e24e14e007
- SSDEEP
  
  12288:3IbbxxWmTtCKBAiiYQPfEojiiVBzK0IgTN/Kdcyx87XhN:4b1sYNBAiFSfEAF81Trx87X
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  ft12drv.dll
- Size
  
  1.2MB
- MD5
  
  84b04dcb39f250df93ffe801166464d3
- SHA1
  
  33192e547cb2a19fbb8a146a3348708c9ac69e41
- SHA256
  
  f7075adfb5e24df58856606cfa6ea17c0b1d578045947c1f9298b21ee0e0929d
- SHA512
  
  ad84e1085d3ca122f3dfacf7f0a02becb112e82be2ac843bb02c16b09e4781c7f95adf6e5fbbb170d0fc1421906e74b03861ef4e10a87434da118a2663620672
- SSDEEP
  
  24576:Mfum7mrjKQP/+rnDcDf/oFdFUznul6RFuwd5I3fBZXk1:CJ7r0YFDUQ6SQcK1
Score

4^/10

discovery
behavioral25 behavioral26
- Target
  
  uninst.exe
- Size
  
  149KB
- MD5
  
  7d0e1740584afdb1e99e6c9c19995598
- SHA1
  
  a3386ecdc55b829486eb6dffb906a2717137dda1
- SHA256
  
  40ff460e185c76f5ed7a9110b740aa000092cc5776cc76d823eb443680da0b96
- SHA512
  
  51c2d281d258424485ce24293d5769828e486c7c566a42fd2934825c1a8035922ac15c7b95bc28ae46b32e362120b2422eaa72d68352108ddf502be046741177
- SSDEEP
  
  3072:tYg4pumJGq4JXCgFytYp81Vq9/945QW2ZZMHKmk45MBpKPWA:tlg4JXjytk146FQlkoG0PWA
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  eef9e469e8a30717974499f277d97e2a
- SHA1
  
  2d33c25984ebd9116beeb55cdde4c5c86c023e5d
- SHA256
  
  1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078
- SHA512
  
  d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48
- SSDEEP
  
  192:8np6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+MTjK72dwF7dBEnbok:8p6UdHXcIiY535zBtMTj+BEnbo
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c6f5b9596db45ce43f14b64e0fbcf552
- SHA1
  
  665a2207a643726602dc3e845e39435868dddabc
- SHA256
  
  4b6da3f2bdb6c452fb493b98f6b7aa1171787dbd3fa2df2b3b22ccaeac88ffa0
- SHA512
  
  8faa0204f9ed2721acede285be843b5a2d7f9986841bcf3816ebc8900910afb590816c64aebd2dd845686daf825bbf9970cb4a08b20a785c7e54542eddc5b09a
- SSDEEP
  
  192:qADKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQbVUSF:qAViJrtFRdbmXK8+WVUw
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32