a39798386e56e5c80b7c878d250461550055708f2a75806660a361220fe58d20 | Triage

Sharing

General

Target

a1e18d573e9d64f5928cc20aaf36aca5_JaffaCakes118
Size

280KB
Sample

240817-klrzksxakh
MD5

a1e18d573e9d64f5928cc20aaf36aca5
SHA1

ac1e1c80a85d1c7a4148ac5a447af0f4d1078e98
SHA256

a39798386e56e5c80b7c878d250461550055708f2a75806660a361220fe58d20
SHA512

067644a3af2189bd1a224b5d68b8e45de67a01174d3ad1d26b28bba10e8b4be5ce5992cfa86ed6b576cc057691ba7dbad28e7f1bb5c18610fe341a9cf97a8043
SSDEEP

6144:Ee34Gww2wuKG8R9v3oxcCGy9jBeLJGy9jBk:DdukHAxcSxBevxBk

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  a1e18d573e9d64f5928cc20aaf36aca5_JaffaCakes118
- Size
  
  280KB
- MD5
  
  a1e18d573e9d64f5928cc20aaf36aca5
- SHA1
  
  ac1e1c80a85d1c7a4148ac5a447af0f4d1078e98
- SHA256
  
  a39798386e56e5c80b7c878d250461550055708f2a75806660a361220fe58d20
- SHA512
  
  067644a3af2189bd1a224b5d68b8e45de67a01174d3ad1d26b28bba10e8b4be5ce5992cfa86ed6b576cc057691ba7dbad28e7f1bb5c18610fe341a9cf97a8043
- SSDEEP
  
  6144:Ee34Gww2wuKG8R9v3oxcCGy9jBeLJGy9jBk:DdukHAxcSxBevxBk
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/KillProc.dll
- Size
  
  24KB
- MD5
  
  f2223ee8d3b5a26d9386dd90fd6326cd
- SHA1
  
  edf24705bba2a459637722af3b7a8b7bac23d2ed
- SHA256
  
  488aa34c7d2da0ab4a6b50463d5bb7fb402493602d3164bd1d56a2e93d97237e
- SHA512
  
  59bdc5368c9dbcee3f7807a653618becac2c36ac4b4c5b3e8906f32e55ddb0620af30e1c771bd9e3145b7caf996c1cc439066e1ce17cbe6f3ed9248c2e6e4428
- SSDEEP
  
  768:p13K3oHsFZLEQOkfb5CtRvBFj3d6dLMk:p43oGgQzotRZFRsH
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  SearchToolbar.dll
- Size
  
  253KB
- MD5
  
  63b3f6a70685489446f7789a17075c3f
- SHA1
  
  344836a57d3072dd4ecef47b279d05f2c012871c
- SHA256
  
  95222c918fb21575fb170d148549b67f0e06ced224a567bc38b93f14362f0e04
- SHA512
  
  1ce0c2c8390b7605a4b13957cd94605fe89be0564c8ab5bc0d68a58b17909cb36bd469fb061a61b554ba017deb363d7fcecf6c1cfe19c08d139717e226c28ec3
- SSDEEP
  
  6144:YcaFgxb57GbzkmdltG+ljUjYLte8VCkkkkkkkkkkkFCkkkkkkkkkkkWCkkkkkkkY:O22DltG+ljJAkkkkkkkkkkkskkkkkkkc
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  SearchToolbarUpdater.exe
- Size
  
  7KB
- MD5
  
  d24ba3348d4573e7e284fb86bed5963c
- SHA1
  
  9db0691dc764b972f361aeb7be44813bf0a729e4
- SHA256
  
  79b4da468ffc342c102d79e5104359217ec19b7d08bf973a282d4b697529ba5c
- SHA512
  
  67c8c383896fd512debf00a0c70c1df370b0fb5c2a969aab658bebcff4b211bb626aa8afea516698cafa2e3b11b37ce2720c7f1e0604e3ebf335563bca275538
- SSDEEP
  
  96:T2c9bQBjxKzfd1vD3zZ7h3+2E3zuQFJJSI+fq2yC7tCEXI:qc9bQB+Z7h3+VxFJJROq2P
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  uninstall.exe
- Size
  
  93KB
- MD5
  
  bfd9416d42a96ec33abdb04b45f32c8d
- SHA1
  
  c28244d6858b91a6d3c3926b02313109d8c03332
- SHA256
  
  da0cd6ae356fbdaf887a5af81dea9a3470de519de152b6a4f156de27768c7340
- SHA512
  
  58289def6a952da22dc3599ea1711d4be7b5d9faf6c3cfb5967b251cb74e023eac1918f4daa33de73b87c223a0f2d108ec62c635302d4c694d701ca1e9f5089c
- SSDEEP
  
  1536:+pgpHzb9dZVX9fHMvG0D3XJwgKzLidAsK6yKdJf2PFWWw9fuYaiZX:EgXdZt9P6D3XJwJidAA/JOPpw92YBZX
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/KillProc.dll
- Size
  
  24KB
- MD5
  
  f2223ee8d3b5a26d9386dd90fd6326cd
- SHA1
  
  edf24705bba2a459637722af3b7a8b7bac23d2ed
- SHA256
  
  488aa34c7d2da0ab4a6b50463d5bb7fb402493602d3164bd1d56a2e93d97237e
- SHA512
  
  59bdc5368c9dbcee3f7807a653618becac2c36ac4b4c5b3e8906f32e55ddb0620af30e1c771bd9e3145b7caf996c1cc439066e1ce17cbe6f3ed9248c2e6e4428
- SSDEEP
  
  768:p13K3oHsFZLEQOkfb5CtRvBFj3d6dLMk:p43oGgQzotRZFRsH
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18