22a7a589ea5387396db7354ac92a32119e03c00846e84455ec70fd1a286a6962 | Triage

Sharing

General

Target

aeac60242aa50b684ee442a3a6ab6ba6_JaffaCakes118
Size

646KB
Sample

240820-layhnaxhrm
MD5

aeac60242aa50b684ee442a3a6ab6ba6
SHA1

d51ab9f1434734352e0baa232f3620f6680ce24c
SHA256

22a7a589ea5387396db7354ac92a32119e03c00846e84455ec70fd1a286a6962
SHA512

8b91fdaf4a2d7d77fb1e10d99905805795163327b2054252263b416f79bd5705ef614a77ce4c3287d0c81f99378a1a217c50c0029f8ee0948d05bfb64979c1c7
SSDEEP

12288:WuDa9X5y8J//i+w02KSpovfpVMHIJBNNTvqYfewyotQgWP:WWc59XiMvLrTbGwyE+P

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  aeac60242aa50b684ee442a3a6ab6ba6_JaffaCakes118
- Size
  
  646KB
- MD5
  
  aeac60242aa50b684ee442a3a6ab6ba6
- SHA1
  
  d51ab9f1434734352e0baa232f3620f6680ce24c
- SHA256
  
  22a7a589ea5387396db7354ac92a32119e03c00846e84455ec70fd1a286a6962
- SHA512
  
  8b91fdaf4a2d7d77fb1e10d99905805795163327b2054252263b416f79bd5705ef614a77ce4c3287d0c81f99378a1a217c50c0029f8ee0948d05bfb64979c1c7
- SSDEEP
  
  12288:WuDa9X5y8J//i+w02KSpovfpVMHIJBNNTvqYfewyotQgWP:WWc59XiMvLrTbGwyE+P
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $0/uninstall.exe
- Size
  
  87KB
- MD5
  
  d445cf2b1abb1e43b5bc15ad8b3ee425
- SHA1
  
  c32bd43025189c83ffc2d4656c7558b30f623c5a
- SHA256
  
  7ce4961b1e2246109df696d8479c3b6d41f658010bd4455d3573c5933e189a53
- SHA512
  
  099f2a0783d9415a3e27d2fdf5af83461327ec80f8d801396be91e4c8546377fd884aad75ce1d80ae490daa3db74f6bd2176b46129b8015583321e4e3bcdb32d
- SSDEEP
  
  1536:nEkjY1zy214Qay0DGkJbvPJDtimfOPcucp17GP/W8eptep2/DyQM:EkjAJ4dDGkJzniUT3OPebp0o/Y
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  13KB
- MD5
  
  d765c492c21689e3d9d61634371fd861
- SHA1
  
  ac200933671ae52c9d5544d0e2e8e9144d286c83
- SHA256
  
  551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc
- SHA512
  
  9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f
- SSDEEP
  
  192:9B6RvrfvOuJQDghBy/X7QKq3TLGciZJf0EzWzMnz6WoF1dBs:v6RrviWaX7eiZJ7nz6bB
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  fe24766ba314f620d57d0cf7339103c0
- SHA1
  
  8641545f03f03ff07485d6ec4d7b41cbb898c269
- SHA256
  
  802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd
- SHA512
  
  60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3
- SSDEEP
  
  192:rO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1aMBgMO:yKAFERdlxhGRYUzqZaMB
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $0/wyeke.dll
- Size
  
  576KB
- MD5
  
  a3e81d34ec9f250c370e3d45031027f5
- SHA1
  
  4c3bec6d38b1da6c2caeac6a12f6273607e196b6
- SHA256
  
  515efe62a3f81595545ae1143fad458a8fbf6e1f9365b59b9bb6191339ffefb9
- SHA512
  
  bfaf81f6086426ed376b90430e95c0db7a4866575aa8ce9b545c1123a8f02a80b4679ba466c542d47da74d27d1c03efb1014f9d44112a568a048a8646c3188d8
- SSDEEP
  
  12288:gl+9cuPuAJDI/GG7BR/q/4OgA7xugkXM6uqQDGqNLLPyvRdSuhxd:Q+6umAq/tOwOl7ntbXNLGZdSuPd
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $0/wyeke.exe
- Size
  
  45KB
- MD5
  
  1ad77afb3a6e69b9369d46b66b2d4dd7
- SHA1
  
  f45d8e761183fae1a7a479b8c9618b40a06a6008
- SHA256
  
  6826c03be926075bf3ea7503caf5e152d33b224fd82fa87bfd582701a659dbd6
- SHA512
  
  aded9b92971c26f078ac583667136a811499cac67f44601eda227e98dd096a1cf2245aee98e931b75e5eacaac494f1dbb1217a3e19019d7afc0ba5fd45934926
- SSDEEP
  
  768:Xnd+7cM3x0eBQZ3ZmWecpuzv6uB7J06v+ZWz9vWU3eGbhmlODn/Lf9:Xnd+R35aMWecozD7J0w6Wz9vWU3fbZDB
Score

3^/10

discovery
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12