17d4b4135f2aaf7bb962d88a637972877074815da8e37e104f1d76aedb99116e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bea551a08165b3c34c9448420780963c_JaffaCakes118
Size

2.3MB
Sample

240824-qah57a1epb
MD5

bea551a08165b3c34c9448420780963c
SHA1

adab9c806cf691d15ca54091eeb64973aff2b386
SHA256

17d4b4135f2aaf7bb962d88a637972877074815da8e37e104f1d76aedb99116e
SHA512

1aca454d8f093761d6a272763d6b8c653efeec7cee91404529467876838d616f562efe969f3ebeaea31e750137249eaa7f37861b2916224168bc0b35652a087c
SSDEEP

49152:GlpN481x40uvwxl0zU2k5S1JaKE1hof2dOmzgl9AQNFqjpegRo0EKnUuF:GHdug2kYaKEA2dOmUAWAjLRocUA

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  bea551a08165b3c34c9448420780963c_JaffaCakes118
- Size
  
  2.3MB
- MD5
  
  bea551a08165b3c34c9448420780963c
- SHA1
  
  adab9c806cf691d15ca54091eeb64973aff2b386
- SHA256
  
  17d4b4135f2aaf7bb962d88a637972877074815da8e37e104f1d76aedb99116e
- SHA512
  
  1aca454d8f093761d6a272763d6b8c653efeec7cee91404529467876838d616f562efe969f3ebeaea31e750137249eaa7f37861b2916224168bc0b35652a087c
- SSDEEP
  
  49152:GlpN481x40uvwxl0zU2k5S1JaKE1hof2dOmzgl9AQNFqjpegRo0EKnUuF:GHdug2kYaKEA2dOmUAWAjLRocUA
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AdvSplash.dll
- Size
  
  6KB
- MD5
  
  13cc92f90a299f5b2b2f795d0d2e47dc
- SHA1
  
  aa69ead8520876d232c6ed96021a4825e79f542f
- SHA256
  
  eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb
- SHA512
  
  ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3
- SSDEEP
  
  96:6hNSXIcmYjkvTS6MnBNZ1BMjDfhkkEkkXstWpPwoS:JXIpzTSd1BSk/kJtWpP
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/OCSetupHlp.dll
- Size
  
  754KB
- MD5
  
  06961f9fafb5237ddda9b36da7dc59fc
- SHA1
  
  a3410ce23efeba446cb50babd82bfbf568792bf0
- SHA256
  
  ba4490e75368696e526396266bc12e00f1b93ded3c7294d4e60f9249e315f03d
- SHA512
  
  f746807170f4c15d419f554751c9fa03df6ff9171cd549cc1b6f8d759f20a5a31ca2f33a9026f0e2e695bd3affb47ddd672bb7415a32bb943d56b742cbc1e2c4
- SSDEEP
  
  12288:WIM3VP7HyrzEBf8V/eaC8W4ah2Ig4COeVgiTGRavoDnT5ieS:WvVLyrzEBf8deaC8o2Ig4CzhTGRav0o
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $TEMP/Detect64.exe
- Size
  
  110KB
- MD5
  
  98ccce9ebdb749a87d4536b3a0c5c73d
- SHA1
  
  e2eb27f570a1b45a6cafa25d9a8424fd74717495
- SHA256
  
  b210eff9917841eb375c22ff55ef7429cbaee22139222d6253c8d86ed83ee79c
- SHA512
  
  2c57c1450aee583789b3fb54cf70d54780fa50056104cfd66d4bfc4167e2dda2918c6e56387d6a7cfb06c26815bbd3fd477538ee3c5d90174713db14729e6aca
- SSDEEP
  
  768:PutvLd0jAxsetgNppppppddddd275o7nD6k8RYD62Dd3UaTTTTTTTTTTTTTTWcDt:0iIsy6ppppppdddddi5o7nD61RYbdB
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  ClearOptions.exe
- Size
  
  153KB
- MD5
  
  998f801aa40f819a7a13566de3aaaf52
- SHA1
  
  f1b4ab4b8aebb82823a0f417fb71c61613f4d3c6
- SHA256
  
  df1472c35d933bf6d3d4bd15a8f93b2251edc60f96eb55b369b8f4086565db76
- SHA512
  
  28a558d58b883b8ff5a580fe32122be20ff54285d4c7d8c83d2730b4737982ebb895cb12aa266cf8d2bbb5f1665dcca999fcb961718e2764f591172700a1c955
- SSDEEP
  
  1536:rV4Gy6ppppppdddddi5o7nD61RYbdltvEeen:rmGy6ppppppdddddi5o7nD61RYPNEeen
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  DarkWave.chm
- Size
  
  19KB
- MD5
  
  28a9af166fd24775fc407b7fe1c2b68a
- SHA1
  
  3b1825f615506593d2257927ae8d856300536ce3
- SHA256
  
  71aae12b2adb1cb4cb6c45de4d5e0c7fa3062ae1ea570001ce608f45c8907f78
- SHA512
  
  fee13f484009716e3379b0097d66d462616ba59f1dfcc45f73bcfa4f3c4c413d9e79eb98d6aa39a7533ebfa379a4615b976a84130b6bed764ad07a845338b496
- SSDEEP
  
  192:6KiSc57hdme+cRRGHNk7j32I9Wd1GYuiVtgjMPHHAqDbcuO46eJvvnPblYg9tinG:6KithsTq3FQ1G1iDxbjP9JnnDb9oyl
Score

1^/10
behavioral17 behavioral18
- Target
  
  Uninstall.exe
- Size
  
  133KB
- MD5
  
  805e4a60e7bd272f27d50236fddd75b9
- SHA1
  
  4570f6364e7ff023bfb73344f652c0a4094572af
- SHA256
  
  63d48fffb16865ee5ee4c7e9291c4307037844b72bffe72e019f22ce67cf70b0
- SHA512
  
  7faef601bb749adac47f6ce7c2e7d0830399a01a69f5ae1e0f6295220a3bc50e4d87a8ea2f385292d1a7c789251015bb30b481920bc94f2c12f1315e820dddd3
- SSDEEP
  
  3072:biezvrL9oMXJAy6ppppppdddddi5o7nD61RYB1r:bNvTOy6ppppppdddddi5oXt
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20
- Target
  
  x64/DarkWave-Studio.exe
- Size
  
  837KB
- MD5
  
  1661a9a5fc888f7b2efa45b8d806307e
- SHA1
  
  c4a70446ed7c2d37bcc77ad8b56dd0b790c1b27e
- SHA256
  
  647e95df52cdefbabaf15c897cceb162543179e361534ffddba7416e3b5f4d84
- SHA512
  
  5251cbfa08c3c5915c02925aaeda5569216568b9fbfe645a9333aeb7ab10974aba7b8f5f9b1b675b21d705e67d66f48fef213d1915a50cfae04931fbd6871b96
- SSDEEP
  
  12288:J1FUAcp6627tKzOYLDigeV2Kw+vNVTnz3kX3sKdxNgYuVSs:LFKWtKzO4ezvvTzVKPNgn4s
Score

1^/10
behavioral21 behavioral22
- Target
  
  x64/PlugIns/ES-CoreMachines.dll
- Size
  
  835KB
- MD5
  
  b94b0ff26acab722c6d0c38aa97a7c09
- SHA1
  
  487029b88f85a4542039f1ed911b005b9f50c303
- SHA256
  
  4296a58bd15feefdc662d3f92214ecbd68c3749e6886e17bc156c969eef07457
- SHA512
  
  5dee53218348acb5f779b839898cd5e35b0feb0f410c84b992ecadd2bd96de2ae6c28a08ab08ff45abd5fbfb5e12c912fa2de4db06c545880f131d8b8ee4257d
- SSDEEP
  
  24576:XN2IhLCXCCCCCoT00/T+uQR4mPMAp68AD/KPNgn:XN2Ih2XCCCCCoTvTED9Y
Score

1^/10
behavioral23 behavioral24
- Target
  
  x86/DarkWave-Studio.exe
- Size
  
  681KB
- MD5
  
  ddac4f0cba3ea226d92e6c5ea22e0a61
- SHA1
  
  e0b4c187f8a75d059ba5dddc2002d614eb4d40e0
- SHA256
  
  b7fe7dcae59c8a0c0b8c61b007749a73931166f2e67a516b86a71f947bd7070a
- SHA512
  
  512d47076fe964daca05cf0184fe128f8f8c27348073663fffeb3793e832cc93d760a9cc2de1efd8e9a7cab584a0a18d1959b804ad035b369c2d1a7990d8a51c
- SSDEEP
  
  12288:6v2OR6hylMA9GtdusgeALoH+uQraTKK5WKdxNgYuVSs:6v2ORbMA9GrusgeOoeuNTlEKPNgn4s
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  x86/OpenAsio.dll
- Size
  
  52KB
- MD5
  
  6a67d93d68b3139dc5440a8ed3762d9c
- SHA1
  
  ff9e34401520e6fab6a8a5478b157ef73f8e91a4
- SHA256
  
  7fbc378945d8ae3f4b9cbad3bba1214186de319f4afb3f79e5b606edce6e6bc9
- SHA512
  
  e66bfb5f8d9fcf433246d8135bda976aea92b7c525a0c0b8d760fa072d69c2646666f0a8113b88afe1734258f92a30cd377d159ce0687c9fd7bf8917bd53f90a
- SSDEEP
  
  768:+77O9syqPTGTv+cf2biVCqoHklpxYiB9MNu95TYUQsNoWlb:yNGTvSeoEbfMEoW
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  x86/PlugIns/ES-CoreMachines.dll
- Size
  
  708KB
- MD5
  
  1974bde565442aaea7c26092ebd3e7f4
- SHA1
  
  ed97f16ecdba5359d92b7636e09b1fb1d0b9d182
- SHA256
  
  a8a033985c937f6ae9b554f030a197e1823bd7425ca4013725570a98b8065d12
- SHA512
  
  59bfd2e179e1e0703e0646fef86e446f954685be878a58d11e9aafcb65c9ac921493a0922d6a875c662a9aa5551c4a6bd0ecc6910f17aacbe8bceb8c97a47caa
- SSDEEP
  
  12288:XylWkKef0gNNYAXIbTywT0DIZKIm/QtIn9To1+xQR4mPMAp68AD/KdxNgYuV:wWk7cgQ46TT059T+uQR4mPMAp68AD/KI
Score

3^/10

discovery
behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30