938d44be10097f59babeea2b2a388e8f71d663c4c543bb2bd599463f0a8b593b | Triage

Sharing

General

Target

cfb15f3063108f87d77124e34fe742f6_JaffaCakes118
Size

2.0MB
Sample

240906-q986nazdnq
MD5

cfb15f3063108f87d77124e34fe742f6
SHA1

c8cca36ed81d9df4763b49e0fc9ec6ff66f8493c
SHA256

938d44be10097f59babeea2b2a388e8f71d663c4c543bb2bd599463f0a8b593b
SHA512

54d6618093e868a354562fdd50f9273c5de548302d59933c1d974b75345ee23033d1edd21ff827dac06e7a0774e8e0910f985bd1103a2bf630f766edbcc2c23b
SSDEEP

49152:vYYJQBqrxelsRDgq8sNU4tSETKpy6y0OuJTneRLzvNQbVbGbtg:f24clsRDgqPK4cAJlVuBneRLD8Vqbq

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  cfb15f3063108f87d77124e34fe742f6_JaffaCakes118
- Size
  
  2.0MB
- MD5
  
  cfb15f3063108f87d77124e34fe742f6
- SHA1
  
  c8cca36ed81d9df4763b49e0fc9ec6ff66f8493c
- SHA256
  
  938d44be10097f59babeea2b2a388e8f71d663c4c543bb2bd599463f0a8b593b
- SHA512
  
  54d6618093e868a354562fdd50f9273c5de548302d59933c1d974b75345ee23033d1edd21ff827dac06e7a0774e8e0910f985bd1103a2bf630f766edbcc2c23b
- SSDEEP
  
  49152:vYYJQBqrxelsRDgq8sNU4tSETKpy6y0OuJTneRLzvNQbVbGbtg:f24clsRDgqPK4cAJlVuBneRLD8Vqbq
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0ee1d80ff67f5d5b1aebee2d50e38c9c
- SHA1
  
  250aea2e35e51fcd1492b817d1ebe8f467ac2565
- SHA256
  
  24215fa79a4e16fc77a103e0257d961e66023f4b89068b04d594463a138bbe1d
- SHA512
  
  e745a03b055324a84249abf2914f7cdd8e2e92213c3d51e5ddcc47bb051a525788972532893c0013d03fcc6a90ea8ca2df26d3af7939d08ece1307203de2e88c
- SSDEEP
  
  192:MEuyQq+sFjuF9E8anOpnIwknUASk62K72dwF7dB4aMEgss5:MZV/sFjWE8/I1Ak62+B4aMss
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  29fc9b741c3eb0dc1f5bf9eddf316688
- SHA1
  
  f6e7f649d33e5cdbc4c09e331ce132144ed27140
- SHA256
  
  65133610bb3db9362b4e37d0dcdf3398eb376c7fba42daef9b73a2f2243cf4be
- SHA512
  
  ebb6ad70e18f333a3ed14bf2487647ede5ac565ecc763e7a138bf12068ebf53e6472feaaeeab5c66efbf3acd8d5ef795a4f4982b5eb160b723efe278354793f6
- SSDEEP
  
  48:S/EMLUmNDsKWMPUptxEqK6/loUI+VcNSmwVs3J0vrpXLta1JvR0Jxofbm:30DsKGEi/ZVcNSmwVs3JI9t8R0y
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/QvodInit.exe
- Size
  
  113KB
- MD5
  
  68356242edb61a53e3ecd44d96aca83b
- SHA1
  
  c518642d0aa312ed2d5d3dd871ae5d8849f03622
- SHA256
  
  61f936ef52c7c185dd6539ede1041dbd09b01b53443944a59d69e8dcb4e8f653
- SHA512
  
  127ae59caeddb13d16ea91d26ad146634ec6c7c4a0370b0c2b7a86ec8733e1dd4f6d2242a98b6e27b8b35870d1cf1253b56ca50c4ba681fce5be1a7f965494d8
- SSDEEP
  
  1536:6j2CC5pfKqZRdBk3P1MzrHTJJlE0iGDORNSqFf2Xh9PRUGVASsu2VXaLCzn:JlpH2M/HTJJlE0igORNSMOrRUm2VqY
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  ab4dfd749cabc33f31c71779bf2d4a37
- SHA1
  
  a8fb9d812b4cc70631dc95bbb72f1128092db9ba
- SHA256
  
  511a32b5eccd3498e7f814471adf97f7b8469b96c33ba040ca180124e6e03409
- SHA512
  
  4e8300fff0404c9cc68646f3a35062ff95681d51993948c601283b308ca3592ce4bb9ae9d7b4a5f0a8f0aee242bab209930e6997d8be0ed2b883491430fe2a31
- SSDEEP
  
  96:i0+NYlmO6KKMXs05SNgipZpALWIChUBH52qxoTUkKh6V7givcUOMseitAbEXJEci:iFOXfXZQ6i1AZ2q6grklcm/iaULQAZs
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $SYSDIR/pncrt.dll
- Size
  
  272KB
- MD5
  
  13001eb0a58b4de96126b16ab15fd8cc
- SHA1
  
  4dfe6d2d02e9fa194f4af3d054b458b5a4bafbe6
- SHA256
  
  e983aa97fe1ce6af92f06433a71e03f54d3fc78392e26691cace927094bab8d7
- SHA512
  
  1a7c052bc1e7c824a3aff5e27c5cbd0720893e341dfb93062021b82c3a6d940c4ea23cbcdfaaeb174d90f51c36f0d8c62f693766f42172f894b6b689d26f49b2
- SSDEEP
  
  6144:3m7wHLiH0k6OgfjvQ0mvlxZ/PeT8Ah8EoHiIKaGo5RpTufufVvtr+dj7GcuT1JOy:3m7KLiHl6OgfjvQ0m93/5q+iIKaGo5Rr
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  AddIn/VisLrc.dll
- Size
  
  157KB
- MD5
  
  2c3166ed03d35761549457ca1ed5fcdf
- SHA1
  
  cd5120872f95ab8b08b1a6d8a74fecb898a3d728
- SHA256
  
  fc49a13d94f4da894209f6503ba56ddaee21af92224e4a6260bc9a9dbe3813db
- SHA512
  
  8d54325d1957fd966be0db2bf7f92193bcf3528da394faa8f195752b03fe7df972cf01080ea3713daf7ce91b999eb2e4782aeb00d438685a6fb00cda15d0fad9
- SSDEEP
  
  3072:RJPHHXjS7Ip81RLIfPE9hYRYCkLzf8l/JHss4H:RJhpUXYzkL4QH
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Codecs/ColorFilter.ax
- Size
  
  141KB
- MD5
  
  fa098ed1394496b2ba53f1773f70d711
- SHA1
  
  6db54dfee27c70e61e3ef1d5374513c16fd602aa
- SHA256
  
  19b84b912d782333cfed1727e69da83846b77d7c90736b5621b438f9f50d107c
- SHA512
  
  74b2704dba6ace3fecca0dd6e790162b961ca9fb9ae6240aefb1f0d52959f58456c626378c745cbc155a8928d850614b8df6804b851e8d017c5ebeca01c17a8c
- SSDEEP
  
  3072:9ymeNWoqvzMcvAXQQ0vlvYKQptcabWQlHs69rDc92:wE1vzM8bvhs7lHs69A2
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Codecs/RealMediaSplitter.ax
- Size
  
  372KB
- MD5
  
  b91968f4f21d803d2467da89d9cd7275
- SHA1
  
  a0e1a676fe340f6bd211a1b40c0b6d8d1715d82e
- SHA256
  
  4287023170ab52ec3883af9a464d281358ae44225b25b101697c2ae66c82f935
- SHA512
  
  047470fda7ff9cda15cc4baaf0d5031bc8c37a9a7a827601c0e6db149f3af5149860afc45dd92c1a035f537971a70cb0f31372de12c080cecc3d93a89e6b8d65
- SSDEEP
  
  6144:sbH9JP/W0D2hzNqURg44nlHR0urOU48+EQHapawA9MDL:OJP/W0D2Pq/rpR0urOU4lExnn
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Codecs/asfsplliter.ax
- Size
  
  64KB
- MD5
  
  4a7e26d268c355fb5da19a4400e7770b
- SHA1
  
  ebe3c19a94e12c2a5d39bc816317961797a6c89b
- SHA256
  
  5c44df6b0d4d212271a1ca4c008ea003a2dd1168059333169b3562c51065c3e9
- SHA512
  
  db5f0161d64b27cebc6de443e68cf596725ea1034f20c58f2a019f2d50e67574e33ffe65e8f5a9b21095cd2f309a97b58ee3603e528276aeefa67c9d7b3234f6
- SSDEEP
  
  768:Y9We0OJXnfX2c+AOW8gpukVl5sqiCpl3il7T59bSob4p9Gk0:Y9WEXn/2c+7jlkV4dCpN67t9bSXG5
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Codecs/atrc.dll
- Size
  
  76KB
- MD5
  
  ed7c402a17a33d428a6d0dad2e7c42d8
- SHA1
  
  93a6dcf0abe28a01403da578d685cc5c0b48bb82
- SHA256
  
  00cb4ae39a6e18c07e12ae53150ee29ece9ef4561a496920f19813aa431daff2
- SHA512
  
  bddc074123d3f144d7903d5f2502f8961ef79e1a06ce05d1769f37314eb276729444647a9f5c9e80fec0512cbd07b5e46be40f6f6015f8b1a255d7daf3ae28f1
- SSDEEP
  
  1536:k7b44Vh7qOxPccMvJY1cnd5unZsQDUhl:k7MuPccEYW3IZhDUhl
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Codecs/cook.dll
- Size
  
  64KB
- MD5
  
  fa220dae3898b8578c34791648321a38
- SHA1
  
  12bdd5396e996d071368980d36ef6f6c7b39f936
- SHA256
  
  f8b5898569a508e370eb25db27c1cba440c9d559529850c05589e56a93659835
- SHA512
  
  9c2ad73fd43de7ca16a1d75b2974a737dfe1478d094783861ff5e3f994e17bc9e36e31f130296b497bb8955849be31db526018c0621cf5b09496fc6e5c3d6f34
- SSDEEP
  
  768:79rczOVJc8avUhcRxV6Sz+b2G90YnGZosMwCJtVSk7K+t6tj6tVDWVp3Ghv+Xb:7uqc8/aUSz62G9LnOnMK+t6tR
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Codecs/drvc.dll
- Size
  
  260KB
- MD5
  
  e9ad4c6feede8ce70a1a21ed1dc0e2ad
- SHA1
  
  ec6b32969e43328a177456be63864d004d501fce
- SHA256
  
  ef8d7d81cb460db57f2e737ca0de3e0c6c06f78273e49a47b24f0a1eeaa2909f
- SHA512
  
  ccd0a54e989b882db33e932fd95d29922dcc3e8608f32beef5882182be0534d809f67ce4d54ac894165f51e237ad39402ca97cf05e933fdd3c01c4f6ae50643c
- SSDEEP
  
  6144:hsNg+cXo8ZJI54BxrFPpH5Dtf5DNWoEaeglljEz:hsNg+Qo8ZJPWoEillYz
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Codecs/raac.dll
- Size
  
  540KB
- MD5
  
  cbb31c7b408e92fe01bd7ef7248a2b24
- SHA1
  
  3854ea40efe0a6f1a3f752ea6c2d915b952fb22b
- SHA256
  
  80fe7db8b85c4e7c767ba7a9f3d2426933beec18f9cc4ce4a279e96b41683e27
- SHA512
  
  1cd5dfc6aa86f432915bce4b54b258d370fcbf41c4c87ca4d45b0daf0560b945f0bfddaf93e274a0fb71659b8744776142f8afb384a745108454f894fdd59c0d
- SSDEEP
  
  12288:SWTRJoKssbGkZvYdizYMEYeT6ueQpcNwtXDDDDDDDDDLDDD6NcKKKKYYYYYpDDks:SW8KssykZgdizNEYeT6ueQpawkNcKKKG
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Lang/en_US.dll
- Size
  
  92KB
- MD5
  
  bb0318356c35f4a0c6c59b427208f491
- SHA1
  
  00fd513e6d82d0674ea95404fec235decc845aa5
- SHA256
  
  ff87b64931f48fb1db2d94f95b9e8b352aa696f950e8c491767ad46eb474db08
- SHA512
  
  9c45b3cda7277bf65d76d1e08413a885a8fc627078a84b77286769e60f10bddc961b064995f2bd9d774d704913cf773fe37e0eb8ed22050a81c1394fb71848f7
- SSDEEP
  
  768:aOTlDSvDubNIrytDXSmPzgFhPyvluF8YJWnIR29iKugXrx7pLV5PmSOJ7blGqUex:aOTlDS763DXSKcFGluAgCrX4JKeZ1zZ
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Lang/zh_TW.dll
- Size
  
  64KB
- MD5
  
  19dbb99d8b03c081ecdb7e7bc41a7a1c
- SHA1
  
  e4437aa11ec2d456791cb1c12618f4755aeb5798
- SHA256
  
  907e22ad579d3e9cc0c95b264c7e2bb568985405e0fb9ff53ce26090d7190bb9
- SHA512
  
  31a47411b7b410502ed33788697b4938fc64d593c12a93e94f43bd3373c0111693d7f0936434ec0ad86541496a349a57904f03a34c3fe1a865a85f10756536fa
- SSDEEP
  
  1536:0OTlDS763DXSKcFGluSu2jSd//xii4PPnNHf:0uZcFGl59E/Z8nB
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32