f40912f20664da2cfa0ae49c0b31005e23fd941c7389cb13b277fd8026ed1c85 | Triage

Sharing

General

Target

e20cf23b48d4c0dd37ebcdfc1828a54e_JaffaCakes118
Size

3.5MB
Sample

240915-j4a84sthpj
MD5

e20cf23b48d4c0dd37ebcdfc1828a54e
SHA1

8de0286778a499eec760d2f25c480ca36335642a
SHA256

f40912f20664da2cfa0ae49c0b31005e23fd941c7389cb13b277fd8026ed1c85
SHA512

bf275db859259e1ba761323117f58fbddecfdef9b9e4fb25873a862c24b402f47e028a374afb204132561b3674da3629fccfdc65e9455c82ca17daeb99502124
SSDEEP

98304:3+9k8q4uksjSTfoRHLUlNcyiDJZVmB5exzQUlU:3wq4DsGTf8rFtDJDE52K

Score

9^/10

discovery upx

Malware Config

Targets

- Target
  
  AnVir.Task.Manager.v7.5.2.exe
- Size
  
  3.2MB
- MD5
  
  4db724078ed6a648df859c223c137d4e
- SHA1
  
  b311da8a55ec5932b914d05b743f82a22b3ddfb5
- SHA256
  
  02a5f0aae95a5b59c12f46a545a9ca10fcb1ad1139a220fd1983cba1e725733c
- SHA512
  
  6913e5d867acdc900f0e965a2c90afc99222949032ce7285b755c35c29f320d828757fd82afaf7f775c9bc6ed5cde4dfed6add7bef1c76ca5cb9365826333724
- SSDEEP
  
  98304:m+NEMc4q2sBSNh65jrGHJqAEztxXOHvexs:mkc4zsYNhW3nJzttGvN
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $EXEDIR/AnVir/AnVir.exe
- Size
  
  5.6MB
- MD5
  
  5fa1d5146ac74c4bb755cf6f8ac94408
- SHA1
  
  d12da179611e608e168d827aa6f859840527a8fb
- SHA256
  
  7fe13b4a565174d59cecb1a3e7e1a96ed297d4fed0c32482cf5b0b9da43ad1c6
- SHA512
  
  19d22dfbc6c82c1b0088745f869e1dfddea26fb9df4506cae12f46c93c55b6cb3b1f00f33a7969c42dceac469988b3f4d5cc42cd3eebc96faed06b9511e187c3
- SSDEEP
  
  98304:mI3wec+PUVBd8DNQdXndQE1SqAKziinEvYzq8KLlgdYwTaHY9sIen1k:mswejPUVBd8DNQJnCE1NAKziXYzq0
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $EXEDIR/AnVir/AnVir64.exe
- Size
  
  142KB
- MD5
  
  aa5ec124ce910b86d44fa55a4b281cda
- SHA1
  
  203ec49323850c45cfa91ecccc5d5e73491def4d
- SHA256
  
  1738235bc62e721dababc6d0959afde34a8c0dca5b77ffbbb9a17923dfc6cf33
- SHA512
  
  52a201484a19f43234096dc22720cbf89555e1aee46f729c320ee9f780d83f2a18f6f07caff0af31975e3161053b1f349e34d6d6894c31703449cf0d409f65fc
- SSDEEP
  
  3072:tQ3bH5g41VJIFbaM5etj43TpstZ+HX5rbZB1lKm6QN6fBRE:tci4LCetj43TAZ+HJz0QNj
Score

1^/10
behavioral5 behavioral6
- Target
  
  $EXEDIR/AnVir/AnvirHook75.dll
- Size
  
  104KB
- MD5
  
  28b8d942442cf66f52517e7ed8e40234
- SHA1
  
  518ca44d04f2c5da7bdb806e67c87076c8d11fe9
- SHA256
  
  cac0f9cb0e3b093e203e0ef7a768e3ea538031b5460b2219e96e1bd5fce0aa1a
- SHA512
  
  90114b03b68c9e09a6fcd1e21af62b6860513e2c6b3f1c4c3e44834cd31d6c1119bed9007e92c53c1b87fd986aa4455b93d5e6224201246f2009c34420b006c2
- SSDEEP
  
  1536:SpikoGNxYxFfAWDroIAZDi97wcvG7y2+YbtZNRrD4EQhuh9:SpGOxe1APIAW7wcwy2++t14bY
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $EXEDIR/AnVir/AnvirHook75_64.dll
- Size
  
  123KB
- MD5
  
  9fdc20cf50cb39b86263684f8c98a8c9
- SHA1
  
  991a5cb48c311a7fdba102ab4821c50f1ad9c0fb
- SHA256
  
  f3b52a9d0046b2a4235b0e1ad0ab997dca25a27c0dcebb3b7c7ad99b47608b2e
- SHA512
  
  acce74bfcf87bd15fab30fc62c96c45d5f5a1c2a1acabb4738daf4f4f7619b6981cbd8d4cc69f099c5b652c5947c00a454026f13a8d07560460612155c312f64
- SSDEEP
  
  1536:mhRrHlF1WnatQ4LkpWrQ/ONRXiY6yC14AMTw/nD3Y+bKUt1qf4btZNRr+hd:IVF/9Lk8Q/cElfyAMTwfDBFt1qfetM
Score

1^/10
behavioral10 behavioral9
- Target
  
  $EXEDIR/AnVir/AnvirRunServ.exe
- Size
  
  59KB
- MD5
  
  38974b7cb773cc973647f6238c20ba1b
- SHA1
  
  88b53952abc06e1be08221253b19c24446f2dfef
- SHA256
  
  e907fe771ad91192af0c89e5b5f8d775247ed08451d939783fbd86c28307e193
- SHA512
  
  bce9b30af0b09c8fdbc1cf439626dc9663f582863d0ad30f82b1ba4c8e4482bdc180963dda7dbadd98b3d4876c8d272bed752b5b1fc7be61794faa053ac761e1
- SSDEEP
  
  768:x/tZoa5Gaep4fUaYeXmllBT2100PJRL2AF1adnDLbz1g0FN5saovzNoxh0QC:xlmggR1llBTs0ORL2oEd3va0bovzKh8
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $EXEDIR/AnVir/VirusTotalUpload.exe
- Size
  
  157KB
- MD5
  
  32c2941fa7a646a1a1dda8aa1917004b
- SHA1
  
  76df2d94dca1f9c8d9c0169bd1dbf4c99ce71a71
- SHA256
  
  9f0e6c3c398f16adce5af7b72fa51b820c1475336761c504a518aab9255762d1
- SHA512
  
  9971b5e5772dc8bcbb9dcb955ee528a0bf1e40499796be7e4f76e2ebecd0dfd316fe90567edf0d5b773820fa64fddf40eb4c8e067dc0239627b0134d0de1628a
- SSDEEP
  
  3072:zQjLSU6VICKoT2gNMLMME6eHEqPpVNmQwIMZW:zQjLStICPagmLVE6eHRLwB
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $EXEDIR/AnVir/XPTweaker.chm
- Size
  
  60KB
- MD5
  
  8f774e33873f2dce1e43b1dbadf8617a
- SHA1
  
  b71d0bab44f3f048970fbcf3c49c6e167fbc77e2
- SHA256
  
  81c918871fb07e6dd92fc036d082230b82b46e38f7707f677de450e15f4b7e56
- SHA512
  
  c146d93a565a9170fc4e2a160aeb9287e270df2007b5bfca0495023cc8388e021c2d1f326a099bd5d93a155ad90a5d4ec6a6cc78b83da02b9bc63e6cf382d473
- SSDEEP
  
  1536:18oTxs2n3BIhhd0KtJtiAqCW7/pCsiOYpvLj90/P:Gj2nOhhG6y9hCxOovlcP
Score

1^/10
behavioral15 behavioral16
- Target
  
  $EXEDIR/AnVir/license_ru.rtf
- Size
  
  56KB
- MD5
  
  7b6fa4ced57c4bd110c8ed7dcb72a29b
- SHA1
  
  a39b5ae81f2f4f140f67f6e885a09c74fe6a7757
- SHA256
  
  da35c2ea1dde2142cbd7048233cb827b0b3d996d04cf5b7580a45a96d8463d93
- SHA512
  
  341b9f1ca17e6d5c2d647d3fcbba9e93db73b6e70b91ed2c85366371c7fa7e2bf6b7219cb1123105b0100d6f683ffe5bd96af9adb85c9629a03363c3757eb9fc
- SSDEEP
  
  768:qdePxd6xGCKOZn/q1BkZ8X4jSKPSRBOAIb3F6AW0Gfze8utQZoYHpiaTgTVSJ2xJ:qdYUpU6Qg1IA9n
Score

4^/10

discovery
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  AnVir.exe
- Size
  
  5.6MB
- MD5
  
  5fa1d5146ac74c4bb755cf6f8ac94408
- SHA1
  
  d12da179611e608e168d827aa6f859840527a8fb
- SHA256
  
  7fe13b4a565174d59cecb1a3e7e1a96ed297d4fed0c32482cf5b0b9da43ad1c6
- SHA512
  
  19d22dfbc6c82c1b0088745f869e1dfddea26fb9df4506cae12f46c93c55b6cb3b1f00f33a7969c42dceac469988b3f4d5cc42cd3eebc96faed06b9511e187c3
- SSDEEP
  
  98304:mI3wec+PUVBd8DNQdXndQE1SqAKziinEvYzq8KLlgdYwTaHY9sIen1k:mswejPUVBd8DNQJnCE1NAKziXYzq0
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  AnVir64.exe
- Size
  
  142KB
- MD5
  
  aa5ec124ce910b86d44fa55a4b281cda
- SHA1
  
  203ec49323850c45cfa91ecccc5d5e73491def4d
- SHA256
  
  1738235bc62e721dababc6d0959afde34a8c0dca5b77ffbbb9a17923dfc6cf33
- SHA512
  
  52a201484a19f43234096dc22720cbf89555e1aee46f729c320ee9f780d83f2a18f6f07caff0af31975e3161053b1f349e34d6d6894c31703449cf0d409f65fc
- SSDEEP
  
  3072:tQ3bH5g41VJIFbaM5etj43TpstZ+HX5rbZB1lKm6QN6fBRE:tci4LCetj43TAZ+HJz0QNj
Score

1^/10
behavioral23 behavioral24
- Target
  
  AnvirHook75.dll
- Size
  
  104KB
- MD5
  
  28b8d942442cf66f52517e7ed8e40234
- SHA1
  
  518ca44d04f2c5da7bdb806e67c87076c8d11fe9
- SHA256
  
  cac0f9cb0e3b093e203e0ef7a768e3ea538031b5460b2219e96e1bd5fce0aa1a
- SHA512
  
  90114b03b68c9e09a6fcd1e21af62b6860513e2c6b3f1c4c3e44834cd31d6c1119bed9007e92c53c1b87fd986aa4455b93d5e6224201246f2009c34420b006c2
- SSDEEP
  
  1536:SpikoGNxYxFfAWDroIAZDi97wcvG7y2+YbtZNRrD4EQhuh9:SpGOxe1APIAW7wcwy2++t14bY
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  AnvirHook75_64.dll
- Size
  
  123KB
- MD5
  
  9fdc20cf50cb39b86263684f8c98a8c9
- SHA1
  
  991a5cb48c311a7fdba102ab4821c50f1ad9c0fb
- SHA256
  
  f3b52a9d0046b2a4235b0e1ad0ab997dca25a27c0dcebb3b7c7ad99b47608b2e
- SHA512
  
  acce74bfcf87bd15fab30fc62c96c45d5f5a1c2a1acabb4738daf4f4f7619b6981cbd8d4cc69f099c5b652c5947c00a454026f13a8d07560460612155c312f64
- SSDEEP
  
  1536:mhRrHlF1WnatQ4LkpWrQ/ONRXiY6yC14AMTw/nD3Y+bKUt1qf4btZNRr+hd:IVF/9Lk8Q/cElfyAMTwfDBFt1qfetM
Score

1^/10
behavioral27 behavioral28
- Target
  
  AnvirRunServ.exe
- Size
  
  59KB
- MD5
  
  38974b7cb773cc973647f6238c20ba1b
- SHA1
  
  88b53952abc06e1be08221253b19c24446f2dfef
- SHA256
  
  e907fe771ad91192af0c89e5b5f8d775247ed08451d939783fbd86c28307e193
- SHA512
  
  bce9b30af0b09c8fdbc1cf439626dc9663f582863d0ad30f82b1ba4c8e4482bdc180963dda7dbadd98b3d4876c8d272bed752b5b1fc7be61794faa053ac761e1
- SSDEEP
  
  768:x/tZoa5Gaep4fUaYeXmllBT2100PJRL2AF1adnDLbz1g0FN5saovzNoxh0QC:xlmggR1llBTs0ORL2oEd3va0bovzKh8
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  VirusTotalUpload.exe
- Size
  
  157KB
- MD5
  
  32c2941fa7a646a1a1dda8aa1917004b
- SHA1
  
  76df2d94dca1f9c8d9c0169bd1dbf4c99ce71a71
- SHA256
  
  9f0e6c3c398f16adce5af7b72fa51b820c1475336761c504a518aab9255762d1
- SHA512
  
  9971b5e5772dc8bcbb9dcb955ee528a0bf1e40499796be7e4f76e2ebecd0dfd316fe90567edf0d5b773820fa64fddf40eb4c8e067dc0239627b0134d0de1628a
- SSDEEP
  
  3072:zQjLSU6VICKoT2gNMLMME6eHEqPpVNmQwIMZW:zQjLStICPagmLVE6eHRLwB
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32