582ce1814177b24c95676f7182bac0879bd08f2b8f1bae883a7c840e5a361c42 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

000a96e72f3c99141e82d5187615cea4_JaffaCakes118
Size

175KB
Sample

240930-hlvdlawaph
MD5

000a96e72f3c99141e82d5187615cea4
SHA1

ab246bfb3dc53b6f66b7569f74f2f6e10a392261
SHA256

582ce1814177b24c95676f7182bac0879bd08f2b8f1bae883a7c840e5a361c42
SHA512

21f7379ccfa8076ee2d06c29e13462afa463d5dd90f31624a99e30de4a83248d5fad89aa4c2f7f27eb7e017138dfb96f089cb1c89aa713aa7c768fdce1b180a2
SSDEEP

3072:huv+3JtG3KK+RJslOFe2UgF+BKz8WYLYduHqjefRWSpM6lS79+ArV8q6gVnhZ:h2QDqKKDlz2Ukd8h4uH8efnaQysxq6g5

Score

7^/10

discovery persistence upx

Malware Config

Targets

- Target
  
  AVGINT~1.EXE
- Size
  
  127KB
- MD5
  
  39170a5a1dfec141d6aff301041334d0
- SHA1
  
  8c029e82296cc97fad6ec462ff8b90df1a69751a
- SHA256
  
  7fa49d1ead28d8adc0a5f0b0246cbca3d47ce15ef507e73efec2d01ef64e7404
- SHA512
  
  2611dbb648c76a5c415d78487be326786f30c7bcd55eb4d773e3bfd5b00151efb0ab054d332810c57cbd9f647be84c06fc521d2fcfe043eaece091682774f582
- SSDEEP
  
  3072:vgsTOavWNikhiZDWZBh8T/9Ye4uu75ILn:vgs6JAuEDWNQKeYOr
Score

5^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  file.exe
- Size
  
  104KB
- MD5
  
  1dc556a7f72377e6121d6aee0b9bb458
- SHA1
  
  c723d162b3be559c4d8aca27e35b539bb7d9d306
- SHA256
  
  f0374281e5bcb306ec744abb8610602933667407269290e5d4aa513cc017b855
- SHA512
  
  e6deb9864635753e63802dd8e7779be4675f455269a55e536ed40b7d6f12456966d404cde3aecfb1d1e9e14b863a6abf5f773f4bb578d2bce3d78f17f42817b5
- SSDEEP
  
  3072:0nj9jtfU+INndIc0Jb57T3i5Y4tuqt5+PL3f:0jbeiC54L
Score

7^/10

discovery persistence upx
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

discoverypersistence

behavioral4

discoverypersistenceupx