f972e0585513e0f18ea89b5eb3208892974f0c0f6c359449c5d491d63e3b6bbe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15645365964bc9b82f6f85bfcdd66dfd_JaffaCakes118
Size

6.7MB
Sample

241005-aaa7ksxhrb
MD5

15645365964bc9b82f6f85bfcdd66dfd
SHA1

fc3f7ffed0be6de82f8a66d84c4c89544ab91b87
SHA256

f972e0585513e0f18ea89b5eb3208892974f0c0f6c359449c5d491d63e3b6bbe
SHA512

f267b938d73f5edb2b049a65bf5cf1cdfb409660d36842e3c027d20d90189109cdeadbef709c49d4d2fa3e9a9650f5c39992ad10694e4eb463f507f7657aee75
SSDEEP

98304:TpAri9ou0nK1g4OCGPctgZN9EmRVQgFwrPKsdRrgYXxPmPKJSOc8/xHyPY:TpV90nK1gjPDZkmR/UisbxPm0c8lyw

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  winiso/winiso.exe
- Size
  
  6.7MB
- MD5
  
  ffe131a36defcc2054e7478f15ba6f75
- SHA1
  
  8588e0a8c76facedb15e9bc1dfb7c58404d40620
- SHA256
  
  3af0ffef5beddcd906f5ac52a89a9b70834c79b0123623e2adcaed5206e7466b
- SHA512
  
  780922d941c62f847cc4b263712aa85f23bd3a5d96e2662629349354a6b0bc2ac09e609474e4e8990fc2cd7f25ab2dad6f54a3dde71d411bc64da9aab30fd6b7
- SSDEEP
  
  196608:1MNnpS2rQnelFLLbCGRt6Hqf0LC9sV7DuYHemav0zd+ZsWCBkQ0rfL:1M1pS2rRFLLxySf2+Syvi+mFSL
Score

8^/10

discovery
- Downloads MZ/PE file
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/ShellExecAsUser.dll
- Size
  
  8KB
- MD5
  
  b097e2c1d916411e3a32031e4d4e9481
- SHA1
  
  15e3db5b2263c53f545451e19d11a005f4650eda
- SHA256
  
  fd16be229c013ba83d757b88974f9c1f01834eb8158e32f68c8042bdd156077a
- SHA512
  
  ee33900f3911953b0b4ce9624a3a45bcd171316048f4b6c5f048ebe1249ccaf8fb77c62077c0a40405a658733d764b8bf83046f77c00593cedaae183dbe21549
- SSDEEP
  
  96:/fGTLKs+g/+wTqMFIpkNT1RY7eTR1cgGpJsPBSWB6KLuIn+ISIFXOU2:bIzxRY76YgmU0W4KLu8pOU2
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  959ea64598b9a3e494c00e8fa793be7e
- SHA1
  
  40f284a3b92c2f04b1038def79579d4b3d066ee0
- SHA256
  
  03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
- SHA512
  
  5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
- SSDEEP
  
  192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  f7b92b78f1a00a872c8a38f40afa7d65
- SHA1
  
  872522498f69ad49270190c74cf3af28862057f2
- SHA256
  
  2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e
- SHA512
  
  3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79
- SSDEEP
  
  192:y1zQhZDqlJcKISw99ioU3MSfwLF/+nhHUisdz:ozoZDGKYw9goWyFGBU7z
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  bin/QtCore4.dll
- Size
  
  2.5MB
- MD5
  
  38076ac0f13aef3aebee2b63125e4470
- SHA1
  
  928e64ed4f551d9f406d7ea4a32fef70ca080d86
- SHA256
  
  74ae26018084791df388f702063519cdaec65b22675cf57c96281eb95b63d119
- SHA512
  
  7b1681899c44f53911de267c0af830e4bfc5081b92bb51f55e57e179d6e622ccfe1878367e433852f211e61179fd192ce4cdcb3ce27698843bc05ee642ce26ee
- SSDEEP
  
  49152:fllS8W/BL4M+tejzGiJsv6tWKFdu9CITuLyvL/6mShMZtmjNUVrciV5P+7QVg07K:f3SFFqaznJsv6tWKFdu9CJ90
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  bin/QtGui4.dll
- Size
  
  8.2MB
- MD5
  
  ed555c555ddfc9567ae5ab6cc7cbc604
- SHA1
  
  ba38ad7539315b51c3809326fae2f4045b818a0e
- SHA256
  
  76b3292006d9e9f0adb21eda44de5a10d76833162a138cdade2a2fad8e4d60f3
- SHA512
  
  0f2709521dd61b3a5861493e47a52559c0a30c2385117476874587b3b4857e52d08c255d5c4d4e879a93082720f18a4b6b31d7c848598954dcf8bf171e742109
- SSDEEP
  
  98304:7xglZf8xGwqU2sgzQOWVdeACWMIM/giV8YGB7KudwFcD:7xKZfoLOxAC7pFc
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  bin/QtNetwork4.dll
- Size
  
  1.0MB
- MD5
  
  cc21b79dd81dc8eba20b1180601d0b00
- SHA1
  
  ce998a7a99a3a093e9cffd0ad0a039c81ac6898c
- SHA256
  
  d8d16f347d54333e74a5dc7ee64af89010251605f1968de1d2ef7c5983892e76
- SHA512
  
  faf42be6c8938bea30b5557c63cfa12306e37b2a8d1d181fca82634f41982efbbd91cc374b4efd9c03329b1af0e6b947c2ed1d310f16bb16602476e70f33121e
- SSDEEP
  
  24576:L836NWTde03hkFLCKWRmROVttquWZvmVTf:LcA0RkFvWSmquivmVTf
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  bin/baseio.dll
- Size
  
  48KB
- MD5
  
  e37eea0f9c47f5bd9e7110521e21f709
- SHA1
  
  5901616e486e5bec9db629cb9b7bb65f4bc8f9af
- SHA256
  
  5d1242a1ef8e05946ea60f838e221ddc2a4d504bc33fa13d44704fc43a0f33ce
- SHA512
  
  fcd9cc2cdf295126c7ec52bf293a6e2b06daa073400157b35308f31ccb82ac163d507d87fe04b28956199c3ba3973854975745081030c2cdb22f5ad7ccea9255
- SSDEEP
  
  1536:ncak+sPOVtXjIjbW/0vfBSkXtdaHOnuQ:ncak++OVtXobTv0kX3aHOnL
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  bin/codecs/qcncodecs4.dll
- Size
  
  138KB
- MD5
  
  e155d616e6fd95081a628b1a1505eab6
- SHA1
  
  35a059e9933587b46527d5645c5f069459e9beea
- SHA256
  
  5d886d63665f27dec6784cc7d8e5694091e84483ef9d96e4418fe4dd7d2f6f4a
- SHA512
  
  071b9e6a0e398db3f7d604471bfc35987bede8b5f245cf71562e0705226baa96e3f1dfab860dadbbbd88424b31751eed9af6c1a18f474c1e13c37822a117bed2
- SSDEEP
  
  3072:8DN2C3UO50wKw3LCms9PQcLwI2T2VtTzJUOuFBKEOnyt:8DkO5Gpp24ABPOny
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  bin/codecs/qjpcodecs4.dll
- Size
  
  164KB
- MD5
  
  df0956e61790eade21aa8ba5411831d6
- SHA1
  
  fd9d01c410d7ff5303646d09a3ebbe6e72064e04
- SHA256
  
  ca815f24c70637454092763c476360ca33fc131ed9e20a128f3e5e126972c740
- SHA512
  
  343d56fb88d7fd00c7324603ad2ba97ef525702fbab1e271c80d9440db318eef43fa52aba8bc835c321c00d580a770009fab466ef7ba6ebc9f857c447b5a4554
- SSDEEP
  
  3072:Vs3V/CaMQRPP/Di7jo6uxCwkbypV+J9ks+Xe5GOfh6x:il/COn/uf6aypVkk8GOfI
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  bin/codecs/qkrcodecs4.dll
- Size
  
  76KB
- MD5
  
  8bf8be47b7d1c6ea9e1b4a46e4c12de2
- SHA1
  
  74f3b09135c9c4509590cc6289edf8f2fa8c3386
- SHA256
  
  e08b32466d5a724e1af11ecd86dce79b981cc39081090eb65fddc0d608e8ebb4
- SHA512
  
  be1d4fc7c821dc9c8cf72613806a88dccf967ace8e4547b28894a0b180993d3c38315453111026e3ba6630056b60ea57ddb6a2c71b093f80b290cb4ca2df0df2
- SSDEEP
  
  1536:1K8w7ri/58oPBFpFZxsj2EpBWyt8onEEkYyhPbwkT3STDeVyOfIhmt:Bw7OB8oPj/wL0m8ondTwSTbOfIhmt
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  bin/codecs/qtwcodecs4.dll
- Size
  
  152KB
- MD5
  
  8194ff7508352f6d5fb77a874364a4a3
- SHA1
  
  f40e4f2b0b5664d58523a8b46a69af77bb4f417b
- SHA256
  
  fcbbc68d455ec4cafb3fbc3e891b442f740ad3916ecafe77fc7ccc01d4bdfe90
- SHA512
  
  7983774f452f12f11bae0c2bf05d26fefc6f375c1150aadc3a9e1f7e5e0890d3f16c7905322749ed00062c810bf339a8ebad2db54ab3b6e8c98d494db25cc0be
- SSDEEP
  
  3072:y3mAN+e60rV4Js9Y/SZKuI8HKdEYtriq7gReCsO+zrv1diL8KQ/GhXOfsx:G6i4Js9YqZKu7K5tH71OIL1Vb/UOfs
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  bin/core/core.dll
- Size
  
  115KB
- MD5
  
  316373abde9dd560975cb8ba7f793bee
- SHA1
  
  00027a1d88537fba615cf6ea3b47ac45c68c4e58
- SHA256
  
  366cef6ac37bd894c28ea4641e077355686113d405aee59db7744b4911f01874
- SHA512
  
  4efec249d239a870ec9d8dc8d246197b2ec6445dba1a87973ae4bdc7d9a9e5d5f2cf1d376602d00a211874be0782812638a4b1d61ebdcb8d4fe68ec0f4799c89
- SSDEEP
  
  3072:DCw4cMULu+sjovjb/1Zdc53TMzFYR3zOfmt:Gw4cMWu+0o3/1Zdc5hR3zOfmt
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  bin/filesystem/cdfs.dll
- Size
  
  75KB
- MD5
  
  4b1c96c85be3d4120dc12f27c80a4864
- SHA1
  
  414075f7f9daef2ef00b3e2bad4f0bad4c591c51
- SHA256
  
  79ca326e98c50f6f88142dc12ccf17dc5f9fef08f03cec6b9c6e614a2f87bfbd
- SHA512
  
  17111db8a9e05d6e3c4742d815f63728cf0c5cf8bd211121e7cbd869ca8ef186bd5b90a40ec4738338e2475734d750511734708c64a338bf260ab928da11a1ce
- SSDEEP
  
  1536:Y2X6MHpwNGqQOK+Uduf9j7IwOfeHUxL4:9X6q88Dduf9XIwOfeKE
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  bin/filesystem/hfsplus.dll
- Size
  
  50KB
- MD5
  
  1a2ef3e48c704a746c5f0db12ea5b67b
- SHA1
  
  b307a91f57f616d08dabf550f41b6c6e4b127565
- SHA256
  
  23f599058e32ed2fa906155ca0d5b3866943bb25eb32d384ddf4d71901980740
- SHA512
  
  5ad3296328b9ffed94ea9c0c5282d11caf975055ec54071f2e23739e03eeded13dbee27da52f766a1236cae43f00825e65bed5ef31532e01d82388ebc189b80a
- SSDEEP
  
  768:lxXJcrmM5MR2g8XF9biZwNtV5jgQEYxkG+Orl8ZSxtT7UVeJOfKdkbm:lBJcT5MRZ8GkV5jLR5pltx9UkOf5b
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  bin/filesystem/udf.dll
- Size
  
  59KB
- MD5
  
  805cd44b8bea7725c5b73f91e3653109
- SHA1
  
  f268f53f75ac19c7ecae57a877cb409a878b8064
- SHA256
  
  18648e73f3876dca78a2686dd1c39cf36b118bb206e1900f1219bb61b0c64ca5
- SHA512
  
  b391f32454f752e7022ce782bc49043df6deb0c83176eef30b4eab0e4df3522568084c566ca41a24b9d587a89d6b7999fadf5db7f0411dafcb34850c50660e3a
- SSDEEP
  
  768:CDIcnuNuTeyhMAdCAeUYcBvx17rg5Hu/l1pvOqok9uNvleftOfKdDC5Qjl:khMueUXg5He1pqUtOfOC5Qjl
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32