Overview

overview

7

Static

static

7

2d411289e3...18.exe

windows7-x64

7

2d411289e3...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...el.dll

windows7-x64

7

$PLUGINSDI...el.dll

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d411289e3482e763e853efe22e65f12_JaffaCakes118

  • Size

    970KB

  • Sample

    241009-jck91athmq

  • MD5

    2d411289e3482e763e853efe22e65f12

  • SHA1

    99f68d564c07caed50e0f34f6f53947067036764

  • SHA256

    684f1ff24fad2b1d24f99b1aa773deceb26591df1c09cd41583de718995dc0b2

  • SHA512

    eddd16e60f89860dc67079833ce8a17ed6da628f9c44361cbe829026962f691dd89d6cc2f85dc3f8b0de7a8abc04ef2a329765118ed3b780a59e77a8e40ebe1f

  • SSDEEP

    24576:hreGnJz8QlGGjNG9uI6lVbbdAg3KRqdm8eyLFi8Q/GGjNG93IR:hKGnJz8Qlbeh6bG8m83M8Q/peYR

Score
7/10
discoveryupx

Malware Config

Targets

    • Target

      2d411289e3482e763e853efe22e65f12_JaffaCakes118

    • Size

      970KB

    • MD5

      2d411289e3482e763e853efe22e65f12

    • SHA1

      99f68d564c07caed50e0f34f6f53947067036764

    • SHA256

      684f1ff24fad2b1d24f99b1aa773deceb26591df1c09cd41583de718995dc0b2

    • SHA512

      eddd16e60f89860dc67079833ce8a17ed6da628f9c44361cbe829026962f691dd89d6cc2f85dc3f8b0de7a8abc04ef2a329765118ed3b780a59e77a8e40ebe1f

    • SSDEEP

      24576:hreGnJz8QlGGjNG9uI6lVbbdAg3KRqdm8eyLFi8Q/GGjNG93IR:hKGnJz8Qlbeh6bG8m83M8Q/peYR

    Score
    7/10
    discoveryupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/SelfDel.dll

    • Size

      4KB

    • MD5

      7cff7fe2caea5184d98c147e7e263132

    • SHA1

      21f39d3d0dd5f7198d67ef30e95d10ae3460093e

    • SHA256

      281c39b733579e031c62bdd247b41543ece1fe3bd6eda26fc8ad474b10f33101

    • SHA512

      fb1161b8571d1d0c67e2df0d571b08f5e7a73f81409aed847344154d02406910629181bcce4e18e998ec472f51a6a1b40d956a010abdd10e850413aafa87808a

    • SSDEEP

      48:CzHDh3jgWMynQfXKsJ3eAn67wN4VDm0pmoZSeJY8JTaCILFoyTFS7lWsaEaSueq:S18WMynkXKOOATEVUPnS7s9TShqTM

    Score
    7/10
    discoveryupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/nsProcEx.dll

    • Size

      56KB

    • MD5

      ff14d70a6c90b112506bf14ae445e135

    • SHA1

      17773989ac198358a0ebbf2b37cdbe70b7b41005

    • SHA256

      f67b4cef69dc193d458b752a10f9fda6dca94f865dabacafbf7298925e21c03a

    • SHA512

      1277a066c7de67fdcf148d77804e2d4926e1ddaefd35a852cb334fe1925c20491ffed18d172089025919de3de478193a8edb7b6ce72e008b5acbed2c4eb27e65

    • SSDEEP

      1536:n/xNmGeTvvYJ26ZL/YYVeC5JeKln8NcvEEXAKn:p8vvYJpZMjcJsNcvEEXzn

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      8f4ac52cb2f7143f29f114add12452ad

    • SHA1

      29dc25f5d69bf129d608b83821c8ec8ab8c8edb3

    • SHA256

      b214d73aea95191f7363ad93cdc12b6fbd50a3a54b0aa891b3d45bc4b7b2aa04

    • SHA512

      2f9e2c7450557c2b88a12d3a3b4ab999c9f2a4df0d39dcd795b307b89855387bc96fc6d4fb51de8f33de0780e08a3b15fdad43daeaf7373cca71b01d7afdaf0c

    • SSDEEP

      48:6sG7qYBUYBFxhRwYCI0owYlOdkPm4LYZ5sRXEv26vqAa4GEVu:HhYBUYBL0Toa7+Q5sKG4GEV

    Score
    3/10
    discovery
    behavioral13behavioral14

MITRE ATT&CK Enterprise v15

Tasks