16e5c5d4271c78542e244da68903c3f6f88903130f8828cb53b7700310fd24b0 | Triage

Sharing

General

Target

41ccb88b7ae2f8949a3ac9468d856991_JaffaCakes118
Size

7.6MB
Sample

241013-yqj2esvhrh
MD5

41ccb88b7ae2f8949a3ac9468d856991
SHA1

2ea6029a432658e805b89871e21f0a4b3849a25f
SHA256

16e5c5d4271c78542e244da68903c3f6f88903130f8828cb53b7700310fd24b0
SHA512

e0f58d673afdfde2c8c4b792669701cf5bf4a849deab9b6881fcb6b5a3fb5bcd3f2d02d4a732dd16d0ba3ee420db2622eaed4525b7bf6b36b7013cb433e16a08
SSDEEP

196608:wj1DQDPxrj6k4AWLvaYRzaldEG1QlCHuwCOetbOj:yKDPxrj6cYSgzCdEKuCHhCOehE

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  PSeMu3_Setup.exe
- Size
  
  7.8MB
- MD5
  
  093f121bc18675daa271f1e523423dfe
- SHA1
  
  f0689527f1c50518508e1867f2f6c54f24b486a5
- SHA256
  
  1031d051994a8ea3629cb0056039cb54fc25ff56b9cef59c441f92f8bb7c37ea
- SHA512
  
  08d9c489a51746abe988988b14ca07768930981b056e19b44fbea25b017ce4e638dfd5e297dcc98635af0863e8df1ddb2829f224e65933b4eeb89f8c2b449da5
- SSDEEP
  
  196608:wMx1dCpfJPUYQaWL8m3V8TkI3xXs2iTc73tadqEURuzoLmI2kg0xVH:wAGpfI38ml8ocX04zt/EyMoL52kg0h
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Banner.dll
- Size
  
  4KB
- MD5
  
  0116a50101c4107a138a588d1e46fca5
- SHA1
  
  b781dce23e828cf2b97306661c7dad250a6aaf77
- SHA256
  
  ab80cf45070d936f0745f5e39b22e6e07ba90aa179b5ec4469ef6e2cb1b9ef6b
- SHA512
  
  55de6aeaad05b01a25828553d3ea9f1b32a8b0c35c42dc6106bed244320e3421ec6a6f5359b15f9d18dd1e9692ca5572b2736d9d48cceb07b9443601d00a5988
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Math.dll
- Size
  
  66KB
- MD5
  
  b140459077c7c39be4bef249c2f84535
- SHA1
  
  c56498241c2ddafb01961596da16d08d1b11cd35
- SHA256
  
  0598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67
- SHA512
  
  fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328
- SSDEEP
  
  1536:0P43WZ4Ql60gam+2MwRmPeqFVHbQH0ZZ1Iet:0wU609VMH0T/t
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/inetc.dll
- Size
  
  20KB
- MD5
  
  e541458cfe66ef95ffbea40eaaa07289
- SHA1
  
  caec1233f841ee72004231a3027b13cdeb13274c
- SHA256
  
  3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420
- SHA512
  
  0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c
- SSDEEP
  
  384:b1JO6XgZkjxm+NpXaWgzxUX//EUhU7ya4LQ0Ac9khYLMkIX0+GBty3Sm0:b+6Xgsm+NpKWgzxUXnEUhUua4Li70
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/md5dll.dll
- Size
  
  6KB
- MD5
  
  0745ff646f5af1f1cdd784c06f40fce9
- SHA1
  
  bf7eba06020d7154ce4e35f696bec6e6c966287f
- SHA256
  
  fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70
- SHA512
  
  8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da
- SSDEEP
  
  96:GL2PcvGn5olZMTZxEp8agTsflVwn4GogZcko5N1ub:U2Pxn5UZMTZipyaw4ZkKP2
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/xml.dll
- Size
  
  118KB
- MD5
  
  42df1fbaa87567adf2b4050805a1a545
- SHA1
  
  b892a6efbb39b7144248e0c0d79e53da474a9373
- SHA256
  
  e900fcb9d598643eb0ee3e4005da925e73e70dbaa010edc4473e99ea0638b845
- SHA512
  
  4537d408e2f54d07b018907c787da6c7340f909a1789416de33d090055eda8918f338d8571bc3b438dd89e5e03e0ded70c86702666f12adb98523a91cbb1de1d
- SSDEEP
  
  1536:U2A8OSGjylgkara+70LICin9zgtg2LxowhtJu6MqSNicNEtIfF42q2KC:OzjLkarn7O+n9z2L6whFtGF42bK
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $TEMP/dotNetFx40_Client_setup.exe
- Size
  
  867KB
- MD5
  
  61446fdd76788229d3ebaeabe84df38c
- SHA1
  
  e15ad80fc74277ef2048312e9a71af56b2eba622
- SHA256
  
  6ac187b96ce2c03640cfff2431a36f705c785a42aba6dd2566f1117652f067cb
- SHA512
  
  2c781ff3eedb81dd9b670d0b50032f3a498d581734f97a3c928d0919ed8aaa12327ce87a8e16f7e11aad1740a4912109ea4e7b6e9bb39d57a72e165cf561b716
- SSDEEP
  
  24576:atW4x8xgmUdUcyezFSjahBaNOMGC3UgJuTYdIMlM9QVmcIOLfEdjJYV:B4x8x1UGexmbcMGC3U3MlLVmczEdjJY
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  MSCOMCTL.OCX
- Size
  
  1.0MB
- MD5
  
  ecc7d7f0d3446de36045d1d9e964fafe
- SHA1
  
  da6b0ec081d628c33b150327f3bd16d3b7fa4729
- SHA256
  
  bc58d624ceea02ab086f1cce809c992bf5a7105e88931853317a2f5aa5afd6e4
- SHA512
  
  443de697be9886cd97235e6468f3a7f6bf11612711e54dba31431b0d9418672e1434e839ed50cacf28107f692f0c9d9d2f57d90e3a843d81015d459c180db632
- SSDEEP
  
  24576:s0LiK1d6dxOehwsj5dC33M/jYVRDSfaF0gg1CVGO7oVtNKG:n6dAehwaY19G1u7+Ln
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  MSWinSck.ocx
- Size
  
  106KB
- MD5
  
  3d8fd62d17a44221e07d5c535950449b
- SHA1
  
  6c9d2ecdd7c2d1b9660d342e2b95a82229486d27
- SHA256
  
  eba048e3a9cb11671d0e3c5a0b243b304d421762361fe24fd5ea08cb66704b09
- SHA512
  
  501e22a0f99e18f6405356184506bc5849adc2c1df3bdee71f2b4514ab0e3e36673b4aecbd615d24ebb4be5a28570b2a6f80bd52331edb658f7a5f5a9d686d10
- SSDEEP
  
  3072:YXMqLvIP75rTTK/h4KtBfqXKPRPRU6/OYqF3+8/xHvd:YDETTq7xPRU3P9
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  PSeMu3.exe
- Size
  
  2.7MB
- MD5
  
  57934f7ac78cf4357baeed50e25298d5
- SHA1
  
  62a1de326b9df0c2580277adf0a32576c5357849
- SHA256
  
  bda42dd8bcb7a0752fa60fb43ac2c96e274398f4bc95e7eeca474dd6ed7651fb
- SHA512
  
  add995dcff909529c8eaf9822b930068209a46a29d87607c0cffc7e6ff1fff11f42bb56c07df42ff0ba3d867f120eac64cf6e0b0ef24f8b733dee1f4a96eff49
- SSDEEP
  
  49152:ofyU7Hvvl6k8AJvw+tP8D0ap5447CaLQAH9C5H:oawl6eJvlp8D054ma1o
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Plugins/MSDOS.dll
- Size
  
  33KB
- MD5
  
  76074dc82ca16b4ca2080924b7ff2f3c
- SHA1
  
  d472795d3b8858dd286ed5a87aea6d75e3b3404a
- SHA256
  
  5a711912404794038f463a9ac4308ea14393d9e670c26582a8850298c3970a88
- SHA512
  
  1c122f82370211fb3c130d85b0f215486988a6d766e81d69490bba95cc4e76c2a23d52d3f2ce75cb87fe046d0ec3fd840f5c3b1f42c9e489456f7c40288223b3
- SSDEEP
  
  384:MPljpbm3spfqLGm3Ick1b7eARdCp8bde1rG8zntFjbwOt5Ave:MP/bnfiIwARG8Je1rGaLwOtq
Score

1^/10
behavioral25 behavioral26
- Target
  
  Plugins/PA12.dll
- Size
  
  87KB
- MD5
  
  d25540d0e8730e9f0b1a515650478a1b
- SHA1
  
  bf25489ed089f46f35c6157096a9d1913e383867
- SHA256
  
  a30d9208556d9bd0027644184572c5e0bfaefbc8b556840f8fac18b9cd50c093
- SHA512
  
  f15c7ec1ff5918fc12564a108892ee26fa2398c66cca98b748c78a4a0090ad0408e2690ee4e7869704683f9f6879a5975e4123eb799aca1a51fc643af6601d05
- SSDEEP
  
  1536:KWhFlTCpsQTi5S/MB6BA63KhcZjqxIktXLrMkDbk6nQOWAw:Pepoennd+tXLrMkDNQOW
Score

1^/10
behavioral27 behavioral28
- Target
  
  Plugins/PUB2220.dll
- Size
  
  1.5MB
- MD5
  
  f6c9754fe3e41a659cbf48efe8a9eda1
- SHA1
  
  69c80e6c3f7d5aa5d74dcf1915c89606ba13056b
- SHA256
  
  a5f732939a70fb4182bf3f1e8f678668af45359321c15564d92fcc0ba1320436
- SHA512
  
  a30e8e1e832912500d8ba529dd0c853a65edf1cfd829ef40083c9b06f33cf59d348d583d814457af40dcc0cc581fdfc5929a4dbf0a2857910210fd999b90f30a
- SSDEEP
  
  24576:92oogNmb42MBPmlIRYsPbZ73JaPAgwtaHIvBKoE78U0yIivDskc35hDbyEGjxL8/:9b9NpAEUP3ldXxA7
Score

1^/10
behavioral29 behavioral30
- Target
  
  Plugins/SSX.dll
- Size
  
  70KB
- MD5
  
  ec8d6b45188c5c424ece4b10bb63034f
- SHA1
  
  cc1299b5b8de36ccae8898169aac9a04dfa663c0
- SHA256
  
  07d2f49c27c7cc9792fb6359b66ecd031d6b3c4bfd8897c8a6a4e0f6dad20c71
- SHA512
  
  e98bb3f4a98522c13611ee6abe4edf5853d57a2b9f1b17450b6db729e7898e84091c8dbc0055119cc740701be75e939294bb8729b3a2f6c0e01cdb48e7b0e9b3
- SSDEEP
  
  1536:jHYkhfFxiAGGO2KM4XGt+4mw1/RBJEs1:cibbKMOM/Rjv
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32