621f646fc179862feb1a1a2557e3e10561c1b8dfe673d0bb0e1bc365331b3c80 | Triage

Sharing

General

Target

552ccebe1ceb972e667a506d15305095_JaffaCakes118
Size

698KB
Sample

241018-dreswatfkb
MD5

552ccebe1ceb972e667a506d15305095
SHA1

c84cb86f31f0e69ed6f14b0bedee2ce33ceb252a
SHA256

621f646fc179862feb1a1a2557e3e10561c1b8dfe673d0bb0e1bc365331b3c80
SHA512

71a74651607d6682aa2b8b5f8b2ac24c6f45c23768ea8013e20223928012a6927ad19aad25e8ad0987d22eb27d1adb11d7aadc2af958455bfdfcd15326002c34
SSDEEP

12288:pC3akvzGv2pxQcXlxPmJYWq1/pc2H3JZ1OeIaEIgTsbO/PVqUtQLld:pCfGojTgm1pZ/Ozwes6/PaLld

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  552ccebe1ceb972e667a506d15305095_JaffaCakes118
- Size
  
  698KB
- MD5
  
  552ccebe1ceb972e667a506d15305095
- SHA1
  
  c84cb86f31f0e69ed6f14b0bedee2ce33ceb252a
- SHA256
  
  621f646fc179862feb1a1a2557e3e10561c1b8dfe673d0bb0e1bc365331b3c80
- SHA512
  
  71a74651607d6682aa2b8b5f8b2ac24c6f45c23768ea8013e20223928012a6927ad19aad25e8ad0987d22eb27d1adb11d7aadc2af958455bfdfcd15326002c34
- SSDEEP
  
  12288:pC3akvzGv2pxQcXlxPmJYWq1/pc2H3JZ1OeIaEIgTsbO/PVqUtQLld:pCfGojTgm1pZ/Ozwes6/PaLld
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $0/uninstall.exe
- Size
  
  78KB
- MD5
  
  490071c63a8583c44546421214809399
- SHA1
  
  f2268f3629b25b73b7f3ad984d867be01c19a670
- SHA256
  
  8f75ba9703c28b460025e05615222ed2b31e5eed829bfbab30bb029e873c0c24
- SHA512
  
  00301e21a10071a875b41ab8dbb715fad81af1c28f2badc8d2580b7b40ef52315fbd4af5e1e9a33c2070c3dc5c818632f0bed98f6e46d0869a3859997e12425b
- SSDEEP
  
  1536:PEkjY1zy214Qay0DGkJ7qAELVigJGo5hcpw/1q792sX7Ia12/DY:8kjAJ4dDGkJ+AI0bo1qRka0/U
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  13KB
- MD5
  
  d765c492c21689e3d9d61634371fd861
- SHA1
  
  ac200933671ae52c9d5544d0e2e8e9144d286c83
- SHA256
  
  551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc
- SHA512
  
  9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f
- SSDEEP
  
  192:9B6RvrfvOuJQDghBy/X7QKq3TLGciZJf0EzWzMnz6WoF1dBs:v6RrviWaX7eiZJ7nz6bB
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  fe24766ba314f620d57d0cf7339103c0
- SHA1
  
  8641545f03f03ff07485d6ec4d7b41cbb898c269
- SHA256
  
  802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd
- SHA512
  
  60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3
- SSDEEP
  
  192:rO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1aMBgMO:yKAFERdlxhGRYUzqZaMB
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $0/zwankysearch.dll
- Size
  
  576KB
- MD5
  
  98a963e32a3e5f87bdb231025e61f684
- SHA1
  
  a56a923f8aebe6ec51316e1a385772fcd5abc2f6
- SHA256
  
  2954d2753fbf1ee2bda174f7f76a78435f7149b03010dd5f563eccc8abf8fff6
- SHA512
  
  34a84b9b69c48e3c62f1eda52d3f670b68a8da22ae2bb15de3ddd183f6c96c64cfa143b90340d176fff1f73b71a6cfc0ae035408f8e9129ecdcb5e7a9e957de8
- SSDEEP
  
  12288:c4rnMnpelAMI8GIkxBLO3QYXhtJD4XFDC7dfeRG0CgIdH:c4rnw6AZ/O3QYxtJMXFDUdfr06H
Score

1^/10
behavioral10 behavioral9
- Target
  
  $0/zwankysearch.exe
- Size
  
  25KB
- MD5
  
  f9ad165d8967009b916b4fdec3466528
- SHA1
  
  48ce3da6ab0f3a053036c40da1082c00202957d0
- SHA256
  
  62d2098e86a466502beadb00537bcedc66a13b5c3363be2bde41c113f8188cb9
- SHA512
  
  f46a40748be0ad5f7b894d364e9364ab6877466fc74467dc1e674df1d0be5c9fc1404ea3de6b0dbd8eb40a50d9bdae32616ba00903afa35547964dbdcea834da
- SSDEEP
  
  768:sNhPvQNTYI1XDa9D31jVLQcnvRBqkBalwq:sNhPvQSI1XDIDvLQcv3Slwq
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  13KB
- MD5
  
  d765c492c21689e3d9d61634371fd861
- SHA1
  
  ac200933671ae52c9d5544d0e2e8e9144d286c83
- SHA256
  
  551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc
- SHA512
  
  9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f
- SSDEEP
  
  192:9B6RvrfvOuJQDghBy/X7QKq3TLGciZJf0EzWzMnz6WoF1dBs:v6RrviWaX7eiZJ7nz6bB
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  fe24766ba314f620d57d0cf7339103c0
- SHA1
  
  8641545f03f03ff07485d6ec4d7b41cbb898c269
- SHA256
  
  802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd
- SHA512
  
  60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3
- SSDEEP
  
  192:rO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1aMBgMO:yKAFERdlxhGRYUzqZaMB
Score

3^/10

discovery
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16