462ef03cb4d341042bf3b9c81b3a61cadaaea78e892ecd005bb83627e70c52d5 | Triage

Sharing

General

Target

8275337624b2c795196952c0ef0f22d1_JaffaCakes118
Size

4.9MB
Sample

241031-kcqp6avern
MD5

8275337624b2c795196952c0ef0f22d1
SHA1

428eb0782db702dec199a4e94612503ca3725494
SHA256

462ef03cb4d341042bf3b9c81b3a61cadaaea78e892ecd005bb83627e70c52d5
SHA512

7f8a3078b0cd6ee8f5bcedf9aef23752fe426e2d8a8c3776ad1fccb9701a8e4a0028f8e793b27e00329ec07f1258e0fd0bd8f54e65cda2813c34407777049762
SSDEEP

98304:Cd3XojrQtXI4df9JboClUu9ryj9+9EkCiceJ3oVD2ULJA4znVoW:aojJ4/+MUEAkCic62DVVnVZ

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  8275337624b2c795196952c0ef0f22d1_JaffaCakes118
- Size
  
  4.9MB
- MD5
  
  8275337624b2c795196952c0ef0f22d1
- SHA1
  
  428eb0782db702dec199a4e94612503ca3725494
- SHA256
  
  462ef03cb4d341042bf3b9c81b3a61cadaaea78e892ecd005bb83627e70c52d5
- SHA512
  
  7f8a3078b0cd6ee8f5bcedf9aef23752fe426e2d8a8c3776ad1fccb9701a8e4a0028f8e793b27e00329ec07f1258e0fd0bd8f54e65cda2813c34407777049762
- SSDEEP
  
  98304:Cd3XojrQtXI4df9JboClUu9ryj9+9EkCiceJ3oVD2ULJA4znVoW:aojJ4/+MUEAkCic62DVVnVZ
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/DLLWebCount.dll
- Size
  
  28KB
- MD5
  
  3d320f250297fe1dd1ddc350fa154b3b
- SHA1
  
  9236e354d2fe2b9f25a36f1ba686f1f2785e0b26
- SHA256
  
  f1ed5586759eaa6e5edf92bc589b0812620a3d48db3724c833b1fd9ea6c837bb
- SHA512
  
  8e259f6025080180fedcf13b1493910c20242d02c1776a84a79c8ff1aba00ca64873b251578000867bbcd129c46503470e364817afa267bb631e0d47ef31366a
- SSDEEP
  
  96:j4pe13nQHmwy5PFlufG/cg6TGkB4iuGBudGax+suQHV:j4I1XZwy5NbgB5NYdbX1
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  07f3b3445f66e1089567796bf3c8be78
- SHA1
  
  851eb574c1067b23a654f8aa47b17ef599b24d1c
- SHA256
  
  a505e6c537a5ce0166227dda9f7671605395592ac9f1a3764e8a01b713939db1
- SHA512
  
  8c56308fff3a947b26fd0d98dbdd96c406ddf967f5d7abee8cba082b6c46a4e575094bb0bb981551ac5160bb5089cf6fb125dd17a659c427e28c07402adab1c3
- SSDEEP
  
  192:pzi5iBjGHp29db9Dd+w6VPESclh3I8dYvwqu7hwbbHF1QuCb:pO5kjGHSDdgjo6pvwqu72bbMum
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  32KB
- MD5
  
  83142eac84475f4ca889c73f10d9c179
- SHA1
  
  dbe43c0de8ef881466bd74861b2e5b17598b5ce8
- SHA256
  
  ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
- SHA512
  
  1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
- SSDEEP
  
  384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/ServiceBlock.dll
- Size
  
  24KB
- MD5
  
  8592853112ae45b942550ff1b3b3ccd7
- SHA1
  
  62535e792ec4214cd23651116acbb61d5c0bf848
- SHA256
  
  dc8696d38e17a131d4bbe66dc8b7e3a6ad164df67fe37ddcfab3a50ae5b60835
- SHA512
  
  ce232f32a8f17b5b88fd0f794ee691dd0b70070a7b6c9d9eb823de6613ab5d39297293539c8cf75b3c8d20f62b8e689c28ab0fb8d5bfc46765e80b0bac58330e
- SSDEEP
  
  96:8FfsDNGK1iz+O/lShRh9GxEI81Jud1OG3aRe/:ZDz1iSYcOGJEO+aRe
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $SYSDIR/ff_vfw.dll
- Size
  
  7KB
- MD5
  
  1e1770709f96f56ca37f34e33257c04c
- SHA1
  
  65b98c90a2177f778ecddf008bca1b0bcc9f0d4e
- SHA256
  
  76d835589ca8334c2cf63c237cd7e5239263227b2a561ea8ee44b8824093796c
- SHA512
  
  322227c47f19aa2e9f3c7ba0a18f470ad4c0a93f0ddd58244104474fe2004a8c4d8dc0d4c28e87c03cf6ac10c1132d8cf8614f257a8f59fe136f03c935142075
- SSDEEP
  
  96:DC2GSKINLa5mH5hl3bV+xqx4fbnMJv2RpGWb6pdYwsU9SM4OX2:TGsNW5MhtRHZJvWnupdYFUXX
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $SYSDIR/msvcr71.dll
- Size
  
  340KB
- MD5
  
  86f1895ae8c5e8b17d99ece768a70732
- SHA1
  
  d5502a1d00787d68f548ddeebbde1eca5e2b38ca
- SHA256
  
  8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
- SHA512
  
  3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da
- SSDEEP
  
  6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $TEMP/cfcodecdelete.exe
- Size
  
  68KB
- MD5
  
  c0d7ab0f61a060bc1f485621e2b48cae
- SHA1
  
  55f070de22d60421e285051290476fe3e485d487
- SHA256
  
  6686f66867b346b510297f9498b1688f30b77a6bf53e6acab78b1777c99d6aea
- SHA512
  
  d4eacb9e4537b2dd331440a964633239f16ef903374857b22ca723a3728bc245ab6b5c73e696ecd3d8b552064d46d877665cd6db3410d421c35624cc8dbfd2da
- SSDEEP
  
  1536:0JRE0MupgohzRg60D9mJm1w/Z4Roz+88cyqaLEYdVN25+Qavr+:0Xu/MVID9mJm1U4+8c7sNzQki
Score

7^/10

discovery
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/FRNDelete.dll
- Size
  
  24KB
- MD5
  
  8d4f8e9e897247e7bf1a1963e24d070b
- SHA1
  
  c1feaa4db159a478c99fe8cc109c7a10fb014130
- SHA256
  
  3a07e930d76f9d3f06749461dc13f781af6db0290561d27e9cc3c24a516e417d
- SHA512
  
  33ea7ce9aa342d64c1c182e423cb0d2e19b44fc1769bbb5e70a478028cae28e3a3557470fb827d90dcb253ae04b75fda82bf70fd1183db210f83f90e2d1280cf
- SSDEEP
  
  96:XknWmdJvpymFY0oPEGFPiizXZWvqZhjzL/XzLvIT+dyU9LRulYjbEz:0hdJBymq06h6iDZbLvL/DLQyvdRxjYz
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/KillProcDLL.dll
- Size
  
  32KB
- MD5
  
  83142eac84475f4ca889c73f10d9c179
- SHA1
  
  dbe43c0de8ef881466bd74861b2e5b17598b5ce8
- SHA256
  
  ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
- SHA512
  
  1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
- SSDEEP
  
  384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/ServiceBlock.dll
- Size
  
  24KB
- MD5
  
  8592853112ae45b942550ff1b3b3ccd7
- SHA1
  
  62535e792ec4214cd23651116acbb61d5c0bf848
- SHA256
  
  dc8696d38e17a131d4bbe66dc8b7e3a6ad164df67fe37ddcfab3a50ae5b60835
- SHA512
  
  ce232f32a8f17b5b88fd0f794ee691dd0b70070a7b6c9d9eb823de6613ab5d39297293539c8cf75b3c8d20f62b8e689c28ab0fb8d5bfc46765e80b0bac58330e
- SSDEEP
  
  96:8FfsDNGK1iz+O/lShRh9GxEI81Jud1OG3aRe/:ZDz1iSYcOGJEO+aRe
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $_6_/divx5/DivX.dll
- Size
  
  700KB
- MD5
  
  9b76cfec2236efbd731b65155f24a7a0
- SHA1
  
  0870748afd2b7a535fb6eebb4858c70e7464449b
- SHA256
  
  017917ef5b77ce8862224ace4afeba095e8adfa4db467d554d6f555949dd7717
- SHA512
  
  2a968392b239de33b72484109832ac6cd9cb94bf9e3a31f36a0d5afb4b806767235f8d15cf88112954246b5824d0d3e5f48635895f00e6d2affb9a52d507b787
- SSDEEP
  
  12288:wbmQnhgqDZ1BpWyk5wveNJ5dHN6Bk8umRgRCuGzYjuGTExCkplwcrQ:wbVPZkyveNJrN6q8lD6juxCsKcrQ
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $_6_/divx5/PSIKey.dll
- Size
  
  1.2MB
- MD5
  
  521d996daa9845cdbd66db1cf84e4834
- SHA1
  
  b6fea32f8ef2aa599932b016ebe35482940821a8
- SHA256
  
  60c9d7edcd84c0a98f3386e8b7adebf1c24c62af2b3faa121e72ad293d93e9f0
- SHA512
  
  77b0c2c8fa067c352fd6d58e7e56bbd5d881f3dd502e750dfc370d780fdeb312c35087563869eb71a4532ff4895beddbb8f0a20f29388587dc1b03584d435ea5
- SSDEEP
  
  24576:+phpMPO4FnkiCuVexgXm1zUnQOxKy9ogOpE23flSY:tVkiCWeK22NozE23flSY
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $_6_/ffdshow/FLT_ffdshow.dll
- Size
  
  8KB
- MD5
  
  1277ca6f87b4f0493a2ce7f87dc2ecbc
- SHA1
  
  64fcbc616f82453e8ea69ea6906cb79f0fc7da82
- SHA256
  
  09bdfefee05c552965121714bec2248ade23fd4944c2e8059b156cc965e38861
- SHA512
  
  12ceea0b52c1b4ca20d0f35e4c9795385dd25895b52f009fca972c591f11c97fa69dd1954e4d9162d3e4e6bf88ee56ae514e5a1d871936269890889158941e4b
- SSDEEP
  
  96:NwpsqrfujWu7EPAvE2oR/Hp1RzeFgRUhmA6UFBFq2VZV1op3rlCek3uqQs+f:TqrWjOPA8J7ze6oOeXop3rlR4+x
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $_6_/ffdshow/TomsMoComp_ff.dll
- Size
  
  196KB
- MD5
  
  68c6966b2b085080a91a84e92d388fef
- SHA1
  
  ef3f3eb19fdc997ad2ddffb2235bd14a39bb0a37
- SHA256
  
  a4044da0e213eef0d8bb402e882eeb7177c4058ddbf157b7c931a81a40275883
- SHA512
  
  94e9c1ef86d70f0934a10c11794a800eed6958080e6ee9efaa0d156afed00775a2e7fd22590964a98b9574041d356d4cd664b89ff8c68da57fa2b63aa5dd5e90
- SSDEEP
  
  6144:91hMv86wxu8nrr33333333nn33333333nH33333333HH33333333:9cE
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $_6_/ffdshow/WinCPUID.dll
- Size
  
  56KB
- MD5
  
  22eb46911320614e971c05a21c649837
- SHA1
  
  35ee160ccd5edf0bf30f19ae2cb923e4c5b0d6ae
- SHA256
  
  55dc7047acae697ddb1cd0b912fcf9d470ac5eacefa2fcc7c8cf2a6c37ada202
- SHA512
  
  722a172c96065e81661520bb215838243bd9e4744bdb42e5f2c8e5fc5a746292ad75d114d1476fbdbca7b8f04b8a498dce93b2f1d52475f6392a90d8580605f7
- SSDEEP
  
  192:Y5DYsH3bLcNrl7eJqKMiYQ708BVC/qqBfv68qU1DWhSsp6nah5:S/6J7ErMiYQ716/qqByU1DWxh
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32