2db2257ad689c4df62b1b53df462cc1200136a43e2d500e3a2331965d3248890 | Triage

Sharing

General

Target

JaffaCakes118_8101be7a724ddef1fe82800468e42ee0
Size

10.8MB
Sample

250320-dd3msavrs8
MD5

8101be7a724ddef1fe82800468e42ee0
SHA1

dc34eaeebf1dd7c47dc6a89d118c2ed719bf256b
SHA256

2db2257ad689c4df62b1b53df462cc1200136a43e2d500e3a2331965d3248890
SHA512

adde0e9c1946c5c457c2b630dbf00e6b0269e7a3128e61cc6c11a1360ed68ae76cd4a87924d73d86201067c32d9b6759d6db2c9db3fda469b9b529ddc041e2f8
SSDEEP

196608:rDv9Y//yWUpr3U6rcUoqsNlSEb7z8IsSKebhQO5cz53m/7/sxthiYdK:rD1Y/aWGC1qelbZsShQOY2/7/4h3k

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  JaffaCakes118_8101be7a724ddef1fe82800468e42ee0
- Size
  
  10.8MB
- MD5
  
  8101be7a724ddef1fe82800468e42ee0
- SHA1
  
  dc34eaeebf1dd7c47dc6a89d118c2ed719bf256b
- SHA256
  
  2db2257ad689c4df62b1b53df462cc1200136a43e2d500e3a2331965d3248890
- SHA512
  
  adde0e9c1946c5c457c2b630dbf00e6b0269e7a3128e61cc6c11a1360ed68ae76cd4a87924d73d86201067c32d9b6759d6db2c9db3fda469b9b529ddc041e2f8
- SSDEEP
  
  196608:rDv9Y//yWUpr3U6rcUoqsNlSEb7z8IsSKebhQO5cz53m/7/sxthiYdK:rD1Y/aWGC1qelbZsShQOY2/7/4h3k
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  9384f4007c492d4fa040924f31c00166
- SHA1
  
  aba37faef30d7c445584c688a0b5638f5db31c7b
- SHA256
  
  60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5
- SHA512
  
  68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf
- SSDEEP
  
  48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/OCSetupHlp.dll
- Size
  
  438KB
- MD5
  
  4ee046f5575445eb226859128fb08e9e
- SHA1
  
  8397cfa9d2e40bc2513eb883bfcf3f5027754a5f
- SHA256
  
  0c3ed1fb985377ade4008103765b389ed83bc4a6cb2b3ca375a4a5f023519166
- SHA512
  
  122ba35fe4acbc86895d6d5215c96fba0b711ce9d262748c5eec2f3c160994c43fd7ffa52714dbee744efe8181d70a9544eeab97e7b7f61220c6c78107739087
- SSDEEP
  
  6144:aVhp3y+QqV5epuEAwXDf//3/rP/cqx7kMK9RdkXbRsSfFedkTmWBQFJd62WCvGiY:wozXDf//3/D/15kM8sLFGUmWB6JdTG8I
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  OpenCandy/OCSetupHlp.dll
- Size
  
  438KB
- MD5
  
  4ee046f5575445eb226859128fb08e9e
- SHA1
  
  8397cfa9d2e40bc2513eb883bfcf3f5027754a5f
- SHA256
  
  0c3ed1fb985377ade4008103765b389ed83bc4a6cb2b3ca375a4a5f023519166
- SHA512
  
  122ba35fe4acbc86895d6d5215c96fba0b711ce9d262748c5eec2f3c160994c43fd7ffa52714dbee744efe8181d70a9544eeab97e7b7f61220c6c78107739087
- SSDEEP
  
  6144:aVhp3y+QqV5epuEAwXDf//3/rP/cqx7kMK9RdkXbRsSfFedkTmWBQFJd62WCvGiY:wozXDf//3/D/15kM8sLFGUmWB6JdTG8I
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  SWFGen.dll
- Size
  
  836KB
- MD5
  
  a013f3a21b0d2b4d0488a98fb1dbc363
- SHA1
  
  6ba30b26190c1ae10d296f8ba95734be3425f1d7
- SHA256
  
  93e3a967b6432305c05408c8475e2e01559f525d1fb702f59dfb5de2a63564ac
- SHA512
  
  f7290d912a445338f6d38f4246b821d69170da4b0f42065e417ecdbd53d20c73f8faaafec37a0667adbd338ca50af172b45c2f6122c1b4e4f01ca3421742d835
- SSDEEP
  
  24576:aj568CCqwOm9VFDN7y4EuRtty8AvFiGWBlB3lH/:51iGWnvH
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  flash4dv6full.exe
- Size
  
  1.6MB
- MD5
  
  8a81c6d21ff606ce0f6105d3a0eadb9b
- SHA1
  
  3a399f299b0c9ba7261a4976b9755e8eb56126c6
- SHA256
  
  abca96e44832b6c93e8598f8267593b2d327259101a6bbb76dfc61f08de3360d
- SHA512
  
  8a511e330b506792a31e2433db4222bd3a2c724e4a2790fb66efadf3c45e3db488c770132046f5a8eaece03698fc8995c75b0029ab25e788f7a00233a6384bca
- SSDEEP
  
  49152:q66rB3rilLxBTgb6PsjpdVuhOLvPtexGmTcf81:q66clLxNCpdGO5eaY
Score

7^/10

discovery
- Loads dropped DLL
- Drops file in System32 directory
behavioral15 behavioral16
- Target
  
  install_flash_player_active_x.exe
- Size
  
  1.5MB
- MD5
  
  e5d432398b0483e010a4a5cc31cc91e6
- SHA1
  
  b0fcb309f78281f49cd192d2825d045695722842
- SHA256
  
  f0cada832e9d2e923bbf76f803e5fa53cfc956d5594a7308985b85dd460ad31d
- SHA512
  
  8eab6a9b0ea2dac8e601fd60e689771cea4c357e4c14d001de86bc20c600da32182af5cc4549dbc5a6cfceddb3afd111cce6911e2a0d29b407e94f86f29bf375
- SSDEEP
  
  24576:xLAe58NVmvumzyNeXmQ9Z/ZLNUlAZlab5hDHDjRDToFvxeXAi:hAe58Gvn2eXmQdZTZlYfxTkI
Score

8^/10

discovery persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/NSISArray.dll
- Size
  
  17KB
- MD5
  
  2b8574f6a8f5de9042baa43c069d20ba
- SHA1
  
  07959da0c6b7715b51f70f1b0aea1f56ba7a4559
- SHA256
  
  38654eef0ee3715f4b1268f4b4176a6b487a0a9e53a27a4ec0b84550ea173564
- SHA512
  
  f034f71b6a18ee8024d40acd3c097d95c8fd8e128d75075cc452e71898c1c0322f21b54bd39ca72d053d7261ffbab0c5c1f820602d52fc85806513a6fe317e88
- SSDEEP
  
  192:YAFuV2Ow8mbPNnDSnYJly4RX+VGeSDlsGUlyGaWNn3B3/WXZWsQs5PaqJ7En/5U3:YA4V2Jb1nDSnc+Zos1lP6Suhe/q9l
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  16ae54e23736352739d7ab156b1965ba
- SHA1
  
  14f8f04bed2d6adc07565d5c064f6931b128568f
- SHA256
  
  c11ffa087c6848f3870e6336d151f0ba6298c0e1e30ccddf2da25a06d36a61fc
- SHA512
  
  15dbfcdc5dc34cb20066120045e3250f8df9e50b91de043f2ada33ac0235907d98668e248828a7ed9c75e25dfb5103b7248867530ce73ee36f6a35c30b4afa9f
- SSDEEP
  
  192:HO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1a8gMO:GKAFERdlxhGRYUzqZa8
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  68d73a95c628836b67ea5a717d74b38c
- SHA1
  
  935372db4a66f9dfd6c938724197787688e141b0
- SHA256
  
  21a373c52aaecce52b41aebe6d0224f53760fc3e5c575e821175eee3a1f7f226
- SHA512
  
  0e804deab4e647213132add4173c1d2c554c628816f56e21e274a40e185d90254e29c8bfc6fbfdfea2a492d43d23c0bfa4b276252a3f5e1993ab80ff832c4914
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/fpinstall.dll
- Size
  
  8KB
- MD5
  
  071b6233c92f69ffa1c24243328c3b94
- SHA1
  
  bb583c00e87cdc65e6254c7148d37afc1bbb3095
- SHA256
  
  5f6c63cb0ba539d692c5461730f057d0ec6c60639d772fbdc3753c3c6e746c43
- SHA512
  
  7fc2db406350488ee86ccffe1e99a91e0f509ef0429063336bf6f96aab07127df352db77fe9d00ddc3aa2db7886dfbac08b6acf6a5c647859956111ca47c24f1
- SSDEEP
  
  96:hluI9zRsuDjadgtA/L0XN4thAQ3y5k+29JdGn4GXONgYi0cXGburui:i0+uyRi4thMk79TGn4mdrXGbJi
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  e5f9d339d035e054e01648b4a00f8502
- SHA1
  
  cce01d02210f0480393d9fc5289fa692ce7f34af
- SHA256
  
  181d9ea85a56693e005d9991115e0d4179cf6bd0c18be71b19c69a330df70507
- SHA512
  
  4af944a5a5dd7cea6a375e5d12dbf8be8bb6e8c60ac174d688f295aa6b2bed09fe686ee4c213fedb6013b58252a53acc7553a8e05e12deebebc6e466a4839f1b
- SSDEEP
  
  96:GjX1XJX70rn3jud5ClMdOfHFI2NaeI0u1qND1qN3riUTEVX/cL1+:GDx1Arn3qd5ClyOtIs1uUhUZriUTEVXa
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Flash9f.ocx
- Size
  
  2.9MB
- MD5
  
  48fdf435b8595604e54125b321924510
- SHA1
  
  e13d25bdac576e95e9134c3f95f0f8cbe94d6185
- SHA256
  
  7fcd80f7f56a841a4c5ef950afac8991da71ba9eae82f20db2954c7b4b72efd9
- SHA512
  
  86a59d83cc3d39b752b7a9c98e79b3f8fbcca66087926f026aabf5453bde83321928b77947e2aa5f625a53dafc89c0bf224daa7ce004b1851345abe93c6e83f3
- SSDEEP
  
  49152:f8CC1JS6n1kypaSNOda/z4FvB015y5S2kQjNQvT4eKfSh5zuSevTTJR02wi:UZ1E6n1kyTn/zSvF55kGxSeR7
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  FlashUtil9f.exe
- Size
  
  213KB
- MD5
  
  5abe08eeb790d2322565dbd11bf70a19
- SHA1
  
  c8c1447dcee8d47087a8f938560fe81ae9613b59
- SHA256
  
  14ea495e00e05c476f2af9965c6137bc744518f7241e6ac922a0da295b9c8c51
- SHA512
  
  0aec04ead0e26af98d495372423e607f252a345d9406398b9f2a960df525a6839e50a0b2751c57530e19b852c2fc5cb03585429e9ba8c1b15fad7bdb8944e4ea
- SSDEEP
  
  3072:E6QVrXP86KMobr+ALqWRRukTBf1OuJuISr2j8Qka3XCvHEIQvC:lx3LJRNTBNOESrvy5vC
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

discoverypersistence

behavioral18

discoverypersistence

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32