7c0d306612c847441041510b50458e7236260de6dbadae1d8669f9c6fdd3a0cd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70bdd48cfc4c394f51cd51289f7eae15_JaffaCakes118
Size

5.0MB
Sample

240525-d7ta7sdc2v
MD5

70bdd48cfc4c394f51cd51289f7eae15
SHA1

af11f31db640a5b3ec83412042418e6c3916de3a
SHA256

7c0d306612c847441041510b50458e7236260de6dbadae1d8669f9c6fdd3a0cd
SHA512

2b12a74b0f2d66ac64e05a08370df766b65c61ded74e57a8e961ce1a32ebc0b4f2fe9ddea8dbb699724f28f17825e24b92b9072a2f63a64874db6fea35738180
SSDEEP

98304:cosIGgFJvF4rzJaQ8MoHRO9cbbLzzT0qhhAwAavtRcJj3tJq6fVfjq2KwgPPUg:rpGgTdWtoicbbXsqhZztRI9vq7lUg

Score

7^/10

upx

Malware Config

Targets

- Target
  
  QQ号码在线提取器_se.exe
- Size
  
  4.2MB
- MD5
  
  70b9d55795138b6d00658ef032508d0d
- SHA1
  
  696d2b4e9135a3b3bf3153a6dc7198e428e7015a
- SHA256
  
  6d892c4c5903c6663e0174c4b006a338c161dd7e979b5cc74a875a77e6f12f50
- SHA512
  
  d585bff35d451bd976219d3e4203b3392e9fd917ce934605f617c7be55afb08657e05b938c155af14bdd8f2fc3a7abba3ac3c9ee71cd48cf320925502167abaa
- SSDEEP
  
  98304:DYqdwkLcHHms4QpI4B3hmb6/G8pOAikCT1TpLu5/BRZpZ:DjANpRhGryzCRFS5JPpZ
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  SkinH_EL.dll
- Size
  
  86KB
- MD5
  
  147127382e001f495d1842ee7a9e7912
- SHA1
  
  92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b
- SHA256
  
  edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc
- SHA512
  
  97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d
- SSDEEP
  
  1536:s5Np2dgZgIehUUS3E1Ujmrvl179D53UWnGQRJZiXRmrCnKptnouy8K:s5Np2dlUX0+Cx17F8QRJZKmOK3outK
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  下载说明.htm
- Size
  
  3KB
- MD5
  
  9bd1ac9ead8eda95e8284f12ddba89e2
- SHA1
  
  44ad2b426711da0bc122d500b9117808385bd406
- SHA256
  
  54198ae94a082537ca82686954de11084ebb050917b65871fe1639c2c1a308b8
- SHA512
  
  e94611639a7396705f684055fa762db261bbaffb2d7b459b1fddbd44d25358b3bb3111ae84a8bc444388f26908193fbfa79c232570f52a38f1c49fb57b322850
Score

1^/10
behavioral5 behavioral6
- Target
  
  使用帮助(河东下载站).url
- Size
  
  216B
- MD5
  
  6a29fdd9a578559f631bd0c0919539f2
- SHA1
  
  7ba1e243d907b6893f798dbd6169ee057e4845e9
- SHA256
  
  6592450b9c9233d6d1a751020b3514bd20512d1224983c774e633ab2dee7b2c9
- SHA512
  
  6eee5fe42d1105523e0555ba90f6a98237293983238a80342a62bb7dc1cb1a5b00081a447ae3a0d36f67ace197f288315f816f6da9ea27457753efb625793cc1
Score

1^/10
behavioral7 behavioral8
- Target
  
  自动更新程序.exe
- Size
  
  1.7MB
- MD5
  
  96783e2116da233122f9ec277bc76d6a
- SHA1
  
  794f1f02eb2d926db4dfb95c5ce481ef4f534910
- SHA256
  
  47d66e8854c29f6e1e604716d1b2a8a5eed3287660443db3de55732d0bd47dbf
- SHA512
  
  ea50b9b407e1e5a1641257618cd1c1bdd4818a620e9aa957f477cce14c40ff0236087b44855400300e24128706ef64a69b9bcd6150696f83503473122df05791
- SSDEEP
  
  49152:QWO7eDSgXkGfUmcyWN+dKn54vzYBDbUpeTTGdrCf3:oJgXkS4yWN+oS7YBDbUKTJf3
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10