9b4132dc6450ed5ae51529a7834a835ed40931454635f181747036858389e6cc | Triage

Sharing

General

Target

05fc8f26c07b1737704787d9c4809ff9_JaffaCakes118
Size

493KB
Sample

240620-pncpws1gkq
MD5

05fc8f26c07b1737704787d9c4809ff9
SHA1

b616bca8b5b772cf354917fa5993fecbeef5f981
SHA256

9b4132dc6450ed5ae51529a7834a835ed40931454635f181747036858389e6cc
SHA512

d278aa151165a9a0387451a287a174c4e575b670ecbc3f1f7932feefb21560af637668ce6f6eb04b3f34e4365dfb572c25ddf3fd8f226ab0f713d8fdb173abe5
SSDEEP

12288:j4SIfpu6VI5H40YQDKqZJiohKx8a9HMYDZoAM3:j4SIfpu8I5cGzJYlM3

Score

7^/10

Malware Config

Targets

- Target
  
  RsBaby109/MSWINSCK.OCX
- Size
  
  121KB
- MD5
  
  e8a2190a9e8ee5e5d2e0b599bbf9dda6
- SHA1
  
  4e97bf9519c83835da9db309e61ec87ddf165167
- SHA256
  
  80ab0b86de58a657956b2a293bd9957f78e37e7383c86d6cd142208c153b6311
- SHA512
  
  57f8473eedaf7e8aad3b5bcbb16d373fd6aaec290c3230033fc50b5ec220e93520b8915c936e758bb19107429a49965516425350e012f8db0de6d4f6226b42ee
- SSDEEP
  
  3072:9PdIuG8UvahsdcYX3UI2EuJ3im/ZCdady+RlTp/VYq63+sB:9PBUyhsdEI2++M+RlTHYL
Score

1^/10
behavioral1 behavioral2
- Target
  
  RsBaby109/MSWINSCK注册程序.exe
- Size
  
  24KB
- MD5
  
  71f840255a2a6bc8a33d32269cba8952
- SHA1
  
  b316c401b69a94d0e9a65cc82832f52f23897ee3
- SHA256
  
  cbed0bcd1807ed4aeefbd3e34b000ba28e19ed47d526feb36a212f1dc2c4c0d0
- SHA512
  
  34456be7fc5e4978391ef31611044f64f619d6f2fcfef753fb4b1ee20efe8dedc96c4c9c28b7170aa5e1bb65dfae893ec11e524a790f919405323780bea4fe4d
- SSDEEP
  
  192:ijefEbB1yK9c+3OJ9M85svQzr2kmluhSUz4P9cD9S1iWy:ij1bB1ybJ9MEH+9cD9SMWy
Score

7^/10
- Loads dropped DLL
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  RsBaby109/瑞星升级宝宝.exe
- Size
  
  451KB
- MD5
  
  f994f8d2bbfbc4e9d69c3dd18956080f
- SHA1
  
  e6d0b18c348fc65fafe69f8c805620e535a1bf9f
- SHA256
  
  6fc8b3786a5d389b180b4e3bc5e4ee793fbb61a409ffb44dee7d931665cdea55
- SHA512
  
  be70632a9904725b566e71978e1aa9fdf5926d1b4977ee8ecc62cd738fee85c181c7c9482c44544dacaa227664fec8e85ef13e529b8bb92911035750bdf60849
- SSDEEP
  
  6144:Xxq16Bx+CatbJ7gRsd1cNwPLvoqg0R2VhPefm0ToUIJr96tfGwJU1E+Ud3JBQmI/:hwd9J7Q21c2obY7Vw81JUipdZBQmIymb
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6