a2449c79c1407884ba2285eabce3cb14a4f72f3ca99a99f53bbc9bfc36f061a7 | Triage

Sharing

General

Target

739a6c28f7ec63dc6433a9c7a70cfbbe_JaffaCakes118
Size

3.3MB
Sample

240726-l7bp6avblf
MD5

739a6c28f7ec63dc6433a9c7a70cfbbe
SHA1

2232bf0a7b1015e8caad9d5848c13b94b300eec7
SHA256

a2449c79c1407884ba2285eabce3cb14a4f72f3ca99a99f53bbc9bfc36f061a7
SHA512

a22a690b526a0f589010bc96c9b13d2d463cdb653f57f866c996315bccdcfd398bf2506ab45da37fb2637cbf7e4c332a78a16b1aa32692598ea591f991dfdcbf
SSDEEP

98304:Piz96aT3ldYFKEcdgpK3OXr7GBD0Z13II44GLe:Piz80d2KEcB5oZ13Mde

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  DeleteApp.exe
- Size
  
  20KB
- MD5
  
  f2140cf5c640bda9d82e44ca240fe1f5
- SHA1
  
  4cf99c234f0acbf065f07966a97fcb6092d0e041
- SHA256
  
  1e812d57fa49c2bdd6beebbbf1e8d16b7aa54395855d9db2f7e8a59b2adddc18
- SHA512
  
  eafd5136a3b1d14d0c27ea0f965a101f752d2a15c9bf1e18ed51259426e70f67b0d1b342def30c197e6ead179a5be9c32c94146f55e26c7429f3f0e81e041833
- SSDEEP
  
  96:fDk2Z+SWjw6VFUBdzPc/SZSdapnf1KGUlIJd9oRPy/yIwWbB6Ci+xX3zB3wp:7p+nM2yc80oKG0IP9MPL8wCiiTBK
Score

1^/10
behavioral1 behavioral2
- Target
  
  Interop.MSScriptControl.dll
- Size
  
  14KB
- MD5
  
  f222a74ba13b38575727343d6b0659de
- SHA1
  
  8102f348cf790501a8e8dc129064e67c243ba1f1
- SHA256
  
  3c5ff53ef3ee67f3b3a3f6217598dd6149d2d2eb6ecdcfbe0355d3a106a717dd
- SHA512
  
  19b0337e9bf3761ac66d647edeb889f1274b30a61a505b16cae13b3f0247004e2f9bc94a5fbeb4e9f2cfa0ccce1a8320cb0c0fc9ccd85d6a1643c67881dcd48f
- SSDEEP
  
  384:QDiAMzAzRuuUORsWxxp8bZkSVHwLIKtkN69iN5ER6D:9YRuuUHWUTKtEx
Score

1^/10
behavioral3 behavioral4
- Target
  
  Microsoft.mshtml.dll
- Size
  
  7.6MB
- MD5
  
  5440ee9cd44616d60cde57ebdb286e95
- SHA1
  
  bb7635d6911311b2f3a637a2e9d8446fd0698678
- SHA256
  
  e3ba35c5572761c20eb59e25b2332a0cdfb726c48963d40291d7f977531e47a3
- SHA512
  
  4600215bd9788b30aa5a5038d6749aa294ca0d6d0063335979d2f4acc29af09967a9160bfd8a2ae093f7fcb95c80fd51ce832cb639354360965d0202a044e1a0
- SSDEEP
  
  98304:4pkg8hn8AiyAB84gPjKVuH62NhND7BMe8Al:4pkg8hn8DStD7BMe8Al
Score

1^/10
behavioral5 behavioral6
- Target
  
  NetWorkBase.dll
- Size
  
  53KB
- MD5
  
  c7f4f3ddfd7b2549a1fe2a3e24c07865
- SHA1
  
  4ca635901cf9203ac8d52bbe96bd621cc16d74db
- SHA256
  
  ba6cccb5fcf506c0cb3f591f571f883ad3b24738dbcde57f52716ea4648a59cd
- SHA512
  
  71b14d2910393a4559eb09533811a1c46c32b962636113c233bae69a770b7095013922623801e41b219d2ab8d8a1323b86a0a2e2c04598bfeb48f4bd85e2718a
- SSDEEP
  
  1536:Wlz20Wq+OqBOe+AX0qIUoc1hlwMT4icHD:OzIeqBOen9oc1hlwMTDcHD
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  RefreshIp.exe
- Size
  
  689KB
- MD5
  
  6b5d1d12adfeba6e981dc8b8af96b98a
- SHA1
  
  ce8c7ee718569c34a7eec9057a810348fc3e4f45
- SHA256
  
  84aaff43e77214a5c7b9c01e2c26bc66b0043372e5cee8ce174aa2ba2d580a98
- SHA512
  
  268e481c1ea213a4ba48b9f95fcdd35b8bdf3881b96adce605357e514880f51fd17586e8940eb830cd4bb1bc9db93b2f67256e30b2eb0c343ce21e1b88097e5a
- SSDEEP
  
  6144:eHUJAgGe/Gmb0RGD5vCptkSmXJMKXSrbdP4Pn3vPN1XHeD2sAc9fgu:ekpGo/9wmK2sAc9fg
Score

8^/10

discovery
- Contacts a large (712) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral10 behavioral9
- Target
  
  ZdDll.dll
- Size
  
  76KB
- MD5
  
  90e5636adb054c905894e34cd385f57c
- SHA1
  
  95387fd0f3c4806d8a2cb7fc47d5895a478b91c2
- SHA256
  
  a3d7fc9e699edcd6433522dab62a1b70424f8dceedc61e41e329497774df3f8c
- SHA512
  
  2a3a9e70a894ca806ce8a4eeaa06e3af3263c49e524d6554ff7fa7990c692ed1d39e5ee0fbcdb6c0b3e04513960f16e96a77b5addf390d44fb3359ff972c8c8a
- SSDEEP
  
  1536:uwhg48xYdi2YFcD59tvpVRSZcUbXSSCoWkaw5Q3Yj9sNIoP3:uwy48xYdRYFc5QhNWkVS3Yj96IA3
Score

1^/10
behavioral11 behavioral12
- Target
  
  db/新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral13 behavioral14
- Target
  
  help.chm
- Size
  
  117KB
- MD5
  
  fdd5bb2042f8d0a177056eee4af1eec0
- SHA1
  
  f905d12dd7204579173ad40cb0b901f88a9466ca
- SHA256
  
  5e48bfdec7cb32f1d82aa23454d72c46391b29c7f1c9a76342b22064aa5f10e5
- SHA512
  
  39c746392ffcb86c1b9a915353d1bc3aaa271cbffec3eac75f393b40ea36abab6a9d629c7e809eb59a0583cf690d27104499acef136d56468764aac72ee0dfb2
- SSDEEP
  
  3072:0aMj3bJv8+8WlTDbTHEPhO17i9TbiuZG/itUgM7lVhOQ/P:0HbJv81MHbAg76ZG/ieleyP
Score

1^/10
behavioral15 behavioral16
- Target
  
  智动软件 - 站长优化推广网站好帮手.url
- Size
  
  1KB
- MD5
  
  484c2548241910b42b6935299e80f2dd
- SHA1
  
  cbd579f84e8e2a73e2ba07ae657da50f510bec9d
- SHA256
  
  ddb6b67d272fcaf69de9f2a9215c382b11da7ba990be3859291b6d922aa916be
- SHA512
  
  26bbfe39cedfd66fd7e28df731e973b9ea3274e36865a149f5f9c13a868989192351eaf8aa355b45584c70b86113e5b068657f470ef58518190a9b8113e4b509
Score

1^/10
behavioral17 behavioral18
- Target
  
  软件中心 - 智动终级刷IP工具 - 智动软件.url
- Size
  
  272B
- MD5
  
  5cf9d3e66e39b321952fc992f2795d5e
- SHA1
  
  af89c77dac2460304febac8cfda25173729dffce
- SHA256
  
  49cf1deaad3f2939f27b99945de84af3f47d18e48d63e8c47f1bfa7c881b5147
- SHA512
  
  59e1f0d1c7c3548c54d0b4b4111a7831ce70217253210466726e8b04eff90591e2704aaac5cc58139e8c8c45e18907001d243f94cc57959d92dfebc2be668aa2
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20