f5ecf00ecf5687fe7185befcc65ba0267d5f445b4274586143f79903c320665d | Triage

Sharing

General

Target

a7adc76435e2d2a6484a792656efe23d_JaffaCakes118
Size

1.8MB
Sample

240818-wrn1nazemq
MD5

a7adc76435e2d2a6484a792656efe23d
SHA1

789832e9072de0093c16429cab1acb96c34136c8
SHA256

f5ecf00ecf5687fe7185befcc65ba0267d5f445b4274586143f79903c320665d
SHA512

496fd401b55fd4b79ff4583a8b3c1ad481347988b879515d3d0594b6c6cf51c75ea251d971eeb0d6d9f2fd8fea29e2a3dce397e357db17e3813c5f30fe996d84
SSDEEP

49152:qrmtlCWHjHa75ad1jyEJhXhYi8b8ogrzjv7Ock9vKu:wmtlCoza75adVhXhY9g/EtKu

Score

7^/10

aspackv2 discovery upx

Malware Config

Targets

- Target
  
  Windows蔷薇管理修复调整专家/Clearance.exe
- Size
  
  239KB
- MD5
  
  0358c74da1a0b0e2c5053850687cc748
- SHA1
  
  47a43f718473c3291f395f64b0fc2015d63a27e2
- SHA256
  
  57cc83fd917659b6df4b1ef7c1d777cfc4fc11f8d6514f1cebb60413d0d45279
- SHA512
  
  4a71b271ee26cc84ef3604e569715a56f8c6b10597b121e96bec08ec7a963585061543b49a1d188c69ef88ed05380c56fe82a39344f32457bfe240cd270c6ab6
- SSDEEP
  
  3072:Nxrkr26tFPku4LR22DxFvT+jzjRmd6CMxGTWWS1MWtdxAgo230:NcsJLRfdlcC+GyR1rw6
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Windows蔷薇管理修复调整专家/ExtMenu.fnr
- Size
  
  84KB
- MD5
  
  9b8706015e94089d777d3d37986f1151
- SHA1
  
  719ca126bf72b153af2ff7c667d8dfcd07148934
- SHA256
  
  b7f4d1d5b71d74e76d8c26bdc87c0b8f28927b77f54d5dd4a3397fe724ee2890
- SHA512
  
  1f3db401e7ab1db51b531e00d4ba2e1ca82d093d0121d25a4db4a0cb056ea40b2b4b99dac68db49416f96eefed9ba9b295bddd6ebe0f7e7438e8905a8df20f7f
- SSDEEP
  
  1536:+U61t3h5VnWS2IxC6fA9/XhlRtooCMxgO0mTLlr+eFZpcs3Aga:+UO3vVWSMK2XhldCagO0eLwEDcsw
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  Windows蔷薇管理修复调整专家/Lock.exe
- Size
  
  46KB
- MD5
  
  24f2dd99b2ca892c8b87579f35500bc6
- SHA1
  
  b734bd954d3304c2fe2a3dc4f7a63a740804474c
- SHA256
  
  8a0250af57fede23635429b99a5243fb14a6c6ed704de96c8bda63308995ebc5
- SHA512
  
  c090431e19dde9f8f5e2af371536b81ba9567760db1a960910ff94ffa5cae9f96e836c9806fac10fd867d927503af719ea69638d5b53db360aa0f6ac391d5cd1
- SSDEEP
  
  768:Itha9d8QXxxTjDb5KYaYZ1N54p70OJ+5xIdeVUc+Z4Jlr07ypE:Iy3ZxxMYaW3W3g+Z4JlreypE
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Windows蔷薇管理修复调整专家/MSupdate.exe
- Size
  
  248KB
- MD5
  
  c539f133d2b482accd5340d93d4ea494
- SHA1
  
  8689a6cef36080e1271ad61d9c84732ee75f03d1
- SHA256
  
  3e86669890eb8ec28b6f0a60bd09a85ad5aafaf956e73cedcad9d8086be437aa
- SHA512
  
  8c51d8b24d3ecbb666cac967463476b005fa9705dca92513fddd3dc20f7b5d446367b41ab16733853c8daceb48dddac1bf42807c709e3f255a0518099511047a
- SSDEEP
  
  6144:6X6kMnGsOHiE9VSwl4l834J4Nt44s44444D4444Q4444444NlAlrTgV1Hll:6XrCGs1yRAe1
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Windows蔷薇管理修复调整专家/Plugins/DelFile.dll
- Size
  
  15KB
- MD5
  
  c6062ed392ec59ff2067b623f613a380
- SHA1
  
  23318619263b71cd778d6bf7b1ea0f54d363101c
- SHA256
  
  051b8e4be89ffd12460a2bfea9389235c5f103f8ac5e26542360d85f1caeefdb
- SHA512
  
  1b3f3d832b6f28517ae839c63c949e0db42d8042e51dcecd78d09a54950eb7765de8ef9c02de4b9f3c1519a5f70385546a293315fa955255e92e7e2f950f15af
- SSDEEP
  
  192:0opahvTFKtq+ffKoKJ5tA25jV25lu4YuXGoaa6z+ELrAvx6thgxdx:0opahvTF+ffKoKm2dY5DYuXGbaLEi
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Windows蔷薇管理修复调整专家/Plugins/MD5.dll
- Size
  
  49KB
- MD5
  
  3a5fa1fe2118f75b70ee9967ab31ad6f
- SHA1
  
  8b91fab0119387e26dcac4b789593b162d9cd83c
- SHA256
  
  5a6badd006f3a7bb7ed419a17a86b41a8ad07ac01449549467612667c6baafeb
- SHA512
  
  685a8df21f089cce08fd43182726e32b0fe7327c7b46ef5fb2f322f5bd7f67c3f83d4dbb98deb7c28cb37090c6dc70b535abb80d8e62906d87c14481bdbfe645
- SSDEEP
  
  768:1mg+ZhgWJQw7kyhOtgWssILpBNEORz7KBJFnndTfrpjKQ75BlaqPEns9rSflKWxZ:4hwM1hwgWYLHNEJ1dTfljZ5BQBUSf3h
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Windows蔷薇管理修复调整专家/Plugins/Openlock.dll
- Size
  
  15KB
- MD5
  
  30f44003533cac77248653e3bb16be03
- SHA1
  
  92eefe9421c51d6eabd09a8bc3b410e0d290a1de
- SHA256
  
  7c23e8da432b127c0b7c1568343757db8bd6efe4dcac6b0fe508cb88b1de1ded
- SHA512
  
  9d199bd51a1455fdaa75ba52a0af0a2bde6f389b90b60572843e1a519d9d34269afb23796cfdba27cfc3e7788f0fe9a29d7f6e10caee7b92d6b1aeb37a335280
- SSDEEP
  
  384:90UTnCBWt3CqoElmw4yuNJAxNr6+S9Pfu7n5:9yE31zlusxgdeV
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Windows蔷薇管理修复调整专家/Windows蔷薇管理修复调整专家.exe
- Size
  
  504KB
- MD5
  
  13096251200748b0d4aa4e68c6733592
- SHA1
  
  28b4869b8e3667465ac7a8740dc955ee56b9fd45
- SHA256
  
  290e054172cc3bb84aa659353eb84c8d8ceeff3be12404d5fbd334ba5e36f325
- SHA512
  
  2d5d257d5fb0fbbe11e2db66f3fccad1b2f9536b166cfba56e3fb921227b441871f51068dcb73c3ded9a818d39319304927e00e586c1fd65a192c61082b1b805
- SSDEEP
  
  12288:xNn+dAUJ84h9hAB5nDqNhckGQzKe6Wxus:xNn+1JlmB1qAkGbeRX
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Windows蔷薇管理修复调整专家/iext.fnr
- Size
  
  93KB
- MD5
  
  ff554bc520ce776e6dff606ad457b930
- SHA1
  
  f780b9a20421e946e4d4aa2f398b27f93731d465
- SHA256
  
  7adc09ab7abe47627abaef749422d36a4745d1ee4b55b338093134e708081c81
- SHA512
  
  f5d2d979c7c2e002a0c659837c0e75b512795692afd8670e6499cda92f79d10dd72f95f216c702f0870319fa826fc490be6cebf1bef1656062e441bb42a8d332
- SSDEEP
  
  1536:0L6tqE5maq/HNv9M/nJq6LFxUIs3Et3efQ9T5/Q/Nv:0L6qaqYvJXkY3FT5o
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  Windows蔷薇管理修复调整专家/iext2.fne
- Size
  
  211KB
- MD5
  
  79bd193e7d6e13f75aeaf5729e7cc7f2
- SHA1
  
  afcb50ce48468059f5f7af7e68bb93824211724b
- SHA256
  
  9d18d0f0100c3fbe10fc0382eee9aef78e049b2419ff38b7487ddbc339aaf627
- SHA512
  
  279e7802aeb26e389acf7d6f8687c675f937a0f2243b2234ea0a8e4097894953c3d0fc1e24a2e83805cca360a88d5ec21d4622ed75518236a25048fc681b4f70
- SSDEEP
  
  6144:QtQAX2EPbznbPVvTr/MiKVRLGAoKgkkLdVu:smERr4tdoFBru
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral19 behavioral20
- Target
  
  Windows蔷薇管理修复调整专家/krnln.fnr
- Size
  
  448KB
- MD5
  
  7a4ae7f76a7f63f54a952cb6a09733da
- SHA1
  
  5db6c8e5127c633e50a7753b4eb62ba3f9e4729b
- SHA256
  
  b31b39f999fcabbf77cf76178480a46571e1369e91e50eb3a02f8c1e6c537325
- SHA512
  
  106ca76cb154a619eb05eb37228c01c26e19b06c9a546e8400a70e40996c6e50c931821af8b2afdb93584e2c4c6742c345ec81316b368795b2f727d5a81f9144
- SSDEEP
  
  6144:DVnNlFC1W0HcdnVtTdKO++lmV9E+0ANDO6T8BdbTFp9dzVKraIH00eR7DZviq3v:FhC1W0QnXYO+RxJaBdDLVKZ00sDNiq3
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral21 behavioral22
- Target
  
  Windows蔷薇管理修复调整专家/safe.exe
- Size
  
  10KB
- MD5
  
  290d3c5c668f7f46005fd4c1c06359be
- SHA1
  
  33ac695cdc5ea91fd8e83a8443075c6830191199
- SHA256
  
  52c98801ef5e5f1b09f366e7cd3502860758dc8d63f9f0a541537d439e64702f
- SHA512
  
  93cb0ef6b92442e6a077689fb0e5a6af571849339c9fccf7024fa57292c06f352eab0b5119fbe2b813350a7d407af4695d94cafe2a46ee9a0ceee9ca9d097ae9
- SSDEEP
  
  96:W6yAq3wQt/Nzq62FBxr6QCVWp8eC1g+jICKSxSksAzzIVPf7O2Gz9gYG/jjCtJpL:W6MgrxrbKLjlxSkuPTvGzWh2pk6qlsX
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral23 behavioral24
- Target
  
  Windows蔷薇管理修复调整专家/update.exe
- Size
  
  292KB
- MD5
  
  00ad24197225105483da747fe4b36c28
- SHA1
  
  ee9e9295dff2c509b3a0e974d56889d20083b757
- SHA256
  
  d9fd42522719aec8228c42835adc1dca570ada721c6fdc9e7f049acc9ee3f3f4
- SHA512
  
  464292e53b402414d612d0805bdc8136ae151bcc0574535b5a75077a0857c88d440b4518d5979732d6d29f86145673e4beea53f54438e64c6a8f31357aaffb26
- SSDEEP
  
  6144:IWHkxww0ny74Hk9xDfJ//sSk7K6ZDQnFlllkBF4444444P44h8XEepx20:IWZzcOw5xXKpZUnsHE4x2
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Windows蔷薇管理修复调整专家/新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28