1a4ab48b0c383f135de4a04de9d17f8f4443ff66334e94a27de1bdd45a4f8763 | Triage

Sharing

General

Target

d04b14e40708073953431bdbdc3dbcbc_JaffaCakes118
Size

2.6MB
Sample

240906-x3s97athkg
MD5

d04b14e40708073953431bdbdc3dbcbc
SHA1

cbdbf105431f78e2bb898da0de26138b737091be
SHA256

1a4ab48b0c383f135de4a04de9d17f8f4443ff66334e94a27de1bdd45a4f8763
SHA512

efc365b3a92f5ebc7f2d83771ef2b29efaf6c3a788ff27eea50724d1fab77c9a8b0f2210f337f00a46647c84556a0c2b118a88498fe34ab5665efae56f42e669
SSDEEP

49152:snjCI+BogCsJaCRfe1FyoL9JjgAQ184tCYRO9j:snOiLlCRfe1goRJjGvJO9j

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  mphairsetup.exe
- Size
  
  2.6MB
- MD5
  
  415864947e27daa6a0a9053683e7d03a
- SHA1
  
  8bf735bec9a438cd919b49ffe0787a123e567865
- SHA256
  
  2d83bd5914f4e75721c92b0b6b43ee655db3d41bbbd4a8856eca72d5bfc48e19
- SHA512
  
  e0ffe9f05afd5241d037e8296b7f7a75948b17db78c3c320a43da42175a37f0d2067f982f5627925f31a65526e2070110bb9d6b87b60f81dab0ba9614cca87bc
- SSDEEP
  
  49152:7MG+cENCyV94l4zoXUH9gK330Qx7hvv5BTZC1vjdwU:7yXNCyP4EoXUVLvRxQvjdwU
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  4c7d97d0786ff08b20d0e8315b5fc3cb
- SHA1
  
  bb6f475e867b2bf55e4cd214bd4ef68e26d70f6c
- SHA256
  
  75e20f4c5eb00e9e5cb610273023e9d2c36392fa3b664c264b736c7cc2d1ac84
- SHA512
  
  f37093fd5cdda74d8f7376c60a05b442f884e9d370347c7c39d84eca88f23fbea6221da2e57197acd78c817a74703c49fb28b89d41c3e34817cc9301b0b6485a
- SSDEEP
  
  192:6KdqJ4Bhf1mdCMI26t510swClJOeFIsm7F1QuPs:6KdE4zAddwR0swqOeFxu
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/advsplash.dll
- Size
  
  5KB
- MD5
  
  ca60ae514320a0bfc4991c1fca3dc4ce
- SHA1
  
  c0d7db92c979d75233db185f18dee0c9518dd8ae
- SHA256
  
  08d2283396141ae8222c6959a0e1b4f75a75a3f2643b33d6d1c9b90d0669c606
- SHA512
  
  8e2d00909828b2f527bed1d2dae39e991142091cda8e80fb512ef2790fdd8146e6222dc1a98730af864b1437eab9f0e881e9adc3aad4e6c67f840dc3c4115a3b
- SSDEEP
  
  96:+JVdCWbnbRurMwGFhcIeJaWBkUhW9dfrZ8:+t1bRKMpn+NGUhW9Rr
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Mwic_32.dll
- Size
  
  172KB
- MD5
  
  8cec16f685a11d0bc4df581fa75a957d
- SHA1
  
  d404b5d4ae873ef82d107dc47e809dea05e15d58
- SHA256
  
  0e811f22887ad9eda7ea2370c02fa32e71116c86ee7d408ffa3a3f68da0a2471
- SHA512
  
  423b052b4f993806b90b5d412beadbc07dc1f2fec5bb71e7301df2eb0a02f9572cdf6dac479af4df2458fa78afbd7b02e8148e22e6f0de59fd21b668489b4908
- SSDEEP
  
  3072:f7qs0DOV8MTId5gD50FfEWTwAw9cJ/pDonpk:Dqs0DOV8To0fEW0/9cJ/Ok
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  POS58/pos58_2000_xp/I386/RASDD.DLL
- Size
  
  425KB
- MD5
  
  d187053be3d5afe38b14bd80e1284997
- SHA1
  
  b765496c4cedb7d0fec79cdc73da130dccfa6313
- SHA256
  
  e0709dd910e84b38ce11ee141f1e21061eb48484a8356c4b012f3f5572fe40d8
- SHA512
  
  f98100eb114789f4397126fb9cd3e98fecfe68cad981a88640447a71dfa2133514e15d2d8e6f480d251654b4fc0507a6b5d4af7e3bb48f4717b42491b042230d
- SSDEEP
  
  12288:f0ortbP0Hd3EnD5IBaqGE2z4UYksDWVcToX:MortT+d3EnNIKt4UIqcTo
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  POS58/pos58_2000_xp/I386/RASDDUI.DLL
- Size
  
  80KB
- MD5
  
  cf88e3e16b1b96a91b8ce807045665d8
- SHA1
  
  c5d5c9b950f36360755adf6484f9888c7f156b56
- SHA256
  
  fd8653846fa5587c6aca6ca00357d8a0ff2d711d74cc8129540a552557b14219
- SHA512
  
  6f0f4e5820b8e0b76582dbe4fc6c1914e39a83939150f3dee7ab45454aaf9f6a2af403a817f0ee1a67db30a4e212ede3efec31fd9b9d3b4c3f029e4b8e0003f2
- SSDEEP
  
  1536:KRJb5V4cHz98X3md6qdhtVZW7vOki608MbNjcKfCgpJwiKupY+aLSfMy959g1LY:c3V9VThzkndM60wibY3Uw
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  POS58/pos58_2000_xp/POS58.DLL
- Size
  
  20KB
- MD5
  
  2dfaafa80d8c6a7b26050186d1a5ec2d
- SHA1
  
  8dafce2a55563a094eb90aae2ddb555995980aa7
- SHA256
  
  5a0e9c04809ec6a26cbc2c1bb62a04300d650442ea3014d2a755379269c00893
- SHA512
  
  4603ccad20756cb78dee904472c9475d4fed05e3002c4764510c59d1ed053f897725596cb7f332e199f5e4346a6b6f550ca93bd192ada13ee464e8ce8113cce6
- SSDEEP
  
  192:jhoYWS4Wx7IR8oDVYiU1UqwUqTj4O7UlfMrEfgcgBlFqpk7jVZqbdu8kHUfHwGs9:jhnWS4Wx7YDgPqTsOwZYo67BmTsZnVK0
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  POS58/pos58_win98/DMCOLOR.DLL
- Size
  
  17KB
- MD5
  
  a4325003c6cb7b4632654c4b8950ce4a
- SHA1
  
  f13e9afcc9d1d8592f26ca08c14924c7220f9bc7
- SHA256
  
  1de3922cb0c94a73d83ce47c2b873ce5b9028428b38ebc9a392411b82d37a469
- SHA512
  
  f51d34330218810e660da2528c7afe7ffeee718d09af7e3491ee9c6180b079056c4458517d5d4d9f7d6ef180d64de10db8269fbc5e969a647acf1f4e3f08bbd2
- SSDEEP
  
  384:HA6qa+InnSt61TR3PonbfJ4E0PGm/8jShGCmF0p8vD2huCQ5dhF06K1t:Hvq8nx1TR3EmEClhGCm6avD2hHQvhZK
Score

1^/10
behavioral15 behavioral16
- Target
  
  POS58/pos58_win98/ICONLIB.DLL
- Size
  
  118KB
- MD5
  
  ed70efd441caa9f6ad185f4c15e490f4
- SHA1
  
  f26dfde70f3987f175d18851877cfb38dfed74dd
- SHA256
  
  a2451d2ee6636076705d272d311dda7978008d53f9941accb99a7fc1a976c3b6
- SHA512
  
  cd7f5d9a7c0a3aa998cfab8292a57fb0e517f4d2998d5c7ef36c0f93d561abbc47c0395b1d0927e4f014b95b76eb91deed6a622cf13ae128646e4a80cbd328d8
- SSDEEP
  
  384:d2yOapglcAH9vg55zs935xZxO5XAXtI/dSK5IkSkkBkd5555555555555555555G:dZOR6YvpO2jCjfyl
Score

1^/10
behavioral17 behavioral18
- Target
  
  POS58/pos58_win98/UNIDRV.DLL
- Size
  
  208KB
- MD5
  
  39d544cce2ed3dba9858b9e513409d2e
- SHA1
  
  20d8d9bb9b647564af79a2cf352d44aa8c7df088
- SHA256
  
  dba11943e0fd8018bf474f5df7c459d741515fd4bd0e2b4b1b79ecaa144b3e1b
- SHA512
  
  7ef081e2b45291c6dbdf66160320e0bf9d2bd7a3d4faf7369b6ba6901f19cf756816e50e50afa8a2694bac2cac17c86eb2f1ae013f328ec08971ca04ff439744
- SSDEEP
  
  6144:KduLei8gf2Zt6/Rml2Tklr/PK4Hl6bt9Z+cLNNTlSJm9BS:MuLei8gf2Zt6/R82GLPK4F6btZhNpSIy
Score

1^/10
behavioral19 behavioral20
- Target
  
  RWic.dll
- Size
  
  287KB
- MD5
  
  48723a7c205d13f0445ed1b8bdec8774
- SHA1
  
  e4148c2e8f1a6c0a64f7a8777cdb93f67205706c
- SHA256
  
  3255127b59bf0ed125d1c97c8d5e54df56dc31c84ef380f04a04a963dca1b6db
- SHA512
  
  7c5558bfc15cfe3eb9d52db89fc8dad0c703c96833529d0c8816f2af11fda844b3f8ed92b1d1361cbf856bb2dd3ad27d2d95a3d22ca7d69cae07434b4a74a64e
- SSDEEP
  
  6144:6s1/IYrUqsU07McLcxBOVwg/mvDHysUejWa4Zt6gshKEZ1OQmNBmDq1brpde:6s1/IYo5UTCcxBOV+vxHjWaqshKEvOQo
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  mphair.exe
- Size
  
  1.5MB
- MD5
  
  aca60c7c4f24c02f4f48c0be0a5f2ce1
- SHA1
  
  289c97a398379b83a45f3800796b1034cbd51791
- SHA256
  
  36a004267f8fd8b7f0dc6e4b6f39c95e546e2c2e543813b09f221f87644aec94
- SHA512
  
  2663701d739753c2985f9a9557fbaacc98d5ef23c398d66f8d8d92f8085d69a01ed3c5136b4d3059bfb4a6698a4c94d4de89b6ba7b1090ed00dacb522d994410
- SSDEEP
  
  49152:XlOAHbVSlb8ixwI6kn9TCubHgWangeE/r2:1OybVJKWiTC2pang
Score

4^/10

discovery
behavioral23 behavioral24
- Target
  
  mpsoftup.exe
- Size
  
  144KB
- MD5
  
  5093d7c2be3a91017227c8d56eefdd27
- SHA1
  
  97bdce70648d689928541cb303048b288162c45f
- SHA256
  
  e485042508de9cf5b5c49feb1f18be753bf8f2cb8bf5658cc9272b9de0861962
- SHA512
  
  76b516e933cfe8a5d54d9c33ce06337c549927388187878966f5852a3a604d6c546f999fce96d6d5de388fa9c23542678fd31c30296d7cb0523a5a8f8e3570b5
- SSDEEP
  
  3072:GmjBb/xWeCqVEzO30ZfwU+bdFaSQ4ubd+XY1xHQsyVQAR29:GI/xXCqV8iYfp+bdYJ+o19Q/M9
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  readme.htm
- Size
  
  29KB
- MD5
  
  c0fffc73b39acf1a3efd3d64d4a4c6ec
- SHA1
  
  f3dbc257a57437b3a2564b64780c84955308b6c4
- SHA256
  
  3d00b1280e382b4673b4ee5f385493d1e5fb03fa784593515aba2412bcb8bd2b
- SHA512
  
  7bae8aada66bb2ea4896ac516b0f38a15600ddbc9b08415567d753b702aefb1a2599897c560fb263da6be2e0823f903966f1486969987642d4d3dc387681290c
- SSDEEP
  
  384:4lVtWa+Enir/aHzw9LLgRLqI6KL0YLAbaLuLrLkL1L7FLLLncqbLOv9:4ljN0SHsZs8SbLc
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  uninst.exe
- Size
  
  49KB
- MD5
  
  b93b7d94c134eb04301f9662e01f70be
- SHA1
  
  af502c6ad4bda1cfa59240db043a1e09d623dbaf
- SHA256
  
  11076c8d2fd0d97e774797da2b2973f1c8a98cf317f247ff0ebdddd36669c055
- SHA512
  
  141e57502398064d60fc99cbf2e805b1897bfbdb88964afd4ded1aa075f9a779536c23c175ef240c7753ac28b7c49328d83f5dcd67a2d83c2736b5a73ed59763
- SSDEEP
  
  768:uh03BWfzcJpdd4jU3eRo8rwV0GfL7rtU7UMt3MBJjwWQDkXq0wx:uh03grsyj5Rk0gtUABJ/Q+wx
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral29 behavioral30
- Target
  
  新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32