Overview

overview

9

Static

static

3

155绿色�...��.url

windows7-x64

1

155绿色�...��.url

windows10-2004-x64

1

RemoveWate...64.exe

windows7-x64

1

RemoveWate...64.exe

windows10-2004-x64

1

TCPZ_Overview.CHS.htm

windows7-x64

3

TCPZ_Overview.CHS.htm

windows10-2004-x64

3

TCPZ_Overview.ENU.htm

windows7-x64

3

TCPZ_Overview.ENU.htm

windows10-2004-x64

3

TCPZ_Overview.ITA.htm

windows7-x64

3

TCPZ_Overview.ITA.htm

windows10-2004-x64

1

tcpz.exe

windows7-x64

9

tcpz.exe

windows10-2004-x64

9

tcpz64.exe

windows7-x64

9

tcpz64.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eaac09bf97870a38faac782738f40ee4_JaffaCakes118

  • Size

    601KB

  • Sample

    240919-f6cm6sshjg

  • MD5

    eaac09bf97870a38faac782738f40ee4

  • SHA1

    dcca542af6426a797b295cb4f598771dbed38f9d

  • SHA256

    b0fcddf7e2136c3a682e35fb9bb564db44e297fbee5ece3b604d805286207ece

  • SHA512

    cf12770441999972734947b60901b40dba217dd3e9e3423a7ff0a6034f21790f91fc92ce7070c0f287602b67d6c9fb63041bb6005bb263dbc7433adba0eb7b49

  • SSDEEP

    12288:/bZFQHhKUFXtSLF70GTJPZiAQzFBf/bOEhRLDbz3VCBO3r9025W:DZp2QF0SPgAQn/KID3NtW

Score
9/10
defense_evasiondiscoveryevasionransomware

Malware Config

Targets

    • Target

      155绿色软件站.url

    • Size

      219B

    • MD5

      3a1f2a8a3ef08ae269517a69ea918b2c

    • SHA1

      7d2e6719702bc8472e045e010efa6ed3f7df4b5b

    • SHA256

      66eafefa8bb0155e60828476bde6068573fe64a4fd0aa052eba074dbe85d46cd

    • SHA512

      22203a78192cadc02d0f887247675925273a69e3be82ec1a331197f892216a282cc8f37c3ffbfb578a708244181037277b8cc6a40d8ec70cdf0feac5d80f8576

    Score
    1/10
    behavioral1behavioral2

    • Target

      RemoveWatermarkX64.exe

    • Size

      23KB

    • MD5

      9d62ff0d6809dfcfda34940fda3e3e68

    • SHA1

      e70c615cc5088bfeda66134155bf137d0bb9d504

    • SHA256

      ed65d724695a6ec0443e71cca0012daca1b8a919dbf7b90764babbccc10701af

    • SHA512

      5cde5ff551dac2ba7d2df4dcffb711bbc77c2358652603aab81f0c471be50a07fd9090c50d2f8e0fc77d101630d3cab7ef072b2b092c5e2694809491de3e2263

    • SSDEEP

      384:jflTGf4t0BaRN0BFV9Ke9k8C2agfsPrNujXAH0IsRqA4jP0I6:LlT04esR2Bn9K/vdRZuP4jP0I6

    Score
    1/10
    behavioral3behavioral4

    • Target

      TCPZ_Overview.CHS.htm

    • Size

      8KB

    • MD5

      ad20ad63c9d012c5ba3c4f765b52494c

    • SHA1

      8a8e695cd2ea77636be24f9db63d79b47e648a83

    • SHA256

      450090734421906bd13f649520e51d990aa16dedf5e1fd8da80f54d13773bd4a

    • SHA512

      c9d0a15f5a4a6cfb3ad1bc8b2bf510ece0bff7fdc0654ead5ba1361f784de0bb20ae5dffc9506186fa91112ded5af8f3086ae580ee46bc4f906ce5088de3477c

    • SSDEEP

      192:Q2CVjDtHPXTTVRFQM3mRLT3KIjNS3WAwu+3x+5syBNW+PWN/si2b:/qj/mRLLKw6N7WNM

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      TCPZ_Overview.ENU.htm

    • Size

      8KB

    • MD5

      602faf5c938a319031a8cd54c5a30ac7

    • SHA1

      b23299d8db3fdfc25a9235de5a621f086cd89e16

    • SHA256

      7f2763830e42db659d3872dae1d39febf5d8d1ea9a7027fc4a54fa3ee96d7355

    • SHA512

      a8a62aff2a4ff930c758f428403dbab6eb3b0ef5983dab0bc6b7a9f05099f4b8f7ff05c4672e1c33a9811d4fea938b1886fb25a35574f25d6e979662b64bb742

    • SSDEEP

      192:Q2CVjDtHPaOtX5CZaIOl3HIlL93cp003Zida3v4TWqzihqXeQjX0adPimwe+8s1x:/qaOiMIOBde03ZiA3wK/hkbjX0aZfwQS

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      TCPZ_Overview.ITA.htm

    • Size

      9KB

    • MD5

      a48301a8a72de8549740e252300c7112

    • SHA1

      64594bfb8eb9dcbafe36ba2468fb2b4122ca1e78

    • SHA256

      8088f71f2cc2aee0467976df7afffb94c7e0c529be5d9a99e0e54742cfb5e3af

    • SHA512

      5759c6934c22712396bd116654e89fb59101a194d8928971d42a6de773175e0611ebdc524fe5e46105aa8c8ee735dc2352c4756b46d6b0736c087d634ca35463

    • SSDEEP

      192:4kCPjDt8oV8nT3aNahA0TJbOY5gHb+znGlBNfB1+3eBScs:Bh6N0tITNRS/

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      tcpz.exe

    • Size

      421KB

    • MD5

      11d94b8c08add90829ea2b2c6d68bb76

    • SHA1

      d1f3dd48835f67172b7f77ec07f8e30b713b149e

    • SHA256

      2ad20c26380b36a0b9ff0e5d346a1b92c15c28f89e7e49e752f4432aa906e75d

    • SHA512

      462146ba5e017c2ec5933529ae95933c6d965ac41ede574f6e48038e8326924ea696f8a9686b463e12e6cf0827c4f55f4116fb7fdba1f74fdf2d465bb6c4a57c

    • SSDEEP

      3072:le/2TCkMuN/+vBEVSNBF6lib/yTmKy5OpeQwrIk8avRsX37EWbNuSQtAOZvszIcu:lAaN/+52SNBQ+yTm40Db+GdDTiblvE

    Score
    9/10
    defense_evasiondiscoveryevasionransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Enables test signing to bypass driver trust controls

      Allows any signed driver to load without validation against a trusted certificate authority.

      defense_evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral11behavioral12

    • Target

      tcpz64.exe

    • Size

      737KB

    • MD5

      7368655a99d81b2b2ae2e13765421313

    • SHA1

      6b8144df8ce9f6566ec6fff77844c2622ba45b22

    • SHA256

      aa3688a07bfbe5df55d5fc26d5ace38d48c9882d5038df4b91c85cadac02584c

    • SHA512

      c63886f057869e677af01c63f7cdc82d78c271dc77277c4fad744df0be35b694be6eb653f907aa2f0c0d0e83a3e7440ae9ef4e4b98244a9545a11e40609e0c89

    • SSDEEP

      6144:u+S9Re4T87LZcOXp6O1+MhUdMhOHHw59Kmlxf0Y8P0oH9EQZJLLaTu6yVAuPa9bO:DSW4gZ6+Xf0oQLL6yY9Cokf

    Score
    9/10
    defense_evasionevasionransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Enables test signing to bypass driver trust controls

      Allows any signed driver to load without validation against a trusted certificate authority.

      defense_evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral13behavioral14

MITRE ATT&CK Enterprise v15

Tasks