c8223069ba9a9a44ca5b0ee8b4d1ead8d066ceb2fa24cf0716ad172d77a31fd0 | Triage

Sharing

General

Target

f68e2123d93c5235a011d7015f3eba0a_JaffaCakes118
Size

1.4MB
Sample

240925-wjm4dsyfkn
MD5

f68e2123d93c5235a011d7015f3eba0a
SHA1

a8cc51642a2c9dc302565da35039b4f6f1f2cc62
SHA256

c8223069ba9a9a44ca5b0ee8b4d1ead8d066ceb2fa24cf0716ad172d77a31fd0
SHA512

54106b4d550b5df16b98cda28747dd997c26f09069230ebbc4c402fd83717c43a5b7bdb1ffc7a8e0182e4bf13bfb9483404740d1d76249320fe632d81ed65704
SSDEEP

24576:s+1AHKWkVIkHNuA68hpe45IcgC/MiodecrXs2SKgWXNuA68hpe45IcgbIvTmZ:s+1AHKOk4A7hpeOIFmM3dJr9SK9oA7hc

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  LEGEND注册机/1.76 连击版引擎注册/lpk.dll
- Size
  
  217KB
- MD5
  
  aa28054265b1c2fb7748fb21ab5984a7
- SHA1
  
  2fd0396a49a7024ce53783995c4b288e7c596342
- SHA256
  
  004785903afd37cace27aae4ed28b2130c2691798b82132debb42659d223b615
- SHA512
  
  aaa000f7947a92e834b3175facfcefd1d9f53e3204f1b26f10c19c4c1b5ea720b6d6fc45d88a909ca0dbe425c39a6885496f8673e4ff1ebff6a709a351322e28
- SSDEEP
  
  6144:u24mCyHAWyPgWITYJ0Ax9N17xM2lxq27Wo/GEvdt:u24xvPgWGYj9X7xM2Lq27D/GEvdt
Score

7^/10

defense_evasion discovery
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  cz.htm
- Size
  
  5KB
- MD5
  
  7f82b6cdb331d93647aaa6e2cf792ffc
- SHA1
  
  421ebfbb33656a26ed6a83ce5b7a91d80772a974
- SHA256
  
  02566f6158957b9b2561d7ef519173cf514e7d181b7db6c210ca5070dd218a4a
- SHA512
  
  ee0b6f963b190f48185ed5022207daac0af9d907ccce7ff87bf802e8a7121ebd87488a5c48460c977ed9c466ff8ed35c56507c50f5d1d450ef8b0f971544d04a
- SSDEEP
  
  96:SeuKuMv9XKBQo7ntTuyxF3PAUiAcAcAcAUUmJJk3toSYqEnKv1Oqqs+7MjU:S6xus6KUmnk3OSYLKAqqs+7l
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  js.htm
- Size
  
  4KB
- MD5
  
  67d2a0acd73d340131905765dc41a9f0
- SHA1
  
  c90c9a1218cba9c0c2ede2b44d8693a0a3cec7dc
- SHA256
  
  5835356ef7da67e78d037c77059f5df6b49b324f496ce4187035a410f9c018df
- SHA512
  
  17867a67aec530f1758a14f7c7e2efe960bd5efad5d289ab357199bdb229ae0b3c07ef8aee7c215fe1a3e12039bf4c020273bbbe6774b08144edb6a30fe3e9de
- SSDEEP
  
  96:SeuKuMv9XKBso7ntTuyxF3PAUiAcAcAcAUUmJJk3tgSYqEnKviqs+7MjU:S6xuo6KUmnk3CSYLKKqs+7l
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  kf.htm
- Size
  
  5KB
- MD5
  
  0149ede6417048a3045d1d07cc11e38e
- SHA1
  
  f141e74cb0172ff060c2b184fb56d322d93607aa
- SHA256
  
  f572e25f8453983bdf7c188f1d1ca448f018b0dee9d741dcd3bb1ec73a2a7739
- SHA512
  
  af7ecfe79df0f556aea93dbc600cf9aa5044f7093a41bd10c4cef49b976ad831a7788f23273b61f8db9844fcd7a3a7ff5daa5aeec5aa5296d9696d69f6e87796
- SSDEEP
  
  96:SeuKuMv9XKBQo7ntTuyxF3PAUiAcAcAcAUUmJJk3tTSYqEnKvPX6qqs+7MjU:S6xus6KUmnk3lSYLK6qqs+7l
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  xz.htm
- Size
  
  6KB
- MD5
  
  cc72b4a6281bfe4abb2f7ada6894ef93
- SHA1
  
  ab3ee79dcb486127c807051195b51d488209cc29
- SHA256
  
  57161f7f88c5102b37b25826a7028fff989f1bcc3a1b96e8fc0db9f76a3b24a1
- SHA512
  
  b97a378f9041319ab705ad019de821c7b3cadb0fbda7c729430ba1f48131b2924fde9d677e49102a76a57406f47c76ed76f77d32dc6984dc40cac35dd2987dbd
- SSDEEP
  
  192:S6xus6KUmnk3oSYLKJkitEB7kidsdqqs+7l:Sqvf1pQ6BtKdqqs+7l
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  yuantu.htm
- Size
  
  7KB
- MD5
  
  9c23b1bf253e3ad46fece36695a33a53
- SHA1
  
  d93cce849f527190ad4d6df4bfb1eb653b13c10d
- SHA256
  
  c42488d8fe61f3e07915a29eb51fff98209b349a99bd5bf8d5a689167563bfb9
- SHA512
  
  537ad08fcb1fd953ff7a8a32b3a221b3852a1cafeba876377aed7854ca1f288dd94655cfb8b915d7d8f2e2856df1f3495c704810ecad7be4d4eef4574f820497
- SSDEEP
  
  96:BOPjVwHXCjOV/Efd2Kx2SDpwN0DIDc1htLB4hNhzv8e1/DMHMCPa1:BGFCV/G3xBpnIQvtLB4hrzp1bKPa1
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  zb.htm
- Size
  
  13KB
- MD5
  
  8ab418e56b02d3f15404728639a8d6a1
- SHA1
  
  357aa754702099b56364d8d5eddb32c01c192149
- SHA256
  
  6d0c5c9e335330031b048df4019b1203740f78925ad880ef065e74bb2a09c537
- SHA512
  
  658fa2d0e2369cb224834d70633e2247d10ffdcba2bbf029cd6bb758237a62e41152a4e6840950e3453d5e1b831b4ee140b75c8ce167b31d04f24570e83bacac
- SSDEEP
  
  384:SCvfHpRgccuyy1kcgccuyy1kcgccuyy1kcgccuyy1kcgccuyy1kcgccuyy1kcgce:SiBRNvNvNvNvNvNvNvNvN2
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  易模板.url
- Size
  
  78B
- MD5
  
  7665f42dbf6aded90bac5de676ae0e7f
- SHA1
  
  aa75c117ac346746087c34be795fc380ce080c26
- SHA256
  
  b01e0ed8e6e52c8c03959c1ea011842a09ee88b3eafb9e7c0a509397d7d67e41
- SHA512
  
  f495c8adc45eeb13e9745877bd1a253d8eb2a490ec5e346846fa244bdc1a88cdbc3d22e96fc550d6b327878470d03cfbb1ac702969d1bf41b30e3e0400e9773c
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16