fa4b24b57aa2e808b446fd026814727482e00b10e5feee0f0bec569c00687427 | Triage

Sharing

General

Target

fe5d5e3d2d7c255b25a298c7a8201313_JaffaCakes118
Size

8.1MB
Sample

240929-mvw11athqe
MD5

fe5d5e3d2d7c255b25a298c7a8201313
SHA1

733642c0b7f2aeb9cd72c3aa9b8d597007aea398
SHA256

fa4b24b57aa2e808b446fd026814727482e00b10e5feee0f0bec569c00687427
SHA512

65cd85a2bd9bfbf33c12b50809fed08a788c8891967930f7ba22c7f84295f6247136212c4dee0bf14231f088c10ed534fbe1d56b7c309a7b31b5f33ccb42d239
SSDEEP

196608:/+TerPgU4s6z5iVLcx52Na9eonCK6801i5RgDn/gxaHw:W+PXgVIuoNawonCK6Xi5yb/7Hw

Score

7^/10

discovery vmprotect

Malware Config

Targets

- Target
  
  smzy_qiyiqqguaji/[破解版]奇易QQ挂常用IP工具V2.63/11684.COM.url
- Size
  
  246B
- MD5
  
  7cfc41d9c5c1c8f54981aea42bb9b0b1
- SHA1
  
  b207ab5c5ff7f1edcda42e6ec064ab02749821b2
- SHA256
  
  a1cbdcb147c3e30130eeb8387a2c05b9a8dac3807f277dddd04fdd618ba192f8
- SHA512
  
  15fc7cb23ef80265c35eb5d125d81d26eeaca83ade4eee48c321fdbd8b3e0fd37d96ca845e9708a85c8764c8b06299db72d828ae0761b8f83ed779f05d504094
Score

1^/10
behavioral1 behavioral2
- Target
  
  smzy_qiyiqqguaji/[破解版]奇易QQ挂常用IP工具V2.63/JK.dll
- Size
  
  1.3MB
- MD5
  
  90c0c724fcb7e4f8825c86d366054624
- SHA1
  
  152e04e3b2a2ff0b45077aaa4edb6b7ccb93d7d3
- SHA256
  
  a0f73d795471c646fbb11daf20e1e3790f6bc0a22831865ec16a4346ad102786
- SHA512
  
  d5b38caa14b70d723149c4b1ccb941b23ed4ab7e2c95c672a3ab920877549bd299b084b040e76c6b62f29362438f9c5767ba73d99e53780e9c87b01f6653ed23
- SSDEEP
  
  24576:T1upyCZ8MRbiJufgO8XLcMi2dEk9AXBnsXjo4sHbeIAKWqTVboN93C:T1uEO8WeOgZLcMBsaTo7v7YpC
Score

7^/10

discovery vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral3 behavioral4
- Target
  
  smzy_qiyiqqguaji/[破解版]奇易QQ挂常用IP工具V2.63/readme.htm
- Size
  
  2KB
- MD5
  
  73c00b2312c82ca067dc2cc18d09bf6c
- SHA1
  
  83a64932a57a38ec4968e2d7f8f80d63460d9404
- SHA256
  
  9ec1d5a9fa12b49b2ae4e46eceb2ca9cc4e36c2e8c416c828a666b4c78cf55ad
- SHA512
  
  48c8dd23f61edd57c81c7111503361079de3d9f77417d3a9c80415614083bf4ac8d3fdec421269e4d13f35cfb1803150d534ce3a4e61bafbd44332eb2e4572f4
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  smzy_qiyiqqguaji/[破解版]奇易QQ挂常用IP工具V2.63/winmm.dll
- Size
  
  99KB
- MD5
  
  99ab6d30036db4f9a66c675b2b64d030
- SHA1
  
  21eb8d53b356813dfedee55ac1be5f7db1020ce4
- SHA256
  
  5f8c925c21de560bee6dfa800857d10a43e97e2aba1b1a9436afbe56e2a604ca
- SHA512
  
  490649095cd427f1716c24c50d004b9e15e22024efcf20cda40096ad43fda74bbf5e1bda0524e734ed853bbb32a7fcd82a274ea5da13d0503a8f169369e6505b
- SSDEEP
  
  3072:8auTh4lpjb/4vwjEK7Kn8+n4frj/9++WIpuDz:R24Hjb/4ojEv8+nGv/o+WIc
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  smzy_qiyiqqguaji/[破解版]奇易QQ挂常用IP工具V2.63/winspool.drv
- Size
  
  800KB
- MD5
  
  481cbd23467edaa80079d068593cf8cc
- SHA1
  
  9b2246aec152e6a8a70fef7867c0446f86ac3481
- SHA256
  
  38dbdca342990c1a42f0f5ce4fe95acce754861c7876a469d43003c42077c12c
- SHA512
  
  faad787c7cf22d160ecfebea5d711ee0dc7a5928965c232c284a37ecccaed4c7bf5ec65e6904c571389c35d22eae08751ca91686eb09f95492b907397d164e72
- SSDEEP
  
  12288:byVVLnRtIbTeb6jy3KCSTn24Cpq+V8DvILJ4:by3DInef6Cq2Lpq+cILq
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  smzy_qiyiqqguaji/[破解版]奇易QQ挂常用IP工具V2.63/奇易QQ挂常用IP工具V2.63.exe
- Size
  
  6.6MB
- MD5
  
  2035e8881fa41d4bf14ab5bd20ea52f2
- SHA1
  
  5e168354eb2071ef6b34e1bd23538c3bae3d752f
- SHA256
  
  2d415f6a6308a033d8fc10b2fd2fbcd70de7861b4eddfdeab66d24ca533e4344
- SHA512
  
  108b23e14ebf6df8dd028c55548dc083ac1a663226d09a69c846d5464288daa73629829920dd64b49454dcfc2873bf1c43efbdff40e67e320377638dfb5cf7c5
- SSDEEP
  
  196608:3it2NBwATCjRK/iglZA6wvHIFxaafeSkfSXx:5BwATCjRK///ro+xtfeLfS
Score

7^/10

discovery vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral11 behavioral12
- Target
  
  smzy_qiyiqqguaji/[破解版]奇易QQ挂常用IP工具V2.63/请先读我.htm
- Size
  
  2KB
- MD5
  
  73c00b2312c82ca067dc2cc18d09bf6c
- SHA1
  
  83a64932a57a38ec4968e2d7f8f80d63460d9404
- SHA256
  
  9ec1d5a9fa12b49b2ae4e46eceb2ca9cc4e36c2e8c416c828a666b4c78cf55ad
- SHA512
  
  48c8dd23f61edd57c81c7111503361079de3d9f77417d3a9c80415614083bf4ac8d3fdec421269e4d13f35cfb1803150d534ce3a4e61bafbd44332eb2e4572f4
Score

3^/10

discovery
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

discoveryvmprotect

behavioral4

discoveryvmprotect

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

discoveryvmprotect

behavioral12

discoveryvmprotect

behavioral13

behavioral14