General
-
Target
6fd8d5bcff385600cf1522062f6ac596_JaffaCakes118
-
Size
52KB
-
Sample
241023-twmmaazbpg
-
MD5
6fd8d5bcff385600cf1522062f6ac596
-
SHA1
fd24f893a439e3cf32f490db5fc800fd9497dd69
-
SHA256
20501b21e4c5f3317e5e1e1ac8a553d60a434fb50d262fa1abee1a79b39bd4d0
-
SHA512
adc7877667a6e7261eb19992b3be71e2e386a85db02487918df033c4ced6eff097d3173cce75a83148f1ba46d314bbb6a2609105640ec03af394809038685643
-
SSDEEP
1536:PTdf0tmvTQ3pt4Z985cggMd4gJgZTi5iQux05lc:LdfBvEoQagzHJ2vQuxp
Static task
static1
Behavioral task
behavioral1
Sample
֪ܽͨ[2013]119120/֪ͨ[2013]119Źÿѧǰ.doc
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
֪ܽͨ[2013]119120/֪ͨ[2013]119Źÿѧǰ.doc
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
֪ܽͨ[2013]119120/֪ͨ[2013]120Ÿ2013ѧ.xls
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
֪ܽͨ[2013]119120/֪ͨ[2013]120Ÿ2013ѧ.xls
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
֪ܽͨ[2013]119120/֪ͨ[2013]120Źڿչ��.doc
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
֪ܽͨ[2013]119120/֪ͨ[2013]120Źڿչ��.doc
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
֪ܽͨ[2013]119120/֪ͨ[2013]119ŹÿѧǰѧУȫ֪ͨ.doc
-
Size
27KB
-
MD5
96a33b721a08942c23c7c2586f45d1a0
-
SHA1
91d0d62fb1a0f3d1b84623626db61e9c53821a43
-
SHA256
53d1f1bece332e37ff4b09d2a8bf7f0c7f954d6cf520347636f78cd994ae4d5f
-
SHA512
7fc1313f37fbba7ed584378c57ba381bc17640461786e888f728b1726c6d8b9bc272ec2d8b182a9b3df8ff8c5ac4c1d9c127e13a4f866e07daaa35fae8d9b830
-
SSDEEP
192:hymEw5GjLICppsIgcYSp1u5l6vCshFjB4hDhLsiA:hym5kECppQcNp1HhB0G
Score4/10 -
-
-
Target
֪ܽͨ[2013]119120/֪ͨ[2013]120Ÿ2013ѧУְȫԱȫѵƻ.xls
-
Size
102KB
-
MD5
beeb3e52fb370510ac5ad8cad4b21d1f
-
SHA1
37e86551eefd770c046549dbf4b38d176bb26c8b
-
SHA256
9addfbf334d8ae484395056e40e5996bfb76e73c6590edf32089cdac43af07ea
-
SHA512
926531257c8f73f580240e35d39b50d5b504a383834ba5fe4cbc5527cf127aee7962c3ef66e5df996e02dd847f8331cf3b9b0134e8253b98461d46c374f87a5c
-
SSDEEP
1536:5BBBewcTbrmWVbrzQ72cgiTkiD2lswhTpo1EEcJtXwR8M2M/Mye37fZdTf:XWVbrzQ7fTkDdpxHJtXwx5kzZdTf
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
-
-
Target
֪ܽͨ[2013]119120/֪ͨ[2013]120ŹڿչСѧʦȫ֪ʶѵ֪ͨ.doc
-
Size
25KB
-
MD5
28461a86e20479c40d9ae670516a1212
-
SHA1
50d6abe482a41fe88452f23f5612940970100693
-
SHA256
45b49c0520e1ef367057ae1cd05474d1f4424f4de8f9e4613d154f17597380bd
-
SHA512
1c98a5355d188589a89aeccf3f2c52615398484941297ebf17b39ff8f1653a3b922a84aeca90ee81e7815a595179f8638a9245a475d9d9d2c48e20ca97cdcdff
-
SSDEEP
192:1kvW1U8Y0BpHigdb7nAx9dnqhVyh1b+0fvhT5hTuS1hnhTDsvH4:1kvW66pH59kx9pb+OrukQw
Score4/10 -