Overview

overview

10

Static

static

1

�...ǰ.doc

windows7-x64

4

�...ǰ.doc

windows10-2004-x64

1

�...ѧ.xls

windows7-x64

10

�...ѧ.xls

windows10-2004-x64

10

�...��.doc

windows7-x64

4

�...��.doc

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6fd8d5bcff385600cf1522062f6ac596_JaffaCakes118

  • Size

    52KB

  • Sample

    241023-twmmaazbpg

  • MD5

    6fd8d5bcff385600cf1522062f6ac596

  • SHA1

    fd24f893a439e3cf32f490db5fc800fd9497dd69

  • SHA256

    20501b21e4c5f3317e5e1e1ac8a553d60a434fb50d262fa1abee1a79b39bd4d0

  • SHA512

    adc7877667a6e7261eb19992b3be71e2e386a85db02487918df033c4ced6eff097d3173cce75a83148f1ba46d314bbb6a2609105640ec03af394809038685643

  • SSDEEP

    1536:PTdf0tmvTQ3pt4Z985cggMd4gJgZTi5iQux05lc:LdfBvEoQagzHJ2vQuxp

Score
10/10
defense_evasiondiscovery

Malware Config

Targets

    • Target

      ܽ֪ͨ[2013]119120/֪ͨ[2013]119ŹÿѧǰѧУȫ֪ͨ.doc

    • Size

      27KB

    • MD5

      96a33b721a08942c23c7c2586f45d1a0

    • SHA1

      91d0d62fb1a0f3d1b84623626db61e9c53821a43

    • SHA256

      53d1f1bece332e37ff4b09d2a8bf7f0c7f954d6cf520347636f78cd994ae4d5f

    • SHA512

      7fc1313f37fbba7ed584378c57ba381bc17640461786e888f728b1726c6d8b9bc272ec2d8b182a9b3df8ff8c5ac4c1d9c127e13a4f866e07daaa35fae8d9b830

    • SSDEEP

      192:hymEw5GjLICppsIgcYSp1u5l6vCshFjB4hDhLsiA:hym5kECppQcNp1HhB0G

    Score
    4/10
    discovery
    behavioral1behavioral2

    • Target

      ܽ֪ͨ[2013]119120/֪ͨ[2013]120Ÿ2013ѧУְȫԱȫѵƻ.xls

    • Size

      102KB

    • MD5

      beeb3e52fb370510ac5ad8cad4b21d1f

    • SHA1

      37e86551eefd770c046549dbf4b38d176bb26c8b

    • SHA256

      9addfbf334d8ae484395056e40e5996bfb76e73c6590edf32089cdac43af07ea

    • SHA512

      926531257c8f73f580240e35d39b50d5b504a383834ba5fe4cbc5527cf127aee7962c3ef66e5df996e02dd847f8331cf3b9b0134e8253b98461d46c374f87a5c

    • SSDEEP

      1536:5BBBewcTbrmWVbrzQ72cgiTkiD2lswhTpo1EEcJtXwR8M2M/Mye37fZdTf:XWVbrzQ7fTkDdpxHJtXwx5kzZdTf

    Score
    10/10
    defense_evasiondiscovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral3behavioral4

    • Target

      ܽ֪ͨ[2013]119120/֪ͨ[2013]120ŹڿչСѧ׶԰ʦȫ֪ʶѵ֪ͨ.doc

    • Size

      25KB

    • MD5

      28461a86e20479c40d9ae670516a1212

    • SHA1

      50d6abe482a41fe88452f23f5612940970100693

    • SHA256

      45b49c0520e1ef367057ae1cd05474d1f4424f4de8f9e4613d154f17597380bd

    • SHA512

      1c98a5355d188589a89aeccf3f2c52615398484941297ebf17b39ff8f1653a3b922a84aeca90ee81e7815a595179f8638a9245a475d9d9d2c48e20ca97cdcdff

    • SSDEEP

      192:1kvW1U8Y0BpHigdb7nAx9dnqhVyh1b+0fvhT5hTuS1hnhTDsvH4:1kvW66pH59kx9pb+OrukQw

    Score
    4/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks