Overview
overview
8Static
static
3360.cmd
windows7-x64
4360.cmd
windows10-2004-x64
4361.cmd
windows7-x64
1361.cmd
windows10-2004-x64
136O安全�... 3.lnk
windows7-x64
336O安全�... 3.lnk
windows10-2004-x64
336O安全�... 3.lnk
windows7-x64
336O安全�... 3.lnk
windows10-2004-x64
3Internet Expl0rer.lnk
windows7-x64
3Internet Expl0rer.lnk
windows10-2004-x64
3Microsoft/bot.vbs
windows7-x64
3Microsoft/bot.vbs
windows10-2004-x64
7cpa.cmd
windows7-x64
1cpa.cmd
windows10-2004-x64
1fav/fav.cmd
windows7-x64
1fav/fav.cmd
windows10-2004-x64
1fav/fav.lnk
windows7-x64
3fav/fav.lnk
windows10-2004-x64
7fav/fav.vbs
windows7-x64
3fav/fav.vbs
windows10-2004-x64
7fav/淘宝购物.url
windows7-x64
1fav/淘宝购物.url
windows10-2004-x64
1fav/网址导航.url
windows7-x64
1fav/网址导航.url
windows10-2004-x64
1fav/软件下载.url
windows7-x64
1fav/软件下载.url
windows10-2004-x64
1file.vbs
windows7-x64
8file.vbs
windows10-2004-x64
8open.vbs
windows7-x64
1open.vbs
windows10-2004-x64
1runonce.cmd
windows7-x64
8runonce.cmd
windows10-2004-x64
8General
-
Target
81e06de2ff5964474449764dabaa68fd_JaffaCakes118
-
Size
217KB
-
Sample
241031-gk4efazlhz
-
MD5
81e06de2ff5964474449764dabaa68fd
-
SHA1
9b5f06d2100a8aa51aef76f19618bfebf0f22929
-
SHA256
ed06883617d0469068e12788a5caf61feb2a6666ee84b962ee838c816c128baa
-
SHA512
ae954d721ed02d4b53773443f4ad2edcbd94966af73c24a16e8e92e302a45ab2db9a1169371245152660e1ab97b9da139964dc0d8dc08cfc467d2be290161116
-
SSDEEP
3072:Gk3sx0j6ap8fWrr27J5pa67TSywjCFCw7I5we93t7wzykrjNB7QbYVeVU0hQ7GKA:NuaufWG7JbL7XSSCh93W28xBcyYU0ham
Static task
static1
Behavioral task
behavioral1
Sample
360.cmd
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
360.cmd
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
361.cmd
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
361.cmd
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
36O安全浏览器 3.lnk
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
36O安全浏览器 3.lnk
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
36O安全浏览器 3.lnk
Resource
win7-20241023-en
Behavioral task
behavioral8
Sample
36O安全浏览器 3.lnk
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Internet Expl0rer.lnk
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Internet Expl0rer.lnk
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Microsoft/bot.vbs
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Microsoft/bot.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
cpa.cmd
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
cpa.cmd
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
fav/fav.cmd
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
fav/fav.cmd
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
fav/fav.lnk
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
fav/fav.lnk
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
fav/fav.vbs
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
fav/fav.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
fav/淘宝购物.url
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
fav/淘宝购物.url
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
fav/网址导航.url
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
fav/网址导航.url
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
fav/软件下载.url
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
fav/软件下载.url
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
file.vbs
Resource
win7-20241010-en
Behavioral task
behavioral28
Sample
file.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
open.vbs
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
open.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
runonce.cmd
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
runonce.cmd
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
360.cmd
-
Size
1KB
-
MD5
3e54ff9d891714f4caf7911ce6d2ddce
-
SHA1
e7307a27eca905f1d8be37eed83731b541323707
-
SHA256
a3d8ffe9c729c41f8c9b276308c5f0be810e7855948e92a14c07e3e3672d9275
-
SHA512
1763f67d734af6d190416e618cf2be35be336f023f3df25827fbc45609509a49ea908d108fbb599c958f9224fc7749e16350c4d8812ff3be43e4f4fb423c1136
Score4/10 -
-
-
Target
361.cmd
-
Size
136B
-
MD5
5966a0cbade2abd0574b0305c47ba660
-
SHA1
3c3443d8dfe6780e912c788bc0d840128f455619
-
SHA256
586fceff93a379c2365f736e81fc08b8039b69b1abeba3f1ec2e908ebc344767
-
SHA512
a966d993bd3009c30636cc1af83df680c00bb09de01a466f6ed1809c8b8f2d6f70b2bf121406dd17e90741c6af5cdaf6df8dab5a69551e8daad795a1437a17ef
Score1/10 -
-
-
Target
36O安全浏览器 3.lnk
-
Size
817B
-
MD5
cba9ded752655b763a94ace45bccbe4b
-
SHA1
219e5cdfa2d62d26542bb8349ce936f00941c835
-
SHA256
f2560ba5f7dcf44b1a5bfe9f9537da5a5586bace2f394f99d907b96117b5cac8
-
SHA512
1d887ff15062b754afbc02286a03ee408f6edb3a80dcafb563a63019198d67b50c1b8fa4779f2f1031ea4f7c210c655062b074f66bff89866d38e2b80c8e7923
Score3/10 -
-
-
Target
36O安全浏览器 3.lnk
-
Size
1KB
-
MD5
5e0bcc3ae762822e2507e7987562abab
-
SHA1
7fffa59ff1e1eebd6bc98d1dd9aa0051ba59bb0c
-
SHA256
7a4a0367330c6854ae126bf784dba8deff541ee269c34e575540b2aa7d7f3367
-
SHA512
3323e365ad712a3f162d32471615d78f613605cdf37b77391f14d4831b5ae82ad45a2cc3e8548169f447fc81b5f5a09713d2661157511890fc03c665ace01687
Score3/10 -
-
-
Target
Internet Expl0rer.lnk
-
Size
104B
-
MD5
b26bdf8dd432f327015e14428a20790a
-
SHA1
a5db52d58ad5911ee4d54576335c250ccf86083e
-
SHA256
ff0f9b5b7634cadb7a4d58ccb1fa58c015217b6b890995c9ddc83156c9f8f43a
-
SHA512
a532c5b0a22e1cb09beab9d1acbe2a972a02d3a7c7782207410fe40f2a38316155dfc8de63be971ec1d69432ecd9033c971a588d65c40a5abb69d3f4792ba8d4
Score3/10 -
-
-
Target
Microsoft/bot.vbs
-
Size
173B
-
MD5
260221b2e318b36c446542c9edc50837
-
SHA1
d1041b615f1b1c513b27a8e9faa03abc7ff45d3f
-
SHA256
55c1c843af5160b59f214584e252c404d7857c33c8c13b08c9be7474d2f496e5
-
SHA512
a1c217ff54bf065ad4e1f337a436faf2b17bf20859b282b63f53b7430bac65ee3e0cd8a9b4ac054060095145f61c95bcaa4e5513331c69c8497cdc332322ac56
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
cpa.cmd
-
Size
98B
-
MD5
618bc4a33a6281eed70f19717627278d
-
SHA1
49afacdfc47af8f3560e8436a39b76468688abfd
-
SHA256
831cd4c3c4f6d4541f2285f49f83c9e25cd187233701cd23a9fe6d5dee9481fb
-
SHA512
41cca1da068d42132afe2c85d8abb7d8d5cd20f4c7af599717618e704895f83af178e1882a17623e64a2f450cd50cc6a6eb3604a572b8b1a1ea56fcdf35fb5ad
Score1/10 -
-
-
Target
fav/fav.cmd
-
Size
350B
-
MD5
bb8f16419df048980760537aa0381047
-
SHA1
fee995f3780355320925ca8368c7e93500ad1cd1
-
SHA256
80e3a0ae53a55fa995ebc555e8529f4d566d8f614b0933edbdf9ba2604d778fc
-
SHA512
9a2082a52cc1f84538002e5c16e5d6384854c129afb935d94122f1dcbf16064c8dbe59784b6332567b846c3dda48e441b2061228fdee9da2e4e552244a5450e0
Score1/10 -
-
-
Target
fav/fav.lnk
-
Size
585B
-
MD5
b6df6a7ea663db383620b229faeb3046
-
SHA1
338beb3ec1b119556dea0d66e6731afc0750e15c
-
SHA256
fc6ab2ae5370e3ddd5edc10702b8cf7e2cf9d2dc491c2635a7d9709d4bd7f8ca
-
SHA512
85f7c4e905c4cfe6e1ecd899b0bfe1449ffec7f324ad73da03e76b7b5afd9ea32faaf31dc57515c52c70c78001fae2e4ac5e3ed4272506007f701a959e961556
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
fav/fav.vbs
-
Size
121B
-
MD5
1365ef9e2079883d0fc2c07953838bee
-
SHA1
f01853cce3bd55924bd1c23e1038c5fc50c72a7a
-
SHA256
c1fbbc4ed104e65c2ca645552d7d3ee550485220828c175fbfb4135ed7373061
-
SHA512
459912c3ab8edc34eb091cf67110a43b30ae3568982a0b8decbdb274c35cec9b8db294048205040ff22ae315c7f48d9004e9a9d5e995e241a173eec113ef7992
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
fav/淘宝购物.url
-
Size
189B
-
MD5
63f72e0adad2913f0616ac0304e07b0c
-
SHA1
5af6726532b9cf9c17641d43e1d057ffdb33de18
-
SHA256
bdb784a299056e551ffecf5402e49f99a5ad988c1b6456f03a9450f210775845
-
SHA512
e6021a009591273b3bea14dde6d0332dbff09ff921f43f10d55c83ba615d3d313d4f32b648c2dfe531b4ca9eda465e6b07b43b02b558252ac56517c3cb0c0b17
Score1/10 -
-
-
Target
fav/网址导航.url
-
Size
81B
-
MD5
97c3f90dfc6b49091e3b0ac2f4c5081e
-
SHA1
1308208ed83e3682e9d2d8e4756c889e8a652cc2
-
SHA256
9a66e3c8845ef59301b675977c8c7023fa61bd3a051f6c34039eaad62a43af1b
-
SHA512
ee68548709f725ef3a78d7159261640e6c0503bcc278788e28e1925330741ac11283cfff9ee62716210691b93dbb58eccd249f2235b23eaa1d52e8eb49cc10b1
Score1/10 -
-
-
Target
fav/软件下载.url
-
Size
83B
-
MD5
e37d61e59cabe1cb70c4c3621eedb6f2
-
SHA1
744c090f60fd5c2c95486ce5aa9ca721df94bd23
-
SHA256
981ef6de8d54f921744ae45bc289616186ac6a1e05ad4fec0471efc768f5dee1
-
SHA512
2f396e56f238933a6078961bf943037bb0b95251cd65cb86d7bbf46b9b078c9e061ef691a5848eb9aebb6154f5528b7d59a7cfab601646a1c58a82e8cf8004cb
Score1/10 -
-
-
Target
file.vbs
-
Size
1KB
-
MD5
2eabf3608e6b54cc84ef24a332affe2d
-
SHA1
26741323c2bc4e472129ed96d69a445404625791
-
SHA256
2e96fc0c5041710654f8b73c6b396958c1487b949a92f16d3b2456a9d750dda0
-
SHA512
d304b1a100dcde47c40a44be7783b05389ff55fd72a3fa321d0e6176fd1cf68ef490c0fe4146747cdc914bd9383b331bedca26ab8736c59795acabac5b903a84
-
Creates new service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
-
-
Target
open.vbs
-
Size
1002B
-
MD5
ae2af5c625b42c1e13cf26702cef7697
-
SHA1
eb0d7783826296ad37858870df932cbedc6d2342
-
SHA256
a50f01b0305d22c61988cac12af3449c0090f0a6c18ec412e5e8208740759bde
-
SHA512
55efed57559e803c62373076efdbc7c4006212380ed74dc5b81766bae479e67770c80a3b489061d45d5e652c1adc39436a791d70e5f774df1941d370836c1f5f
Score1/10 -
-
-
Target
runonce.cmd
-
Size
1KB
-
MD5
26546387c9729e1596eb8fd59106d300
-
SHA1
71ebf69d314ff28938a8addc85f66b023f8aeee7
-
SHA256
baf86a1340c31a317b43fc248813c6fc9ab54c9cca5aef1ce06c1ea74adcddf8
-
SHA512
fef7f7b7780f473c00fd6b0712664642258e838e377bb23280e3ce01c682e0ef2c259b52daa83429cddce47fff553f518be6631fe627cfbeb1c9172a1f69520c
Score8/10-
Creates new service(s)
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Indicator Removal
1File Deletion
1Modify Registry
1