Overview

overview

10

Static

static

8

03bf3b1ce8...18.doc

windows7-x64

10

03bf3b1ce8...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03bf3b1ce80b54587b188e3276b26bd1_JaffaCakes118

  • Size

    241KB

  • Sample

    240427-16j3gaaa6x

  • MD5

    03bf3b1ce80b54587b188e3276b26bd1

  • SHA1

    750a7aa76d71873237e7a65a0f13eeadc6ec8890

  • SHA256

    8dafb2deffcd58d1f37f7f49b26caac87fa1436875085f716a0d9d0f3dc613ea

  • SHA512

    9e14e0cc10c9932ac9b3b24eba3b3d1eb98434904dfe0b796bb44bd8a8c620a8fdfedbc26aa355f17161faf3cbfb7a47510f460727cd27b7a333ef4b39090aa6

  • SSDEEP

    3072:wYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////N:40uXnWFchmmcI/o1/BOfzJ

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.ksgresearch.org/LLC/z9B/
exe.dropper

http://www.mitrausahacontrucion.com/multifunctional-section/X2v4XN/
exe.dropper

http://daprofesional.com/data4/rsdbA1h/
exe.dropper

http://degisimkalip.com.tr/wp-admin/ZML/
exe.dropper

http://da-industrial.com/js/6GGA48AK/
exe.dropper

http://cse-engineer.com/cgi-bin/BOiL/
exe.dropper

http://casabeethovenlb.com/classes/7SUlG/

Targets

    • Target

      03bf3b1ce80b54587b188e3276b26bd1_JaffaCakes118

    • Size

      241KB

    • MD5

      03bf3b1ce80b54587b188e3276b26bd1

    • SHA1

      750a7aa76d71873237e7a65a0f13eeadc6ec8890

    • SHA256

      8dafb2deffcd58d1f37f7f49b26caac87fa1436875085f716a0d9d0f3dc613ea

    • SHA512

      9e14e0cc10c9932ac9b3b24eba3b3d1eb98434904dfe0b796bb44bd8a8c620a8fdfedbc26aa355f17161faf3cbfb7a47510f460727cd27b7a333ef4b39090aa6

    • SSDEEP

      3072:wYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////N:40uXnWFchmmcI/o1/BOfzJ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks