Overview

overview

10

Static

static

8

redoc.doc

windows7-x64

10

redoc.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fff8a9dd6284ea3be3a1b5515010ea60_JaffaCakes118

  • Size

    21KB

  • Sample

    240421-xwczmahg55

  • MD5

    fff8a9dd6284ea3be3a1b5515010ea60

  • SHA1

    996f02d38dbcfb1866fb6dccf389754a5cbfae79

  • SHA256

    896e852a297af485ef1ab4cd296f3df13be6dcff952d0aa1a6435dca59fffe14

  • SHA512

    ce2bfa426606f42ac4a019e792586b1ab5b74e48c99918d922cdee6f69a7ead8bf31cfef7add4bc4895b5ad18117df5dcea71a965916d73c26f3220a60e1e88d

  • SSDEEP

    384:fjMi9z5BmTcNYp762zzDSNUSyvtw/X2LRc9AUBnKrOyKIvFeXOH/I7JRu85HEO1D:bMi1tsO2zzDSiSrWRc9j4vFAnDJo02M

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      redoc.doc

    • Size

      43KB

    • MD5

      7e65b487703b522b7ec2c14cf60dfc13

    • SHA1

      b56f5de1ec9df02c48a92ecb034df73c85564762

    • SHA256

      d6604d63a315c752bf276d8f121755efb5781774701661db861b40864c965ab4

    • SHA512

      81983e5fe405639268f54223eb7882b5627cbe5853f22d042e7f40ca89d53eb090383882ea71b451af880379a1d55ebd71f57a8caadae13ab96b8fe38a3c267b

    • SSDEEP

      384:2pVDKHi8vJcVAvkzi1V0GsrJFWLnrXbdNHFSUIWq8iSUR/8devkLw+th/4DSxbz1:UKHiA3vdDsrXA7bdBIWg/qaHvDSNo

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks