Overview

overview

10

Static

static

8

0017909683...18.doc

windows7-x64

10

0017909683...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    001790968376ce0ae28282281c3e0667_JaffaCakes118

  • Size

    173KB

  • Sample

    240425-z3676afa5t

  • MD5

    001790968376ce0ae28282281c3e0667

  • SHA1

    ee331401002110fd58cc91f1000fdc5b763f2da1

  • SHA256

    0316ae38f6aa57cd2f8fb8081311cbc614e0ab5b008e8aad5f62dd2bef7d8389

  • SHA512

    b08799fe6bef1c3d35f58bfc2fb7482c9a2c68c99988d7a701fae3fb5d8f208aff65c8e0301c1c61c8fc0d87fa133e5323b955207659ffe07e58f3363ba0ffca

  • SSDEEP

    1536:7DGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiPIFqaS17dv8qHSDHrLubIaEHpe:XrfrzOH98ipg5yE10gJ+

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://up.neu.vn/ahubhten/GoU5j/
exe.dropper

http://zsstart.com/mobile/lM4onHI/
exe.dropper

https://softgon.com/wp-content/gjVNOlY/
exe.dropper

https://studiolegaletufano.net/setting/LFkMN/
exe.dropper

http://trillionstarplus.com/wp-admin/SVhB4/
exe.dropper

http://blog.tobenum.club/wp-content/drHj/
exe.dropper

http://homful.info/wp-content/5UEyn/

Targets

    • Target

      001790968376ce0ae28282281c3e0667_JaffaCakes118

    • Size

      173KB

    • MD5

      001790968376ce0ae28282281c3e0667

    • SHA1

      ee331401002110fd58cc91f1000fdc5b763f2da1

    • SHA256

      0316ae38f6aa57cd2f8fb8081311cbc614e0ab5b008e8aad5f62dd2bef7d8389

    • SHA512

      b08799fe6bef1c3d35f58bfc2fb7482c9a2c68c99988d7a701fae3fb5d8f208aff65c8e0301c1c61c8fc0d87fa133e5323b955207659ffe07e58f3363ba0ffca

    • SSDEEP

      1536:7DGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiPIFqaS17dv8qHSDHrLubIaEHpe:XrfrzOH98ipg5yE10gJ+

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks