f1cce2e826b3c2e6d7f0d03cfd2bd01faf925df8116e9d873bbc3cf62dc5c18c | Triage

Submit
Reports

Overview

overview

Static

static

8

01e2e34895...18.doc

windows7-x64

01e2e34895...18.doc

windows10-2004-x64

1

Sharing

General

Target

01e2e3489568c9d07216b351faff5bdc_JaffaCakes118
Size

33KB
Sample

240426-29kzlsfa2s
MD5

01e2e3489568c9d07216b351faff5bdc
SHA1

6e6407b0843d176b3133243ed564032e87bddde8
SHA256

f1cce2e826b3c2e6d7f0d03cfd2bd01faf925df8116e9d873bbc3cf62dc5c18c
SHA512

b368e5d03cd6009b6b7da793bcd08cfd230a028b260c3c1600bd1b384ad968f53e614a6f9e739abb8d930d93fcf2172c9ec824e86efb33a911c783274f952281
SSDEEP

192:9HTxlQZEvAIA6/6rrILd/Kf3HO8tnAP2EZUy0jWsLrtXGPqsoc78hBechH5ew2Ca:9rkiSUR/8dnr7y0jWertTsb7CB

Score

10^/10

macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

01e2e3489568c9d07216b351faff5bdc_JaffaCakes118.doc

Resource

win7-20240221-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

01e2e3489568c9d07216b351faff5bdc_JaffaCakes118.doc

Resource

win10v2004-20240419-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://poc.howielab.com/C2/Agent/20180504030337

Targets

- Target
  
  01e2e3489568c9d07216b351faff5bdc_JaffaCakes118
- Size
  
  33KB
- MD5
  
  01e2e3489568c9d07216b351faff5bdc
- SHA1
  
  6e6407b0843d176b3133243ed564032e87bddde8
- SHA256
  
  f1cce2e826b3c2e6d7f0d03cfd2bd01faf925df8116e9d873bbc3cf62dc5c18c
- SHA512
  
  b368e5d03cd6009b6b7da793bcd08cfd230a028b260c3c1600bd1b384ad968f53e614a6f9e739abb8d930d93fcf2172c9ec824e86efb33a911c783274f952281
- SSDEEP
  
  192:9HTxlQZEvAIA6/6rrILd/Kf3HO8tnAP2EZUy0jWsLrtXGPqsoc78hBechH5ew2Ca:9rkiSUR/8dnr7y0jWertTsb7CB
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2024

Terms | Privacy