Overview

overview

10

Static

static

8

01d9dc42db...18.doc

windows7-x64

10

01d9dc42db...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01d9dc42dbdb29a1773a68ddf8628e03_JaffaCakes118

  • Size

    176KB

  • Sample

    240426-2vybdsef6t

  • MD5

    01d9dc42dbdb29a1773a68ddf8628e03

  • SHA1

    b7b686e4135540ef15f1a39c5693822d007f1717

  • SHA256

    f6bd46837e705aee39428d412f28116876f6351e1148b7ce01d5e1848b7d0061

  • SHA512

    38cfe1e649bb4e89ddc7f78229a055c0ba74782fe208cc862bb5279d34938913e13badabde6b32fdd6a263bbb192dfe0eb82ca7e4728d10de20297ad69ca9c77

  • SSDEEP

    1536:trdi1Ir77zOH98Wj2gpngx+a9ZGmLtHdb:trfrzOH98ipgRFdb

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://haikouweixun.com/jn5/Rbp/
exe.dropper

http://carolinacanullo.com/js/hllPT/
exe.dropper

http://megasolucoesti.com/R9KDq0O8w/B3KqPpe/
exe.dropper

http://www.insulution.org/wp-admin/swift/swift/y318LGM/
exe.dropper

http://petafilm.com/calendar/6kOpwrt/
exe.dropper

https://dev.contractdevs.co.uk/hbbny/Kv9/
exe.dropper

http://blog.penmman.com/wp-content/uploads/1ECbn9K/

Targets

    • Target

      01d9dc42dbdb29a1773a68ddf8628e03_JaffaCakes118

    • Size

      176KB

    • MD5

      01d9dc42dbdb29a1773a68ddf8628e03

    • SHA1

      b7b686e4135540ef15f1a39c5693822d007f1717

    • SHA256

      f6bd46837e705aee39428d412f28116876f6351e1148b7ce01d5e1848b7d0061

    • SHA512

      38cfe1e649bb4e89ddc7f78229a055c0ba74782fe208cc862bb5279d34938913e13badabde6b32fdd6a263bbb192dfe0eb82ca7e4728d10de20297ad69ca9c77

    • SSDEEP

      1536:trdi1Ir77zOH98Wj2gpngx+a9ZGmLtHdb:trfrzOH98ipgRFdb

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks