Overview

overview

10

Static

static

8

003d1b1e08...18.doc

windows7-x64

10

003d1b1e08...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    003d1b1e080db4b48467ad41fcbed232_JaffaCakes118

  • Size

    189KB

  • Sample

    240426-ht87qabc2w

  • MD5

    003d1b1e080db4b48467ad41fcbed232

  • SHA1

    d2aff9bb84985700d80d213588d000d19c6667b8

  • SHA256

    22a29b66bba17966a31c3cd3286dc31fa1c99e45ab2fa9bd84eeee1bd847f58e

  • SHA512

    3d3d622bfe9df69a497b76a817dd18662a43ac7800f28978554ae9299e1c2f6364896fb13e7ac09a34b97a9ed4588e269b887bc2bc1ee85b511ed5ded29ad662

  • SSDEEP

    3072:uvHv22TWTogk079THcpOu5UZvNu81zUz4LKZL:E/TX07hHcJQ1uezUELGL

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://minershallmuseum.com/documents/D/
exe.dropper

http://injazjordan.com/moodle/Vh/
exe.dropper

https://site1.xyz/wp-admin/Y/
exe.dropper

http://2bstone.com/vr7tf0c/ZD/
exe.dropper

http://biology-360.com/wp-admin/hv/
exe.dropper

http://tez-tour.site/wp-content/9sB/
exe.dropper

http://iooe.cn/wp-content/hdO/

Targets

    • Target

      003d1b1e080db4b48467ad41fcbed232_JaffaCakes118

    • Size

      189KB

    • MD5

      003d1b1e080db4b48467ad41fcbed232

    • SHA1

      d2aff9bb84985700d80d213588d000d19c6667b8

    • SHA256

      22a29b66bba17966a31c3cd3286dc31fa1c99e45ab2fa9bd84eeee1bd847f58e

    • SHA512

      3d3d622bfe9df69a497b76a817dd18662a43ac7800f28978554ae9299e1c2f6364896fb13e7ac09a34b97a9ed4588e269b887bc2bc1ee85b511ed5ded29ad662

    • SSDEEP

      3072:uvHv22TWTogk079THcpOu5UZvNu81zUz4LKZL:E/TX07hHcJQ1uezUELGL

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks