Overview

overview

10

Static

static

8

00fa448823...18.doc

windows7-x64

00fa448823...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00fa448823eed14b07e52ee1dfdf6bd1_JaffaCakes118

  • Size

    238KB

  • Sample

    240426-rt2x3sdf32

  • MD5

    00fa448823eed14b07e52ee1dfdf6bd1

  • SHA1

    627bda4c30fad92dced06fa261312cf102187d91

  • SHA256

    d9ea74cc1009cc88049833c14d31a5217dc49f26ca90d1d012965d465b8e0fe4

  • SHA512

    a18011877d83d64628254ba869c90a3a0d5fa3003d4fd6ee31613dc1f1cc2cc6b97f610d291e0fdd6eb0861a74a45a6d51f23855f5699aebd8a5000f5cc2ef89

  • SSDEEP

    3072:/j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkR9C7F5L++PQSwIj:/HgtEWPsL/aTyT9GkvC7Fp+yQSwIj

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://synergiktattoo.com/vrryt/JxBJtEjuoMa/
exe.dropper

http://intelligence.com.sg/registration/OmicxcEM/
exe.dropper

http://justinkongyt.com/wp-includes/fwArIAQ/
exe.dropper

http://octaitsolutions.com.br/tdse_n_merzn/eJcng/
exe.dropper

https://coolcomputers.info/mail/vjfhVt/
exe.dropper

http://mastermindgroup.co.in/wp-content/v1k751/
exe.dropper

http://tastes2plate.com/wp-content/uploads/JEToKmid/

Targets

    • Target

      00fa448823eed14b07e52ee1dfdf6bd1_JaffaCakes118

    • Size

      238KB

    • MD5

      00fa448823eed14b07e52ee1dfdf6bd1

    • SHA1

      627bda4c30fad92dced06fa261312cf102187d91

    • SHA256

      d9ea74cc1009cc88049833c14d31a5217dc49f26ca90d1d012965d465b8e0fe4

    • SHA512

      a18011877d83d64628254ba869c90a3a0d5fa3003d4fd6ee31613dc1f1cc2cc6b97f610d291e0fdd6eb0861a74a45a6d51f23855f5699aebd8a5000f5cc2ef89

    • SSDEEP

      3072:/j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkR9C7F5L++PQSwIj:/HgtEWPsL/aTyT9GkvC7Fp+yQSwIj

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks