Overview

overview

10

Static

static

8

010824a885...18.doc

windows7-x64

10

010824a885...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    010824a885bb6f33aad5929f39a11eda_JaffaCakes118

  • Size

    233KB

  • Sample

    240426-sd558seh6t

  • MD5

    010824a885bb6f33aad5929f39a11eda

  • SHA1

    728b1255412c0ff7c412731d7fb152944f0fdeda

  • SHA256

    12fc9dae5d96ce0bddec914a8411b89358007d636b29089cc88bb4c36458d979

  • SHA512

    3d1e7dd0014ecff493e7a3ccfd919f83d207906db670ec52f5455ec1d9627f2d63e1fbd28621942bd656b286ef2cd39f34306dc93cf09f8b9e4a4055653b91bb

  • SSDEEP

    3072:7j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGk2HClUR1uwQA+Rf:7HgtEWPsL/aTyT9Gk2HQURMwQNRf

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://pmanquetil.com/wp-admin/0f_aufka_yxuwpl/
exe.dropper

https://hsshivling.com/9efesfwep/b7xi_dys_5menh13/
exe.dropper

http://vtescebu.com/wp-content/upgrade/qo_4f_q/
exe.dropper

http://congcuphongthan.com/mainto/p_e9_nzbfcj04oi/
exe.dropper

http://glashandelmaxima.nl/wp-admin/ivtu_6l7_yyn42mu35/

Targets

    • Target

      010824a885bb6f33aad5929f39a11eda_JaffaCakes118

    • Size

      233KB

    • MD5

      010824a885bb6f33aad5929f39a11eda

    • SHA1

      728b1255412c0ff7c412731d7fb152944f0fdeda

    • SHA256

      12fc9dae5d96ce0bddec914a8411b89358007d636b29089cc88bb4c36458d979

    • SHA512

      3d1e7dd0014ecff493e7a3ccfd919f83d207906db670ec52f5455ec1d9627f2d63e1fbd28621942bd656b286ef2cd39f34306dc93cf09f8b9e4a4055653b91bb

    • SSDEEP

      3072:7j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGk2HClUR1uwQA+Rf:7HgtEWPsL/aTyT9Gk2HQURMwQNRf

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks