Overview

overview

10

Static

static

8

0211a5e536...18.doc

windows7-x64

10

0211a5e536...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0211a5e536935ff85bce3d1c0aef2182_JaffaCakes118

  • Size

    176KB

  • Sample

    240427-bjasvagf6s

  • MD5

    0211a5e536935ff85bce3d1c0aef2182

  • SHA1

    88b8671fcb3085736c34fa821fbb1ec1a84dc97e

  • SHA256

    90436fd2b7dd3b53b0f9abda0a244fb004bf403720ecc01f7ffe41eb1866b36d

  • SHA512

    6a967f1b7b3c1d99a528a859122fd7bbbb1f3591ac73a5a281f9a57739210df21e8cc719c9fb9dc58f694996111d5b0401990b6a95e175de068fa0fe48a45a2c

  • SSDEEP

    1536:GkPkfrdi1Ir77zOH98Wj2gpng9+a9PGnut1ExbYCYWOFBfM0jKdQ2gX:grfrzOH98ipgGuiX10+dngX

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://santyago.org/wp-content/0mcYS6/
exe.dropper

http://dandyair.com/font-awesome/rOOAL/
exe.dropper

https://www.tekadbatam.com/wp-content/AUiw/
exe.dropper

http://kellymorganscience.com/wp-content/SCsWM/
exe.dropper

https://tewoerd.eu/img/DALSKE/
exe.dropper

http://mediainmedia.com/plugin_opencart2.3-master/Atye/
exe.dropper

http://nuwagi.com/old/XLGjc/

Targets

    • Target

      0211a5e536935ff85bce3d1c0aef2182_JaffaCakes118

    • Size

      176KB

    • MD5

      0211a5e536935ff85bce3d1c0aef2182

    • SHA1

      88b8671fcb3085736c34fa821fbb1ec1a84dc97e

    • SHA256

      90436fd2b7dd3b53b0f9abda0a244fb004bf403720ecc01f7ffe41eb1866b36d

    • SHA512

      6a967f1b7b3c1d99a528a859122fd7bbbb1f3591ac73a5a281f9a57739210df21e8cc719c9fb9dc58f694996111d5b0401990b6a95e175de068fa0fe48a45a2c

    • SSDEEP

      1536:GkPkfrdi1Ir77zOH98Wj2gpng9+a9PGnut1ExbYCYWOFBfM0jKdQ2gX:grfrzOH98ipgGuiX10+dngX

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks