Overview

overview

10

Static

static

8

023c57d62e...18.doc

windows7-x64

10

023c57d62e...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    023c57d62e8455a7e53914e033f95723_JaffaCakes118

  • Size

    183KB

  • Sample

    240427-c7k46aac4v

  • MD5

    023c57d62e8455a7e53914e033f95723

  • SHA1

    9fa1ed62b124449a9fa6dc34febcd4f2946713f9

  • SHA256

    9f82a6df32123ef98e8cc6c4c7aba91436d6aa87ce5eb9728348d1bfd48b9fb5

  • SHA512

    0692951fafef3b67e024773379ced779e7812b691da82c2acb1030b71baa354aeaf4377e862cc059a777d537ab757557a4ca1737aae202454c36c593445e4f13

  • SSDEEP

    3072:V4PrXcuQuvpzm4bkiaMQgAlSnyxS506kwlxp:iDRv1m4bnQgISnyxAVkwlxp

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://aci.serabd.com/gt7pie/WMq/
exe.dropper

http://acainacumbuca.com.br/protected-disk/x/
exe.dropper

http://airmaxx.rs/available-zone/UFxfTGg/
exe.dropper

http://labersa.com/preview/atbFjM/
exe.dropper

http://agenciaetalk.com/common-zone/uF5x3RF/
exe.dropper

http://brizboy.com/site/WrrdOMS/
exe.dropper

http://clutchinc.net/image/1/

Targets

    • Target

      023c57d62e8455a7e53914e033f95723_JaffaCakes118

    • Size

      183KB

    • MD5

      023c57d62e8455a7e53914e033f95723

    • SHA1

      9fa1ed62b124449a9fa6dc34febcd4f2946713f9

    • SHA256

      9f82a6df32123ef98e8cc6c4c7aba91436d6aa87ce5eb9728348d1bfd48b9fb5

    • SHA512

      0692951fafef3b67e024773379ced779e7812b691da82c2acb1030b71baa354aeaf4377e862cc059a777d537ab757557a4ca1737aae202454c36c593445e4f13

    • SSDEEP

      3072:V4PrXcuQuvpzm4bkiaMQgAlSnyxS506kwlxp:iDRv1m4bnQgISnyxAVkwlxp

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks