Overview

overview

10

Static

static

8

026c47bb53...18.doc

windows7-x64

026c47bb53...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    026c47bb539b2f6a32847dc4bec4914d_JaffaCakes118

  • Size

    213KB

  • Sample

    240427-e38e1abg8w

  • MD5

    026c47bb539b2f6a32847dc4bec4914d

  • SHA1

    93cdf9cb9dd56a592817c7ff83575b702477721a

  • SHA256

    de262e7ac841a01fc0811e18b43ea7d4cdbd32e7c32e7c9e797ff0da640ba21d

  • SHA512

    9bc1945478fb22e076cc36f4496c1d2a77dc473dc95332bea3feb06bb9347ae2e35af367c0b4bcaa1f96a95c76898988906cc1942199f5abcc5e459855ea2ca3

  • SSDEEP

    3072:u22TWTogk079THcpOu5UZT0/6tJR6REfY:u/TX07hHcJQPtT6RYY

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://www.1plus-agency.com/tmp/nlr08Z0/
exe.dropper

http://winadev.com/uglot/iiClU/
exe.dropper

https://enews.enkj.com/wordpress/h62/
exe.dropper

https://apicosto.misco-furniture.com/dvzmj/0xm3yS/
exe.dropper

http://drbeatrice.com/wp-content/HSz/
exe.dropper

https://ienerpro.com/cgi-bin/VVwhOR/
exe.dropper

https://premierbarsamui.com/Irc/O/

Targets

    • Target

      026c47bb539b2f6a32847dc4bec4914d_JaffaCakes118

    • Size

      213KB

    • MD5

      026c47bb539b2f6a32847dc4bec4914d

    • SHA1

      93cdf9cb9dd56a592817c7ff83575b702477721a

    • SHA256

      de262e7ac841a01fc0811e18b43ea7d4cdbd32e7c32e7c9e797ff0da640ba21d

    • SHA512

      9bc1945478fb22e076cc36f4496c1d2a77dc473dc95332bea3feb06bb9347ae2e35af367c0b4bcaa1f96a95c76898988906cc1942199f5abcc5e459855ea2ca3

    • SSDEEP

      3072:u22TWTogk079THcpOu5UZT0/6tJR6REfY:u/TX07hHcJQPtT6RYY

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks