Overview

overview

10

Static

static

8

025f37ea44...18.doc

windows7-x64

10

025f37ea44...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    025f37ea4429a586213801f80f65635d_JaffaCakes118

  • Size

    159KB

  • Sample

    240427-ejw8maae64

  • MD5

    025f37ea4429a586213801f80f65635d

  • SHA1

    2f809b6cbf027ddc85fb1dc6b6738a91b702a121

  • SHA256

    32860903aa2dc1e816386a8ccdf2889e8b196f4b329a8c05df5b786eb07ad32f

  • SHA512

    b0c6952fd0fb5b835c144c8922ec2042048febc3d4d5247fb8d500f698b1b7a5db53363919ddb38bb74392e83813409c647523ddc722aa1228448d6f587b7efb

  • SSDEEP

    1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a95xRiqLE8ct2PU7eXKSSxH5ppJx1FWZ:+0rfrzOH98ipgZkJx1FWZ

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://77yxx.com/b5rh/bZxS/
exe.dropper

http://shahramookht.com/t1k12k7t/8jq/
exe.dropper

http://www.aciitaly.com/adminer-master/gkI/
exe.dropper

https://codelta.es/images/9S35FR/
exe.dropper

https://burstoutloud.com/PPL/Hf/
exe.dropper

https://targetin.com/Silder-1/naK/
exe.dropper

http://dbestfishing.com.sg/67s/wfe/

Targets

    • Target

      025f37ea4429a586213801f80f65635d_JaffaCakes118

    • Size

      159KB

    • MD5

      025f37ea4429a586213801f80f65635d

    • SHA1

      2f809b6cbf027ddc85fb1dc6b6738a91b702a121

    • SHA256

      32860903aa2dc1e816386a8ccdf2889e8b196f4b329a8c05df5b786eb07ad32f

    • SHA512

      b0c6952fd0fb5b835c144c8922ec2042048febc3d4d5247fb8d500f698b1b7a5db53363919ddb38bb74392e83813409c647523ddc722aa1228448d6f587b7efb

    • SSDEEP

      1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a95xRiqLE8ct2PU7eXKSSxH5ppJx1FWZ:+0rfrzOH98ipgZkJx1FWZ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks