Overview

overview

10

Static

static

8

0287c310be...18.doc

windows7-x64

10

0287c310be...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0287c310be61abadd714d26d78a476fe_JaffaCakes118

  • Size

    152KB

  • Sample

    240427-f5584acb37

  • MD5

    0287c310be61abadd714d26d78a476fe

  • SHA1

    1bf1e8b62f25393ad15dc9b3177c7bc118ff4d91

  • SHA256

    ea4bcbe90240950b3246ac90b8c4dbf5c2f03b839328ea0583e893e0ad72ddb9

  • SHA512

    a1b1e024c73c67dcd1fd35086b200a5a92f2d88f5db9c499e286b925626894628e0dd529e417ec0ea75266bbdc82f8c5fa371f69a9d20cc11e522e6ce8df8049

  • SSDEEP

    3072:J77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qP/fhJEQiAEoS5y3zedm:J77HUUUUUUUUUUUUUUUUUUUT52VmfhCW

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://pressuredspeech.com/dngn/cEmgNTByQ/
exe.dropper

https://phoneringtones.info/wp-content/uploads/qx93_k68trw3j-15334/
exe.dropper

http://safeservicesfze.com/wp-admin/ZmVYmAXv/
exe.dropper

https://freewallpaperdesktop.com/wp-includes/50lz_zkln03lbc-8209361/
exe.dropper

http://noingoaithatthanhnam.com/wp-admin/voytvHre/

Targets

    • Target

      0287c310be61abadd714d26d78a476fe_JaffaCakes118

    • Size

      152KB

    • MD5

      0287c310be61abadd714d26d78a476fe

    • SHA1

      1bf1e8b62f25393ad15dc9b3177c7bc118ff4d91

    • SHA256

      ea4bcbe90240950b3246ac90b8c4dbf5c2f03b839328ea0583e893e0ad72ddb9

    • SHA512

      a1b1e024c73c67dcd1fd35086b200a5a92f2d88f5db9c499e286b925626894628e0dd529e417ec0ea75266bbdc82f8c5fa371f69a9d20cc11e522e6ce8df8049

    • SSDEEP

      3072:J77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qP/fhJEQiAEoS5y3zedm:J77HUUUUUUUUUUUUUUUUUUUT52VmfhCW

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks