Overview

overview

10

Static

static

8

0278d0a722...18.doc

windows7-x64

10

0278d0a722...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0278d0a72296d4746b9410b1b3efaa16_JaffaCakes118

  • Size

    73KB

  • Sample

    240427-fkntbabe45

  • MD5

    0278d0a72296d4746b9410b1b3efaa16

  • SHA1

    f0ba45845fb6eeac96abde9a874308a59475ecde

  • SHA256

    750977f7a6f6642f593ff5a1bdcfca3efad389a2e9c9eab2aa84cb710ff3fb08

  • SHA512

    24fada8d9be6de0d6e5d784d0b1d43b9a743b423980d29acebefb1f2b60fcba7cf40f1f04aa5571b1c0ebdb0cd6a13e70dbf6890411c5a08fa48054137203c46

  • SSDEEP

    768:I/rVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBt+1o9OHAzeIVMOwu:I/rocn1kp59gxBK85fBt+a9Oy

Score
10/10
macro

Malware Config

Targets

    • Target

      0278d0a72296d4746b9410b1b3efaa16_JaffaCakes118

    • Size

      73KB

    • MD5

      0278d0a72296d4746b9410b1b3efaa16

    • SHA1

      f0ba45845fb6eeac96abde9a874308a59475ecde

    • SHA256

      750977f7a6f6642f593ff5a1bdcfca3efad389a2e9c9eab2aa84cb710ff3fb08

    • SHA512

      24fada8d9be6de0d6e5d784d0b1d43b9a743b423980d29acebefb1f2b60fcba7cf40f1f04aa5571b1c0ebdb0cd6a13e70dbf6890411c5a08fa48054137203c46

    • SSDEEP

      768:I/rVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBt+1o9OHAzeIVMOwu:I/rocn1kp59gxBK85fBt+a9Oy

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks