Overview

overview

10

Static

static

8

02af40dabd...18.doc

windows7-x64

10

02af40dabd...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02af40dabd11d5da64f86c23abccc8be_JaffaCakes118

  • Size

    232KB

  • Sample

    240427-hvsw5aeb4t

  • MD5

    02af40dabd11d5da64f86c23abccc8be

  • SHA1

    b6979af622150d5fc1903c97598534542de5798d

  • SHA256

    35d64e2069f309ea21d5da7ad5f114c17783e14eb7c28bfcb9b9c88d41fc7992

  • SHA512

    ff7c8fdc6564b7c3dede75e774d2475ae89112e567512338da84cb50e12d6cfff4ad4965b74e01ee8b9c6bca5b42e671ad7df671a473c7d5fb61eb6478b2fa09

  • SSDEEP

    3072:7j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkgkVXfKl6wsRp:7HgtEWPsL/aTyT9GkgklfKl6wsD

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://seedsagro.com/wp-content/MZ9Qd/
exe.dropper

http://aribsalin.ematj.com/up/E9Oj3tPaCk/
exe.dropper

http://dawood-elmoratel.ematj.com/wp-admin/eDORY317/
exe.dropper

http://khudothiaquacity.com/wp-admin/FLgiVM8/
exe.dropper

http://gpzjw8.net/ekjsn/AV785131/

Targets

    • Target

      02af40dabd11d5da64f86c23abccc8be_JaffaCakes118

    • Size

      232KB

    • MD5

      02af40dabd11d5da64f86c23abccc8be

    • SHA1

      b6979af622150d5fc1903c97598534542de5798d

    • SHA256

      35d64e2069f309ea21d5da7ad5f114c17783e14eb7c28bfcb9b9c88d41fc7992

    • SHA512

      ff7c8fdc6564b7c3dede75e774d2475ae89112e567512338da84cb50e12d6cfff4ad4965b74e01ee8b9c6bca5b42e671ad7df671a473c7d5fb61eb6478b2fa09

    • SSDEEP

      3072:7j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkgkVXfKl6wsRp:7HgtEWPsL/aTyT9GkgklfKl6wsD

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks