Overview

overview

10

Static

static

8

02cffecb2f...18.doc

windows7-x64

10

02cffecb2f...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02cffecb2f3bb744309429849737a097_JaffaCakes118

  • Size

    148KB

  • Sample

    240427-j63fdaee98

  • MD5

    02cffecb2f3bb744309429849737a097

  • SHA1

    982c41855b71cac7ac7b31484612b36f111efd20

  • SHA256

    1116a2e7fa6258682b58645e1e662e5214a3c05e32cd4d43ed25568c76c30bfc

  • SHA512

    dd2e82975891948f93c42c6839d79749f22eb8d0c2bbd05b36d9888fcef3fcee7c7b92aeabbeb79bbc9281c0bde06867c64cb67e25980b93667024842fda81d6

  • SSDEEP

    3072:MMJ55+wiapciMf+nKGN/nyNtLObaqgtMUhY:jfJ3hnmLObaquMUhY

Score
10/10
macro

Malware Config

Targets

    • Target

      02cffecb2f3bb744309429849737a097_JaffaCakes118

    • Size

      148KB

    • MD5

      02cffecb2f3bb744309429849737a097

    • SHA1

      982c41855b71cac7ac7b31484612b36f111efd20

    • SHA256

      1116a2e7fa6258682b58645e1e662e5214a3c05e32cd4d43ed25568c76c30bfc

    • SHA512

      dd2e82975891948f93c42c6839d79749f22eb8d0c2bbd05b36d9888fcef3fcee7c7b92aeabbeb79bbc9281c0bde06867c64cb67e25980b93667024842fda81d6

    • SSDEEP

      3072:MMJ55+wiapciMf+nKGN/nyNtLObaqgtMUhY:jfJ3hnmLObaquMUhY

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks