Overview

overview

8

Static

static

8

0316284f83...18.doc

windows7-x64

1

0316284f83...18.doc

windows10-2004-x64

1

decrypted.xlam

windows7-x64

8

decrypted.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0316284f836c4cf6d877a6ac1b40d597_JaffaCakes118

  • Size

    436KB

  • Sample

    240427-mys4hsha37

  • MD5

    0316284f836c4cf6d877a6ac1b40d597

  • SHA1

    c09b7818616d35b19072d508f101fc1ebe7e68aa

  • SHA256

    5399db990c923676dda657b10d388839fceb0bc0670f7c536fde74475250c067

  • SHA512

    46b311d798956c84bdfe4caacb3af5573b25412c9671be93b6c6de7f840aa0ecbc85dfd57052761f69481d2dce791661e3443393d3f3cb8fe0feddd8167ea9b3

  • SSDEEP

    12288:tU4/+/gyXzvh2iFnwBWScVKM2tUN1lsmEMtEV23G6nm:tB/YLz7no+D2tQKmEMgKm

Score
8/10
macro

Malware Config

Targets

    • Target

      0316284f836c4cf6d877a6ac1b40d597_JaffaCakes118

    • Size

      436KB

    • MD5

      0316284f836c4cf6d877a6ac1b40d597

    • SHA1

      c09b7818616d35b19072d508f101fc1ebe7e68aa

    • SHA256

      5399db990c923676dda657b10d388839fceb0bc0670f7c536fde74475250c067

    • SHA512

      46b311d798956c84bdfe4caacb3af5573b25412c9671be93b6c6de7f840aa0ecbc85dfd57052761f69481d2dce791661e3443393d3f3cb8fe0feddd8167ea9b3

    • SSDEEP

      12288:tU4/+/gyXzvh2iFnwBWScVKM2tUN1lsmEMtEV23G6nm:tB/YLz7no+D2tQKmEMgKm

    Score
    1/10
    behavioral1behavioral2

    • Target

      decrypted

    • Size

      422KB

    • MD5

      92e4669f19f8d8d67f65a91b7cf2dde6

    • SHA1

      98dd1a47c5af349ecf337de4c1c14f0b9201b757

    • SHA256

      b6e36bb17d2beae2addeaa9880fbccdc4b431bfccbdd0ab9e5ed5429199d24ea

    • SHA512

      87470765640051321b7d3ed1c7a5ff043ad898b3a621986fc19ca167f4f430223fe21c7b4d52fb576db2ba0c3ccd745a6e720bba4b72b80abc7727227c8d7037

    • SSDEEP

      12288:GIxNu39EzsTY1kFKRm41qNx6AB8DNfmEEV0:yizsTYFLcPipf7Q0

    Score
    8/10

    • Blocklisted process makes network request

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

6
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks