Overview

overview

10

Static

static

8

03206d6d13...18.doc

windows7-x64

10

03206d6d13...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03206d6d1361e5c95db9a0715b1a56d8_JaffaCakes118

  • Size

    214KB

  • Sample

    240427-nbjr1ahc72

  • MD5

    03206d6d1361e5c95db9a0715b1a56d8

  • SHA1

    73bdefab7414a9594a3bb430028afb7854a681e8

  • SHA256

    9de3bc7c39ba2edd50b190c48781010f46b42995ca0c5ae7be8b8c0fbb181ec4

  • SHA512

    73118b73d9b96eecd00d4ed78d04233f5d69712ce42ab8686553b7f351d3bfdc1fb59ba5540c3d7ab0a01065a3a8cfc96755d4c5f53ec0c6b3e960c613838bcf

  • SSDEEP

    1536:2B445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ55+a9hkLShGkVAelnXv:222TWTogk079THcpOu5UZ0WhGMlnrb

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://dongyabingfu.com/wp-includes/w/
exe.dropper

http://givingthanksdaily.com/Q/
exe.dropper

http://uniteddatabase.net/wp-admin/dhJ/
exe.dropper

http://www.gozowindmill.com/meteo/nmy/
exe.dropper

http://kcdryervents.com/ca/D/
exe.dropper

http://www.greaudstudio.com/docs/kGQ/
exe.dropper

https://mrveggy.com/erros/3Ss/

Targets

    • Target

      03206d6d1361e5c95db9a0715b1a56d8_JaffaCakes118

    • Size

      214KB

    • MD5

      03206d6d1361e5c95db9a0715b1a56d8

    • SHA1

      73bdefab7414a9594a3bb430028afb7854a681e8

    • SHA256

      9de3bc7c39ba2edd50b190c48781010f46b42995ca0c5ae7be8b8c0fbb181ec4

    • SHA512

      73118b73d9b96eecd00d4ed78d04233f5d69712ce42ab8686553b7f351d3bfdc1fb59ba5540c3d7ab0a01065a3a8cfc96755d4c5f53ec0c6b3e960c613838bcf

    • SSDEEP

      1536:2B445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ55+a9hkLShGkVAelnXv:222TWTogk079THcpOu5UZ0WhGMlnrb

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks