Overview

overview

10

Static

static

8

0328d3b071...18.doc

windows7-x64

10

0328d3b071...18.doc

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0328d3b071688ec4a2859234f09a0fa2_JaffaCakes118

  • Size

    199KB

  • Sample

    240427-npafgshe99

  • MD5

    0328d3b071688ec4a2859234f09a0fa2

  • SHA1

    2744c938d41e20e87b0de00dfefa4313e8a61ffe

  • SHA256

    06312595c314eb6f890b8e7a5111dafd625ce21c4e6ba6094d446924895e2a1a

  • SHA512

    f7cbfbbad1bd741e2407e1ebc39ab1048ee99cd457b1c357f1fca69daf9ab2b0c667dabde4771a407961baefacae89d98517af44ed74da39e44503fc512b784e

  • SSDEEP

    3072:Vqg22TWTogk079THcpOu5UZXpfRvAKpXRT:d/TX07hHcJQdhT

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://ora-ks.com/system/cache/MF1h/
exe.dropper

http://megasolucoesti.com/R9KDq0O8w/s3/
exe.dropper

http://buyparrotsaustralia.com/4318z/q/
exe.dropper

https://dubai-homes.ae/wp-admin/4v/
exe.dropper

http://adventureitdate.com/wp-admin/7/
exe.dropper

http://blog.zunapro.com/wp-admin/GoSV/
exe.dropper

https://fepami.com/wp-includes/h/

Targets

    • Target

      0328d3b071688ec4a2859234f09a0fa2_JaffaCakes118

    • Size

      199KB

    • MD5

      0328d3b071688ec4a2859234f09a0fa2

    • SHA1

      2744c938d41e20e87b0de00dfefa4313e8a61ffe

    • SHA256

      06312595c314eb6f890b8e7a5111dafd625ce21c4e6ba6094d446924895e2a1a

    • SHA512

      f7cbfbbad1bd741e2407e1ebc39ab1048ee99cd457b1c357f1fca69daf9ab2b0c667dabde4771a407961baefacae89d98517af44ed74da39e44503fc512b784e

    • SSDEEP

      3072:Vqg22TWTogk079THcpOu5UZXpfRvAKpXRT:d/TX07hHcJQdhT

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks