Overview

overview

10

Static

static

8

272e0e5c87...18.doc

windows7-x64

10

272e0e5c87...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    272e0e5c87d69d7364ca78801a375538_JaffaCakes118

  • Size

    91KB

  • Sample

    240508-3aqw9afd59

  • MD5

    272e0e5c87d69d7364ca78801a375538

  • SHA1

    1ee6c2690e27bba3f0ea1fcf87bada2962f12867

  • SHA256

    555d2c8d15d1d8018a56c964ae88148ebffcf5a323d9a1a0c04897a208180692

  • SHA512

    fce0640b38c95b25df64ba9d40565d1cbf65fd25b8df74d995cc67fbecee93820cd460210400489f31d228091cdfbc0dcfa6b8d3132e71aff7b0c67d76abff6d

  • SSDEEP

    1536:07ljmW9/bvF8kDK3cvyQa2E1XFjmCaIH84G+a9:Wl/bvF8OnaJ1XtxaIH84

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.ozturcanakkale.com/veh
exe.dropper

http://jalvarshaborewell.com/qKkg
exe.dropper

http://kikakeus.nl/dgc0WYq9
exe.dropper

http://pashkinbar.ru/cWGU
exe.dropper

http://cisteni-studni.com/qb1Y2

Targets

    • Target

      272e0e5c87d69d7364ca78801a375538_JaffaCakes118

    • Size

      91KB

    • MD5

      272e0e5c87d69d7364ca78801a375538

    • SHA1

      1ee6c2690e27bba3f0ea1fcf87bada2962f12867

    • SHA256

      555d2c8d15d1d8018a56c964ae88148ebffcf5a323d9a1a0c04897a208180692

    • SHA512

      fce0640b38c95b25df64ba9d40565d1cbf65fd25b8df74d995cc67fbecee93820cd460210400489f31d228091cdfbc0dcfa6b8d3132e71aff7b0c67d76abff6d

    • SSDEEP

      1536:07ljmW9/bvF8kDK3cvyQa2E1XFjmCaIH84G+a9:Wl/bvF8OnaJ1XtxaIH84

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks