5728aa05ef3551aa19530c31280bb3ea3c1e3a5002a0d7ff73c0defedf6d5f13 | Triage

Submit
Reports

Overview

overview

Static

static

8

2ed422fb4a...18.doc

windows7-x64

2ed422fb4a...18.doc

windows10-2004-x64

Sharing

General

Target

2ed422fb4a023af73c40611052c5dedc_JaffaCakes118
Size

167KB
Sample

240510-nbzhfsbb2w
MD5

2ed422fb4a023af73c40611052c5dedc
SHA1

d16936fefffd9db05d009149b4ad31dacdbc7359
SHA256

5728aa05ef3551aa19530c31280bb3ea3c1e3a5002a0d7ff73c0defedf6d5f13
SHA512

298c3acbc0481a276dec0c7a6dbdc34e572b056658fc202a4361b5b1de81abecd704982603f0ebca426f63570ee5e054df872525005272764bba5ff89200e330
SSDEEP

3072:ExjnB29gb8onvGflgQjDic88w065Zh69txcqYtl7vtWQAO:Exy6Qj7Hw065Z4x3Yb71W

Score

10^/10

execution macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

2ed422fb4a023af73c40611052c5dedc_JaffaCakes118.doc

Resource

win7-20240221-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2ed422fb4a023af73c40611052c5dedc_JaffaCakes118.doc

Resource

win10v2004-20240426-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://orangereel.co.uk/zr3F

exe.dropper

http://www.mwmummeryroofing.com/0vG

exe.dropper

http://hawkinscs.com/F

exe.dropper

http://damnfinegifts.co.uk/I9Rxpm2y

exe.dropper

http://cotala.com/68vt

Targets

- Target
  
  2ed422fb4a023af73c40611052c5dedc_JaffaCakes118
- Size
  
  167KB
- MD5
  
  2ed422fb4a023af73c40611052c5dedc
- SHA1
  
  d16936fefffd9db05d009149b4ad31dacdbc7359
- SHA256
  
  5728aa05ef3551aa19530c31280bb3ea3c1e3a5002a0d7ff73c0defedf6d5f13
- SHA512
  
  298c3acbc0481a276dec0c7a6dbdc34e572b056658fc202a4361b5b1de81abecd704982603f0ebca426f63570ee5e054df872525005272764bba5ff89200e330
- SSDEEP
  
  3072:ExjnB29gb8onvGflgQjDic88w065Zh69txcqYtl7vtWQAO:Exy6Qj7Hw065Z4x3Yb71W
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2024

Terms | Privacy