Overview

overview

10

Static

static

8

347ff47f76...18.doc

windows7-x64

10

347ff47f76...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    347ff47f76c2f083b8a74b145f729f31_JaffaCakes118

  • Size

    102KB

  • Sample

    240511-n9lz1sfb8z

  • MD5

    347ff47f76c2f083b8a74b145f729f31

  • SHA1

    b9962d26a6af39d1d647aa8ea886a29a78023370

  • SHA256

    70b2e3cad55520d91b0d6c2b955097c8651634f0fe7efb1d3e012e83a9071547

  • SHA512

    9575946c67a527ade95b032219a1909efbc836179883ed566c10d5f7bb3a77b0d1343f811d3b3aed7948b147bc95fb635dc1f754cd700cd1c41e6c11fbabf494

  • SSDEEP

    1536:hZvSl6F2eZG0c+agYuofASc0PJ6zLTBs2wVhnmZZ9N:Xj3ku8RhPEHls24nmZvN

Score
10/10
executionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://prismfox.com/6ovYMtfo/
exe.dropper

http://rehlinger.de/IpYzj/
exe.dropper

https://hvstreit.de/0gatn9mK/
exe.dropper

http://mimhospeda.com/LbvkQppZyd/

Targets

    • Target

      347ff47f76c2f083b8a74b145f729f31_JaffaCakes118

    • Size

      102KB

    • MD5

      347ff47f76c2f083b8a74b145f729f31

    • SHA1

      b9962d26a6af39d1d647aa8ea886a29a78023370

    • SHA256

      70b2e3cad55520d91b0d6c2b955097c8651634f0fe7efb1d3e012e83a9071547

    • SHA512

      9575946c67a527ade95b032219a1909efbc836179883ed566c10d5f7bb3a77b0d1343f811d3b3aed7948b147bc95fb635dc1f754cd700cd1c41e6c11fbabf494

    • SSDEEP

      1536:hZvSl6F2eZG0c+agYuofASc0PJ6zLTBs2wVhnmZZ9N:Xj3ku8RhPEHls24nmZvN

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks