Overview

overview

10

Static

static

8

UPS-6GWU3R...4B.doc

windows7-x64

10

UPS-6GWU3R...4B.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4088ad5ff2bd30074c815b6cdcae5110_JaffaCakes118

  • Size

    79KB

  • Sample

    240514-hblcyadg8z

  • MD5

    4088ad5ff2bd30074c815b6cdcae5110

  • SHA1

    cbfe0674a90438f39672f0521b8ebd02a038af94

  • SHA256

    9e13f92437e7b3fc803b02aca61f93835fe9f633c2f7646b99c8d0c0ce95535a

  • SHA512

    0f41a7a34add7b8205085ae9c153860ebee54848cd1e13d1b4142c93b3abb59ad91db8c80c853b77fdda41bb7ccc2c142a6c0199ea578efabca46c01e158efca

  • SSDEEP

    1536:49FVFNrZLXB6tBXAUFW9LkoGwNAd4ANdY8dVyyMK3phgRz4d:gTrLg3DoGf4q28dUhwpSN4d

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://kompy.cba.pl/gif/lN_dl/
exe.dropper

http://fisiobianchini.com.br/wp-content/uploads/2016/05/S_U/
exe.dropper

http://dev.dimatech.org/wp-admin/Hu_jj/
exe.dropper

http://juangrela.com/admin/bB_m/
exe.dropper

http://coupedecheveux.org/yu71t1x/c_V/

Targets

    • Target

      UPS-6GWU3RUKCVR04B.js

    • Size

      161KB

    • MD5

      3a864f7c64c77a701b9aec3dbcb4389f

    • SHA1

      1a1cfdbbded9a84be91aac5064a21c591710049c

    • SHA256

      46946372c81802503f01b6d9739fd4dd9fe39225973c8b9c22ef625666d48deb

    • SHA512

      9d602204fdbb18243c1aa28a293618aa588406a593f949807e30f8b4d20e95b94582687b251b86a10edb9625f7cca89dd8def77cdb86af0acb8300ec08a6d9ac

    • SSDEEP

      3072:w77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qvIlc5hlPOwy7/FswxoLL5R:w77HUUUUUUUUUUUUUUUUUUUT52VJcPlv

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks