Overview

overview

10

Static

static

8

484719270d...18.msg

windows7-x64

5

484719270d...18.msg

windows10-2004-x64

3

Payroll Report.doc

windows7-x64

10

Payroll Report.doc

windows10-2004-x64

10

Payroll Report.pdf

windows7-x64

1

Payroll Report.pdf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    484719270dca5b2e2c14063435b59d0f_JaffaCakes118

  • Size

    110KB

  • Sample

    240515-15yjgaef8v

  • MD5

    484719270dca5b2e2c14063435b59d0f

  • SHA1

    4ba82eed3efbdf1fa2674d625df593cd88d0b452

  • SHA256

    6a773a62f398ff48ddfb62bc662bcec5106b3c02f2aa742b80d12a0d37cb04e6

  • SHA512

    da2aeda10faf5e7964ea8f290fc005bc87e8a3618373ae711018f7150bc9488d43a8d4e130375ffe1b2b6aae111f0028b77c7e53224cf712b5d056417874df7f

  • SSDEEP

    1536:KzIkXkfsRNwX0A8K+agil7EB4m3TxX8V:dkhwX+0dEOMX8V

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      484719270dca5b2e2c14063435b59d0f_JaffaCakes118

    • Size

      110KB

    • MD5

      484719270dca5b2e2c14063435b59d0f

    • SHA1

      4ba82eed3efbdf1fa2674d625df593cd88d0b452

    • SHA256

      6a773a62f398ff48ddfb62bc662bcec5106b3c02f2aa742b80d12a0d37cb04e6

    • SHA512

      da2aeda10faf5e7964ea8f290fc005bc87e8a3618373ae711018f7150bc9488d43a8d4e130375ffe1b2b6aae111f0028b77c7e53224cf712b5d056417874df7f

    • SSDEEP

      1536:KzIkXkfsRNwX0A8K+agil7EB4m3TxX8V:dkhwX+0dEOMX8V

    Score
    5/10

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      Payroll Report.doc

    • Size

      84KB

    • MD5

      bb1c3c4c38c803e3f12c446334ccb131

    • SHA1

      d549a46a8f252e2396c300faab643041294ec9f0

    • SHA256

      30df69feade4ca930c04d3321ba028f7a69e5f60e2b1a3cce05eac288799bd42

    • SHA512

      7f2ce1cce36ec7bae36aab3352dd2ca507a0762bd63472f23f0b40ec3ac87701380f8f017205c82013beb96d9ee1603bff328a8934acc12f4bc8ec5db06c64fd

    • SSDEEP

      768:wkfsR34+NaX1ucR3MK+1ogtqFTa3g1BS64XLU8vL1VzK9N5C6m3TxX8V:wkfsRNwX0A8K+agil7EB4m3TxX8V

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral3behavioral4

    • Target

      Payroll Report.pdf

    • Size

      3KB

    • MD5

      c7055cb09c9dd62f4a75c16bbfd352bb

    • SHA1

      5e06e90a66514623cb770a4ef3a5a442b0c55509

    • SHA256

      f049e45be8ad402769341122103dd087f7b3801469e5bc6f5e1521e938e12c55

    • SHA512

      e99784ca929b29b790beed1e7dbf5c20036b7aee929f86216aabeb622e0024508f963c70a4b7531a2b5ad4ef2a958cf912a71b4ee2af4cb73b22972357d4ca58

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

3
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks