0a3a43586443c87bb11108697927389ef23bab9ba0bee5d4d84b49420ed137e2 | Triage

Submit
Reports

Overview

overview

Static

static

8

5ebbd35921...18.doc

windows7-x64

5ebbd35921...18.doc

windows10-2004-x64

Sharing

General

Target

5ebbd3592172894f72dcff4fa67a8140_JaffaCakes118
Size

174KB
Sample

240520-m5n35sge83
MD5

5ebbd3592172894f72dcff4fa67a8140
SHA1

2be240b8fa5155765086ac325e7b1f55d5dd1750
SHA256

0a3a43586443c87bb11108697927389ef23bab9ba0bee5d4d84b49420ed137e2
SHA512

bdacc3dc09b84409bee5ff8e2f7a9d9c4b4eac97c2b3cf874c2319b8ffec8289f46621279d9f12bd2eb2f962df7332905aa689492cac61c2af5b27ba93c472f0
SSDEEP

3072:mxjnB29gb8onQTSvhx3rezujg8ZfE5oPn0aw7:mxyzT4hdqWeWnP

Score

10^/10

execution macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

5ebbd3592172894f72dcff4fa67a8140_JaffaCakes118.doc

Resource

win7-20240508-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

5ebbd3592172894f72dcff4fa67a8140_JaffaCakes118.doc

Resource

win10v2004-20240508-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://autoinfomag.com/ID

exe.dropper

http://www.spor.advertisetr.com/doc/En_us/Jul2018/St2iT8u

exe.dropper

http://inicjatywa.edu.pl//YOhCS

exe.dropper

http://alumni.poltekba.ac.id/1xQIqKu

exe.dropper

http://acemmadencilik.com.tr/XfFTSrw

Targets

- Target
  
  5ebbd3592172894f72dcff4fa67a8140_JaffaCakes118
- Size
  
  174KB
- MD5
  
  5ebbd3592172894f72dcff4fa67a8140
- SHA1
  
  2be240b8fa5155765086ac325e7b1f55d5dd1750
- SHA256
  
  0a3a43586443c87bb11108697927389ef23bab9ba0bee5d4d84b49420ed137e2
- SHA512
  
  bdacc3dc09b84409bee5ff8e2f7a9d9c4b4eac97c2b3cf874c2319b8ffec8289f46621279d9f12bd2eb2f962df7332905aa689492cac61c2af5b27ba93c472f0
- SSDEEP
  
  3072:mxjnB29gb8onQTSvhx3rezujg8ZfE5oPn0aw7:mxyzT4hdqWeWnP
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2024

Terms | Privacy