375c40c33adbd1ddb234c2c66604d484918b3952fc534c5ba1ec10d4a5b33caf | Triage

Submit
Reports

Overview

overview

Static

static

8

5f05e3893c...18.doc

windows7-x64

5f05e3893c...18.doc

windows10-2004-x64

Sharing

General

Target

5f05e3893cc73da9e167f8fc047c0776_JaffaCakes118
Size

82KB
Sample

240520-pe8e7sae82
MD5

5f05e3893cc73da9e167f8fc047c0776
SHA1

9c5858e2e2ba44ca6275d1c420b6f6c01360ec46
SHA256

375c40c33adbd1ddb234c2c66604d484918b3952fc534c5ba1ec10d4a5b33caf
SHA512

c4099ee5b7809a17f45c4e85d8d9659ee7a29aa9f4ca60052759d16b92295d40e7584449aa8ff9ddd87ea903674f8aa466b8dcb74dda2fd7de49b55a7a19f796
SSDEEP

1536:vJK+lhLocn1kp59gxBK85fBt+a9Hjduedt9+d5paxyNS:vJbla41k/W48tjduedt9+d5paxy4

Score

10^/10

execution macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

5f05e3893cc73da9e167f8fc047c0776_JaffaCakes118.doc

Resource

win7-20240220-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

5f05e3893cc73da9e167f8fc047c0776_JaffaCakes118.doc

Resource

win10v2004-20240508-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  5f05e3893cc73da9e167f8fc047c0776_JaffaCakes118
- Size
  
  82KB
- MD5
  
  5f05e3893cc73da9e167f8fc047c0776
- SHA1
  
  9c5858e2e2ba44ca6275d1c420b6f6c01360ec46
- SHA256
  
  375c40c33adbd1ddb234c2c66604d484918b3952fc534c5ba1ec10d4a5b33caf
- SHA512
  
  c4099ee5b7809a17f45c4e85d8d9659ee7a29aa9f4ca60052759d16b92295d40e7584449aa8ff9ddd87ea903674f8aa466b8dcb74dda2fd7de49b55a7a19f796
- SSDEEP
  
  1536:vJK+lhLocn1kp59gxBK85fBt+a9Hjduedt9+d5paxyNS:vJbla41k/W48tjduedt9+d5paxy4
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- An obfuscated cmd.exe command-line is typically used to evade detection.
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2024

Terms | Privacy