f32bb24d114407e601968a2908030e4e12277051ed2d439efb99bf63204ad4b8 | Triage

Submit
Reports

Overview

overview

Static

static

8

63a5df4ae9...18.doc

windows7-x64

63a5df4ae9...18.doc

windows10-2004-x64

Sharing

General

Target

63a5df4ae97bb27edf5bd67659935560_JaffaCakes118
Size

176KB
Sample

240521-rz96mshe5v
MD5

63a5df4ae97bb27edf5bd67659935560
SHA1

782ac721cedd47fd6c2a0ef1c6d5d637a70fed20
SHA256

f32bb24d114407e601968a2908030e4e12277051ed2d439efb99bf63204ad4b8
SHA512

d329521898b9e1d70cfd32f7546bb875685430ed1b00b3a2cbdd9c2f545754edc1082d4466d84ba77914eba7081f4449536191fb05162137e86577d57f73a053
SSDEEP

3072:BxjnB29gb8onegCZ4B9s5l7sOB/izw2RW0ntt:Bxy3HM9Q5ERW

Score

10^/10

execution macro

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

63a5df4ae97bb27edf5bd67659935560_JaffaCakes118.doc

Resource

win7-20240221-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

63a5df4ae97bb27edf5bd67659935560_JaffaCakes118.doc

Resource

win10v2004-20240508-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://coopspage.com/fLCt

exe.dropper

http://butterbean.se/KKHaZ8Oh

exe.dropper

http://boutique-amour.jp/958Jf

exe.dropper

http://bike-nomad.com/wp-content/jBN92RTl

exe.dropper

http://websitedesigngarden.com/fmkE

Targets

- Target
  
  63a5df4ae97bb27edf5bd67659935560_JaffaCakes118
- Size
  
  176KB
- MD5
  
  63a5df4ae97bb27edf5bd67659935560
- SHA1
  
  782ac721cedd47fd6c2a0ef1c6d5d637a70fed20
- SHA256
  
  f32bb24d114407e601968a2908030e4e12277051ed2d439efb99bf63204ad4b8
- SHA512
  
  d329521898b9e1d70cfd32f7546bb875685430ed1b00b3a2cbdd9c2f545754edc1082d4466d84ba77914eba7081f4449536191fb05162137e86577d57f73a053
- SSDEEP
  
  3072:BxjnB29gb8onegCZ4B9s5l7sOB/izw2RW0ntt:Bxy3HM9Q5ERW
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- An obfuscated cmd.exe command-line is typically used to evade detection.
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy