Overview

overview

10

Static

static

8

63fafb0473...18.doc

windows7-x64

10

63fafb0473...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63fafb0473cc7cf6b0907463dbba7e9b_JaffaCakes118

  • Size

    232KB

  • Sample

    240521-t229xsbg77

  • MD5

    63fafb0473cc7cf6b0907463dbba7e9b

  • SHA1

    557e086209bf9b9ca62012e237687a6d57d71b61

  • SHA256

    5a339bed662000c7482bef1785340e56fb3f3a495dde5df8e37cc237ac111374

  • SHA512

    aba532b4c58ef2eee35d1c995a1ea8377b4a66d2eac19d9d70f6b594f2cdb90ee4cedbec6e2d73aa2e7cba5940420855355d05e1f437c8841b7992535d018151

  • SSDEEP

    3072:2j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkrlDnc9k1/w4nRB:2HgtEWPsL/aTyT9Gk5Dnc9s/w4nRB

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://kndesign.com.br/wwvv2/wPxxj0v53027676/
exe.dropper

http://load.studio/wp-admin/fqmCvt/
exe.dropper

http://melangefresh.com/partner/9lg91006/
exe.dropper

http://cengizgulec.com/wp-admin/wmZHHHARm/
exe.dropper

http://www.skydiarynepal.org/wp-admin/HWGaf/

Targets

    • Target

      63fafb0473cc7cf6b0907463dbba7e9b_JaffaCakes118

    • Size

      232KB

    • MD5

      63fafb0473cc7cf6b0907463dbba7e9b

    • SHA1

      557e086209bf9b9ca62012e237687a6d57d71b61

    • SHA256

      5a339bed662000c7482bef1785340e56fb3f3a495dde5df8e37cc237ac111374

    • SHA512

      aba532b4c58ef2eee35d1c995a1ea8377b4a66d2eac19d9d70f6b594f2cdb90ee4cedbec6e2d73aa2e7cba5940420855355d05e1f437c8841b7992535d018151

    • SSDEEP

      3072:2j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkrlDnc9k1/w4nRB:2HgtEWPsL/aTyT9Gk5Dnc9s/w4nRB

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks