2727bf97d7e2a5e7e5e41ccbfd7237c59023d70914834400da1d762d96424fde | Triage

Submit
Reports

Overview

overview

Static

static

8

68e89d88b7...18.doc

windows7-x64

68e89d88b7...18.doc

windows10-2004-x64

Sharing

General

Target

68e89d88b7cca6f12707d5a463c9d1d8_JaffaCakes118
Size

983KB
Sample

240522-2s199sca5z
MD5

68e89d88b7cca6f12707d5a463c9d1d8
SHA1

7aed1190356493472ffcf1eb2d7d61f1ea3e6809
SHA256

2727bf97d7e2a5e7e5e41ccbfd7237c59023d70914834400da1d762d96424fde
SHA512

7b340a082e1bbb6e1e9bc0c7afaca0c05e320526a8c4a2c488fd42f55bb9be71228b926ae6aa07d02a071a77190cc60c425ccb79e9ce9457204d136cd62029a1
SSDEEP

24576:6Y7AOG6Y68aJSHE33cewex77PwYjo3Y9:177G6YtaAEHcewiPJjo3Y9

Score

10^/10

execution macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

68e89d88b7cca6f12707d5a463c9d1d8_JaffaCakes118.doc

Resource

win7-20240221-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

68e89d88b7cca6f12707d5a463c9d1d8_JaffaCakes118.doc

Resource

win10v2004-20240508-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://imonty.cn/wp-includes/pomo/script/js/js.js

Targets

- Target
  
  68e89d88b7cca6f12707d5a463c9d1d8_JaffaCakes118
- Size
  
  983KB
- MD5
  
  68e89d88b7cca6f12707d5a463c9d1d8
- SHA1
  
  7aed1190356493472ffcf1eb2d7d61f1ea3e6809
- SHA256
  
  2727bf97d7e2a5e7e5e41ccbfd7237c59023d70914834400da1d762d96424fde
- SHA512
  
  7b340a082e1bbb6e1e9bc0c7afaca0c05e320526a8c4a2c488fd42f55bb9be71228b926ae6aa07d02a071a77190cc60c425ccb79e9ce9457204d136cd62029a1
- SSDEEP
  
  24576:6Y7AOG6Y68aJSHE33cewex77PwYjo3Y9:177G6YtaAEHcewiPJjo3Y9
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2024

Terms | Privacy