Overview

overview

10

Static

static

8

65a199d9d0...18.doc

windows7-x64

10

65a199d9d0...18.doc

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65a199d9d093328880fffe341f9b20ef_JaffaCakes118

  • Size

    193KB

  • Sample

    240522-chynysgh49

  • MD5

    65a199d9d093328880fffe341f9b20ef

  • SHA1

    a117d4ca2294323d2bc3adcdd6e8948617290233

  • SHA256

    0afb7c179025ddfba82f253e521171894baccb916aadce3f0c6cd8014f706940

  • SHA512

    92ba6b5e1c69a6499122afa7bbc8388c6f1401df76c9bfe6cc6627349a72bc2fac0f703e79fbf19f4b2af1fe88cb922f90a63eb72cf64a3aae01af1db33b5089

  • SSDEEP

    1536:+rdi1Ir77zOH98Wj2gpng9+a9jk1q9Dba/qrHEs+nPyNdOx74en:+rfrzOH98ipghva/qTX+nPyLOBBn

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://zplusshopping.com/wp-content/plugins/8ek/
exe.dropper

https://www.cupgel.com/__MACOSX/3/
exe.dropper

http://freespiritmind.com/MASD/HowTo/css/J/
exe.dropper

http://crewnecksusa.com/wp-content/NJ/
exe.dropper

http://www.dougsuniverse.com/pics/yL8/
exe.dropper

https://idilsoft.com/admin/B/
exe.dropper

https://guhaasmart.com/wp-content/s/

Targets

    • Target

      65a199d9d093328880fffe341f9b20ef_JaffaCakes118

    • Size

      193KB

    • MD5

      65a199d9d093328880fffe341f9b20ef

    • SHA1

      a117d4ca2294323d2bc3adcdd6e8948617290233

    • SHA256

      0afb7c179025ddfba82f253e521171894baccb916aadce3f0c6cd8014f706940

    • SHA512

      92ba6b5e1c69a6499122afa7bbc8388c6f1401df76c9bfe6cc6627349a72bc2fac0f703e79fbf19f4b2af1fe88cb922f90a63eb72cf64a3aae01af1db33b5089

    • SSDEEP

      1536:+rdi1Ir77zOH98Wj2gpng9+a9jk1q9Dba/qrHEs+nPyNdOx74en:+rfrzOH98ipghva/qTX+nPyLOBBn

    Score
    10/10

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks