Overview

overview

10

Static

static

8

69411b4517...8.docm

windows7-x64

10

69411b4517...8.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    69411b4517419f6398aa36d7ec7634db_JaffaCakes118

  • Size

    89KB

  • Sample

    240523-blwhbsga9s

  • MD5

    69411b4517419f6398aa36d7ec7634db

  • SHA1

    e0cf13c48d8a9e3d362de6cf15a036037b7d6138

  • SHA256

    f9837300e493105799fa49c903a25b3cc6ddf5ae59a4211692d4e9dd6747e7c0

  • SHA512

    7ad7199daa74716ed4c732938b276f574f9a084a02179bea7971df9a75e758c6c0070e2ece507eff87f609099a897b425370fefdf8992ce9beccea29ce58e8a1

  • SSDEEP

    1536:zP67+jDPFvNsnJ1kPxNZIbxpIe8k+ong3n37wPwGuyUZX6fPxQ0JRB:zi7+jrtQ8pbIrf8Ug3n3iuJxOxZJRB

Score
10/10
executionmacro

Malware Config

Targets

    • Target

      69411b4517419f6398aa36d7ec7634db_JaffaCakes118

    • Size

      89KB

    • MD5

      69411b4517419f6398aa36d7ec7634db

    • SHA1

      e0cf13c48d8a9e3d362de6cf15a036037b7d6138

    • SHA256

      f9837300e493105799fa49c903a25b3cc6ddf5ae59a4211692d4e9dd6747e7c0

    • SHA512

      7ad7199daa74716ed4c732938b276f574f9a084a02179bea7971df9a75e758c6c0070e2ece507eff87f609099a897b425370fefdf8992ce9beccea29ce58e8a1

    • SSDEEP

      1536:zP67+jDPFvNsnJ1kPxNZIbxpIe8k+ong3n37wPwGuyUZX6fPxQ0JRB:zi7+jrtQ8pbIrf8Ug3n3iuJxOxZJRB

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks