Overview

overview

10

Static

static

1

7932f7ac5f...18.doc

windows7-x64

10

7932f7ac5f...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7932f7ac5f4b3d4b0b967cf198e81aca_JaffaCakes118

  • Size

    480KB

  • Sample

    240527-px2qdadg75

  • MD5

    7932f7ac5f4b3d4b0b967cf198e81aca

  • SHA1

    3ed3ac5b89589a3c9af34300e8d80e1aa63cb491

  • SHA256

    535dd500af21f1fcd2d774c871c85920c5a4e6e85e9e4c9ad7f6f863f945d1fe

  • SHA512

    f083d13583ffaf502a4e780ed5a4d374953920b77d824565856497aaba778773569fc0754a9683f9ba0023e3e21f27f6ed0fa689ec3f16c28110450cbc370850

  • SSDEEP

    6144:BuQUQNrSA3hifBq7JwMzSVIhl9EKRDqME4yanMjdn/NQVg+D3Do8oRtxQwvVAJTj:BzUvA3hfw8SVIf51E4K14o8IuJ

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://shashlichnydom.ru/NbEDRSsyiy_Rl2
exe.dropper

http://wolf.camera/jkeU0iK6Mf8v_dy0Ad
exe.dropper

http://www.marekvoprsal.cz/s1yTiin0l_AUP
exe.dropper

http://www.eufacopublicidade.com.br/ULxnLcrzzz4E
exe.dropper

http://londonmarathon2019.kevinmiller66.co.uk/9bT6FbyqID9O9B

Targets

    • Target

      7932f7ac5f4b3d4b0b967cf198e81aca_JaffaCakes118

    • Size

      480KB

    • MD5

      7932f7ac5f4b3d4b0b967cf198e81aca

    • SHA1

      3ed3ac5b89589a3c9af34300e8d80e1aa63cb491

    • SHA256

      535dd500af21f1fcd2d774c871c85920c5a4e6e85e9e4c9ad7f6f863f945d1fe

    • SHA512

      f083d13583ffaf502a4e780ed5a4d374953920b77d824565856497aaba778773569fc0754a9683f9ba0023e3e21f27f6ed0fa689ec3f16c28110450cbc370850

    • SSDEEP

      6144:BuQUQNrSA3hifBq7JwMzSVIhl9EKRDqME4yanMjdn/NQVg+D3Do8oRtxQwvVAJTj:BzUvA3hfw8SVIf51E4K14o8IuJ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks