Overview

overview

10

Static

static

8

935e452333...18.doc

windows7-x64

10

935e452333...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    935e452333bfb15ff276b78f6ba40d6e_JaffaCakes118

  • Size

    335KB

  • Sample

    240604-cpngkahh9s

  • MD5

    935e452333bfb15ff276b78f6ba40d6e

  • SHA1

    d948116f1a6a1fcb97c4cb1435f91b9a013b5750

  • SHA256

    c6f779b4c94473711d2fbc3ac7f00e098d0a532773bf907a370401b886a9da4d

  • SHA512

    b63f9501845b9b6f7758e4544455cafd632560b49e9ecb16528435098b808857b709ce2f44881a6f73b29bbf4241d1a9385149d316bf52693b7ce10a43dcdd55

  • SSDEEP

    6144:AG5/BnVfRFJ7KK9aHScdX9znGUbd7e1+gsIUF25Q/YB2KBhCET/Gh:A2n9R/lA5dX9znGUbwggaFJ/YBTT/2

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://katleyafloreria.com/n0vpOjlS
exe.dropper

http://ingramjapan.com/h9XwHYQu
exe.dropper

http://farmsys.scketon.com/GKGY9e4v
exe.dropper

http://truenorthtimber.com/CSncj8f
exe.dropper

http://karditsa.org/ohCJotRf8F

Targets

    • Target

      935e452333bfb15ff276b78f6ba40d6e_JaffaCakes118

    • Size

      335KB

    • MD5

      935e452333bfb15ff276b78f6ba40d6e

    • SHA1

      d948116f1a6a1fcb97c4cb1435f91b9a013b5750

    • SHA256

      c6f779b4c94473711d2fbc3ac7f00e098d0a532773bf907a370401b886a9da4d

    • SHA512

      b63f9501845b9b6f7758e4544455cafd632560b49e9ecb16528435098b808857b709ce2f44881a6f73b29bbf4241d1a9385149d316bf52693b7ce10a43dcdd55

    • SSDEEP

      6144:AG5/BnVfRFJ7KK9aHScdX9znGUbd7e1+gsIUF25Q/YB2KBhCET/Gh:A2n9R/lA5dX9znGUbwggaFJ/YBTT/2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks