271c5ebbfa01604a34a2b00598a35b5f2b7967dad0000100ccdad605c22402be | Triage

Submit
Reports

Overview

overview

Static

static

8

c05aa41996...18.doc

windows7-x64

c05aa41996...18.doc

windows10-2004-x64

6

Sharing

General

Target

c05aa41996994b6b0147d626e7072b4f_JaffaCakes118
Size

91KB
Sample

240825-kh45qsvdqa
MD5

c05aa41996994b6b0147d626e7072b4f
SHA1

60fe988392340ec8535399acf08eb9fdf633904a
SHA256

271c5ebbfa01604a34a2b00598a35b5f2b7967dad0000100ccdad605c22402be
SHA512

f378819bcac267758df0c3ebabef5e040106071391c3bf96e18bea8b132f49dc081b67a28f5d6a0355818258e6ef41935896ee28b83bbd7115a7157a63dafda0
SSDEEP

1536:3ptJlmrJpmxlRw99NBz+ajOPNAE21LNgq:Zte2dw99fK1G1Lqq

Score

10^/10

discovery macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

c05aa41996994b6b0147d626e7072b4f_JaffaCakes118.doc

Resource

win7-20240704-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

c05aa41996994b6b0147d626e7072b4f_JaffaCakes118.doc

Resource

win10v2004-20240802-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://freshnlaundry.com/MmU

exe.dropper

http://bravewill.org/5VKAhr

exe.dropper

http://ypsifest.com/xbrYo

exe.dropper

http://nazarspot.com.tr/dTofA3

exe.dropper

http://suicidepreventionportagecounty.org/J5

Targets

- Target
  
  c05aa41996994b6b0147d626e7072b4f_JaffaCakes118
- Size
  
  91KB
- MD5
  
  c05aa41996994b6b0147d626e7072b4f
- SHA1
  
  60fe988392340ec8535399acf08eb9fdf633904a
- SHA256
  
  271c5ebbfa01604a34a2b00598a35b5f2b7967dad0000100ccdad605c22402be
- SHA512
  
  f378819bcac267758df0c3ebabef5e040106071391c3bf96e18bea8b132f49dc081b67a28f5d6a0355818258e6ef41935896ee28b83bbd7115a7157a63dafda0
- SSDEEP
  
  1536:3ptJlmrJpmxlRw99NBz+ajOPNAE21LNgq:Zte2dw99fK1G1Lqq
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2024

Terms | Privacy