6dc235b67ec03448dd547ba027bb18ebb7131429138a85b9aaf9dc74933e1683 | Triage

Submit
Reports

Overview

overview

Static

static

8

d3c91738ad...18.doc

windows7-x64

d3c91738ad...18.doc

windows10-2004-x64

Sharing

General

Target

d3c91738ad52ede18e7c98de0d688ee4_JaffaCakes118
Size

79KB
Sample

240908-hmvezsvalg
MD5

d3c91738ad52ede18e7c98de0d688ee4
SHA1

b86e74fc6dc8d932006f3c189a743ed020cc0f77
SHA256

6dc235b67ec03448dd547ba027bb18ebb7131429138a85b9aaf9dc74933e1683
SHA512

f5dff51d938b2585f7b270a441ce23645b70906f566da72b7ea2ff1fad8beb97c257e6582657a6d84f5141172bc929388a19b9cf9c7e2af32b20a1a31226b4c1
SSDEEP

1536:vJK+lhLocn1kp59gxBK85fBt+a9pjduedt9+d5paxyN2:vJbla41k/W48jjduedt9+d5paxyQ

Score

10^/10

discovery execution macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

d3c91738ad52ede18e7c98de0d688ee4_JaffaCakes118.doc

Resource

win7-20240903-en

discovery execution

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

d3c91738ad52ede18e7c98de0d688ee4_JaffaCakes118.doc

Resource

win10v2004-20240802-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  d3c91738ad52ede18e7c98de0d688ee4_JaffaCakes118
- Size
  
  79KB
- MD5
  
  d3c91738ad52ede18e7c98de0d688ee4
- SHA1
  
  b86e74fc6dc8d932006f3c189a743ed020cc0f77
- SHA256
  
  6dc235b67ec03448dd547ba027bb18ebb7131429138a85b9aaf9dc74933e1683
- SHA512
  
  f5dff51d938b2585f7b270a441ce23645b70906f566da72b7ea2ff1fad8beb97c257e6582657a6d84f5141172bc929388a19b9cf9c7e2af32b20a1a31226b4c1
- SSDEEP
  
  1536:vJK+lhLocn1kp59gxBK85fBt+a9pjduedt9+d5paxyN2:vJbla41k/W48jjduedt9+d5paxyQ
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- An obfuscated cmd.exe command-line is typically used to evade detection.
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

macromacro_on_action

behavioral1

discoveryexecution

behavioral2

© 2018-2024

Terms | Privacy