Overview

overview

10

Static

static

8

038acee146...18.doc

windows7-x64

10

038acee146...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    038acee1462ab13950a0df8bb47563fa_JaffaCakes118

  • Size

    36KB

  • Sample

    240930-2vw4bsyfnj

  • MD5

    038acee1462ab13950a0df8bb47563fa

  • SHA1

    5ea0d356190fbd29fb93cede43429463e6950189

  • SHA256

    1569fb543d1c74148591337ae6b10c9af76dc952d433072ee1f7dfe8f89bd674

  • SHA512

    07ae5540fa5bc37519c344289076ab45cd8b0735a473017b7b6722e1d9fcd782470ee05efaba0252c0f8a7f18e9f9d1e515a23b678c5066c465e6b0e02f65fdc

  • SSDEEP

    384:G8Xk2hSuxjcGM53EtHP682Ez9/YugB7Uk4jjlz5mMjgytU:QOcN5+P682Ez95gB4k4wR

Score
10/10
discoverymacropersistencexlm

Malware Config

Targets

    • Target

      038acee1462ab13950a0df8bb47563fa_JaffaCakes118

    • Size

      36KB

    • MD5

      038acee1462ab13950a0df8bb47563fa

    • SHA1

      5ea0d356190fbd29fb93cede43429463e6950189

    • SHA256

      1569fb543d1c74148591337ae6b10c9af76dc952d433072ee1f7dfe8f89bd674

    • SHA512

      07ae5540fa5bc37519c344289076ab45cd8b0735a473017b7b6722e1d9fcd782470ee05efaba0252c0f8a7f18e9f9d1e515a23b678c5066c465e6b0e02f65fdc

    • SSDEEP

      384:G8Xk2hSuxjcGM53EtHP682Ez9/YugB7Uk4jjlz5mMjgytU:QOcN5+P682Ez95gB4k4wR

    Score
    10/10
    discoverypersistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks