Overview

overview

10

Static

static

8

05de04c311...18.doc

windows7-x64

10

05de04c311...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05de04c311c404e89ae6751f259ef61d_JaffaCakes118

  • Size

    160KB

  • Sample

    240428-xpk2naee94

  • MD5

    05de04c311c404e89ae6751f259ef61d

  • SHA1

    b35625efe34ae909139ff171e708477eadda1f6f

  • SHA256

    5b6b7894bd61356eb562f86f7b6ebbd0d44bde0ed133adbacffe224ebb53b1ac

  • SHA512

    c630b8beb11f8e04078f5621012977f32435f7507ef420e891a0f5bc65787fb359adca987c240ce8b5728170606b24fffd98c69c320ec3dde032868a8894fa75

  • SSDEEP

    3072:+977HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qfKbms7Ow9DXFMpzAK:c77HUUUUUUUUUUUUUUUUUUUT52VGemjl

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://siamnatural.com/tmp/EmC/
exe.dropper

http://chefmongiovi.com/wp/yigA/
exe.dropper

http://simplyresponsive.com/samples/3I/
exe.dropper

https://hechizosyconjurodeamor.info/wp-includes/FGF/
exe.dropper

http://visa.org.ua/wp-content/nnSZ/

Targets

    • Target

      05de04c311c404e89ae6751f259ef61d_JaffaCakes118

    • Size

      160KB

    • MD5

      05de04c311c404e89ae6751f259ef61d

    • SHA1

      b35625efe34ae909139ff171e708477eadda1f6f

    • SHA256

      5b6b7894bd61356eb562f86f7b6ebbd0d44bde0ed133adbacffe224ebb53b1ac

    • SHA512

      c630b8beb11f8e04078f5621012977f32435f7507ef420e891a0f5bc65787fb359adca987c240ce8b5728170606b24fffd98c69c320ec3dde032868a8894fa75

    • SSDEEP

      3072:+977HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qfKbms7Ow9DXFMpzAK:c77HUUUUUUUUUUUUUUUUUUUT52VGemjl

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks