Overview

overview

10

Static

static

8

0727609bf5...18.doc

windows7-x64

10

0727609bf5...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0727609bf564869103fafd8280869392_JaffaCakes118

  • Size

    88KB

  • Sample

    240429-jkrrradf78

  • MD5

    0727609bf564869103fafd8280869392

  • SHA1

    4d36207ccae99ec412728c585791524ad8ac4473

  • SHA256

    05b4ade8f5528da909092e30bbe0aea228f93d1b33fa557352fef2f4efd241e5

  • SHA512

    084f78c11b53a7297eadba7ca40646fe1cdc522cc41e98b11b3721b42af77a9eb0024c2f34aedb09477d0fda89662507a6b75186c4cfb03c951b36151e8549aa

  • SSDEEP

    1536:Jocn1kp59gxBK85fBuzKgL1bZQrRfZkzg+a9:e41k/W48Iz51byrRfZkz

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://intotheharvest.com/uhCNWggJG
exe.dropper

http://cperformancegroup.com/iQVXaS0c7
exe.dropper

http://inmodiin.net/XYif30g30
exe.dropper

http://aspiringfilms.com/ojrr87NY
exe.dropper

http://futuron.net/hcvcG59

Targets

    • Target

      0727609bf564869103fafd8280869392_JaffaCakes118

    • Size

      88KB

    • MD5

      0727609bf564869103fafd8280869392

    • SHA1

      4d36207ccae99ec412728c585791524ad8ac4473

    • SHA256

      05b4ade8f5528da909092e30bbe0aea228f93d1b33fa557352fef2f4efd241e5

    • SHA512

      084f78c11b53a7297eadba7ca40646fe1cdc522cc41e98b11b3721b42af77a9eb0024c2f34aedb09477d0fda89662507a6b75186c4cfb03c951b36151e8549aa

    • SSDEEP

      1536:Jocn1kp59gxBK85fBuzKgL1bZQrRfZkzg+a9:e41k/W48Iz51byrRfZkz

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks