Overview

overview

10

Static

static

8

096d428075...18.doc

windows7-x64

10

096d428075...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    096d4280755ab4578947f3e2c5a79c6c_JaffaCakes118

  • Size

    179KB

  • Sample

    240430-kaj5lage8z

  • MD5

    096d4280755ab4578947f3e2c5a79c6c

  • SHA1

    71d409c21ed694500052c68b736d813f9bde4181

  • SHA256

    4f91b31da83fdf884548199c7414242dd73357b3f1b8088ca3ae151c0eee9c96

  • SHA512

    f01f10f45ec79d349ecd7bf1a63d60179ee2c21fa13134b0c93f1d1a08c7e773fef92da9bdab10c8f3c2969a975bc81295c32ef96e01cf6aa300a2f2385648bb

  • SSDEEP

    3072:N02y/GdynktGDWLS0HZWD5w8K7Nk9uD7IBUx1m8tbgD6PhOUOnE:N02k4ntGiL3HJk9uD7bW8tbgD65O9E

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://kaikeline.com/1B/
exe.dropper

http://irpot.com/css/jRk5gg/
exe.dropper

http://kartcup.net/picture_library/eqop/
exe.dropper

http://lakelass.com/cgi-bin/2dhm/
exe.dropper

http://ouimet.biz/cgi-bin/l/

Targets

    • Target

      096d4280755ab4578947f3e2c5a79c6c_JaffaCakes118

    • Size

      179KB

    • MD5

      096d4280755ab4578947f3e2c5a79c6c

    • SHA1

      71d409c21ed694500052c68b736d813f9bde4181

    • SHA256

      4f91b31da83fdf884548199c7414242dd73357b3f1b8088ca3ae151c0eee9c96

    • SHA512

      f01f10f45ec79d349ecd7bf1a63d60179ee2c21fa13134b0c93f1d1a08c7e773fef92da9bdab10c8f3c2969a975bc81295c32ef96e01cf6aa300a2f2385648bb

    • SSDEEP

      3072:N02y/GdynktGDWLS0HZWD5w8K7Nk9uD7IBUx1m8tbgD6PhOUOnE:N02k4ntGiL3HJk9uD7bW8tbgD65O9E

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks