9e5504ef68a5d98d68ad98f656bebe7eb115aa04b36a73207a8a3ba9cb44514c | Triage

Submit
Reports

Overview

overview

Static

static

8

145c28eaea...18.doc

windows7-x64

145c28eaea...18.doc

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

145c28eaeac325e845b66a82c2220f2d_JaffaCakes118
Size

292KB
Sample

240504-y9x3dsad7t
MD5

145c28eaeac325e845b66a82c2220f2d
SHA1

dbe78d912a79433d5cc619fce31c14b4f014667e
SHA256

9e5504ef68a5d98d68ad98f656bebe7eb115aa04b36a73207a8a3ba9cb44514c
SHA512

f878b9e615e26f9ce94814f8e2cf41a29024b020a19c542f6575223c4a02dcdb0383e0e52b03284a45d64894b885bc65b20cd0b269ef873e17082d414ab6e18e
SSDEEP

6144:1l20PikYuZ1XU1xD1Xm+BUY+VllauD/qw+uc+y/dK1S4BspWQF3bKsP:1l16u78hXm+BUY8lPDHcl3Ks

Score

10^/10

execution macro macro_on_action

Static task

static1

macro macro_on_action

1 signatures

Behavioral task

behavioral1

Sample

145c28eaeac325e845b66a82c2220f2d_JaffaCakes118.doc

Resource

win7-20240220-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

145c28eaeac325e845b66a82c2220f2d_JaffaCakes118.doc

Resource

win10v2004-20240419-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://www.aveya.in/wp-content/closing/Invoice.exe

Targets

- Target
  
  145c28eaeac325e845b66a82c2220f2d_JaffaCakes118
- Size
  
  292KB
- MD5
  
  145c28eaeac325e845b66a82c2220f2d
- SHA1
  
  dbe78d912a79433d5cc619fce31c14b4f014667e
- SHA256
  
  9e5504ef68a5d98d68ad98f656bebe7eb115aa04b36a73207a8a3ba9cb44514c
- SHA512
  
  f878b9e615e26f9ce94814f8e2cf41a29024b020a19c542f6575223c4a02dcdb0383e0e52b03284a45d64894b885bc65b20cd0b269ef873e17082d414ab6e18e
- SSDEEP
  
  6144:1l20PikYuZ1XU1xD1Xm+BUY+VllauD/qw+uc+y/dK1S4BspWQF3bKsP:1l16u78hXm+BUY8lPDHcl3Ks
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2025

Terms | Privacy