Overview

overview

10

Static

static

1

19ebd314b0...18.doc

windows7-x64

10

19ebd314b0...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19ebd314b039cce609724b9e42a9257f_JaffaCakes118

  • Size

    238KB

  • Sample

    240506-awrrfsba41

  • MD5

    19ebd314b039cce609724b9e42a9257f

  • SHA1

    2238cc692817a82f557ee4b9731658e9c9154b18

  • SHA256

    df4776a1720feb2cdd8fcc4a91b298854bea7a86e172485cc64c318e4cbad89a

  • SHA512

    77f63e04b9600a4a915ce5728e32739c7a39cab5e303ff6472115a00ce57a773b6238fb02f0c6f251fb3dd8a5ece4a38031b41898f4ab6fc04af7acd7e77b3e3

  • SSDEEP

    3072:7Ttrd7SmTEFDGcmFsRGXtHjVJ/UjL/xSu90OoiLuDKZXfwKeljR1X:7TtrdGmU6sA9HRJ/ixUOmD+XfwLD

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://tolanimusic.com/FgGLYFx2fxkRLqu_ns1avpR1Z
exe.dropper

http://techfactory.pk/d0vjo7vRJw26C_G3JYE01qG
exe.dropper

http://wozup.org/xhcaRjfp3m4KS_HnX
exe.dropper

http://bentom.ru/1Bl14v64v9_POmBW662
exe.dropper

http://13r.lg.ua/IsvJO35t6kj

Targets

    • Target

      19ebd314b039cce609724b9e42a9257f_JaffaCakes118

    • Size

      238KB

    • MD5

      19ebd314b039cce609724b9e42a9257f

    • SHA1

      2238cc692817a82f557ee4b9731658e9c9154b18

    • SHA256

      df4776a1720feb2cdd8fcc4a91b298854bea7a86e172485cc64c318e4cbad89a

    • SHA512

      77f63e04b9600a4a915ce5728e32739c7a39cab5e303ff6472115a00ce57a773b6238fb02f0c6f251fb3dd8a5ece4a38031b41898f4ab6fc04af7acd7e77b3e3

    • SSDEEP

      3072:7Ttrd7SmTEFDGcmFsRGXtHjVJ/UjL/xSu90OoiLuDKZXfwKeljR1X:7TtrdGmU6sA9HRJ/ixUOmD+XfwLD

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks