Overview

overview

10

Static

static

8

1ee0336e03...8.docm

windows7-x64

10

1ee0336e03...8.docm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1ee0336e030dc9d11b09d43f33cdb9ed_JaffaCakes118

  • Size

    66KB

  • Sample

    240507-a4hthsdf96

  • MD5

    1ee0336e030dc9d11b09d43f33cdb9ed

  • SHA1

    cf76616a5b3a58055407d69df9e2ebbba460ed48

  • SHA256

    ff10e852973c6675fa1f623eb27ff70306ba607a25c976d78d9396731205ec0e

  • SHA512

    78bf7942ad153c2e0c02add27d3b5a8af2385831893a20a8f8a20ab584f71ad88bf172cf4e9c76df928f1c31603c2cbf928ff7a5f547996efba1b5c0a43ecfe9

  • SSDEEP

    1536:Az0Cye/Y8HvkktFDyL7PaSHCRM7PaqgZ3j2ksHLfxd:a0Cy6Y8sDXySHFjaTZzG

Score
10/10
executionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://anymonbunrybgakbweew.com/s.php?id=dogc
ps1.dropper

http://cnhoteltex.com/Stat.count
exe.dropper

http://anymonbunrybgakbweew.com/SS/dogc.tzm

Targets

    • Target

      1ee0336e030dc9d11b09d43f33cdb9ed_JaffaCakes118

    • Size

      66KB

    • MD5

      1ee0336e030dc9d11b09d43f33cdb9ed

    • SHA1

      cf76616a5b3a58055407d69df9e2ebbba460ed48

    • SHA256

      ff10e852973c6675fa1f623eb27ff70306ba607a25c976d78d9396731205ec0e

    • SHA512

      78bf7942ad153c2e0c02add27d3b5a8af2385831893a20a8f8a20ab584f71ad88bf172cf4e9c76df928f1c31603c2cbf928ff7a5f547996efba1b5c0a43ecfe9

    • SSDEEP

      1536:Az0Cye/Y8HvkktFDyL7PaSHCRM7PaqgZ3j2ksHLfxd:a0Cy6Y8sDXySHFjaTZzG

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks