Overview

overview

10

Static

static

1

22bf933c54...18.doc

windows7-x64

10

22bf933c54...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22bf933c54470cf9f6536052a23058df_JaffaCakes118

  • Size

    459KB

  • Sample

    240508-ck71eaff62

  • MD5

    22bf933c54470cf9f6536052a23058df

  • SHA1

    7779e99adf4d2627b2e441e64048cc0a7be2a73a

  • SHA256

    93d436758cc24dfad3d575c3794ccbed12ff44d6d9f0d76bc428c470d5b89608

  • SHA512

    0dc6af9e1632af7cb6d53e5b1e7632f7fd51d40005a46305a194cfd15cbd0e5126def07e4eacc507ed8324fd4c3af4a6d65a5c3afd5029af4d9a2e84e6a9a1ba

  • SSDEEP

    6144:4igvdMekCZ84iPG25djmMzSVIhl9EKRDqME4yanMjdn/NQVg+D3Do8oRtxQwvVA7:Dgv76BPl5Vm8SVIf51E4K14o8Iu7

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://hcforklift-eg.com/hdIixMkZ
exe.dropper

http://newsmediainvestigasi.com/uyspo23kf/nptoris/1KiUYgk
exe.dropper

http://businessvideo.urbanhealth.com.ua/gk9LHla8
exe.dropper

http://uran-spb.ru/qzzXAyC
exe.dropper

http://psychologyforyou.eu/1HdEdRb

Targets

    • Target

      22bf933c54470cf9f6536052a23058df_JaffaCakes118

    • Size

      459KB

    • MD5

      22bf933c54470cf9f6536052a23058df

    • SHA1

      7779e99adf4d2627b2e441e64048cc0a7be2a73a

    • SHA256

      93d436758cc24dfad3d575c3794ccbed12ff44d6d9f0d76bc428c470d5b89608

    • SHA512

      0dc6af9e1632af7cb6d53e5b1e7632f7fd51d40005a46305a194cfd15cbd0e5126def07e4eacc507ed8324fd4c3af4a6d65a5c3afd5029af4d9a2e84e6a9a1ba

    • SSDEEP

      6144:4igvdMekCZ84iPG25djmMzSVIhl9EKRDqME4yanMjdn/NQVg+D3Do8oRtxQwvVA7:Dgv76BPl5Vm8SVIf51E4K14o8Iu7

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks