Overview

overview

10

Static

static

8

326c887be5...18.doc

windows7-x64

10

326c887be5...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    326c887be59db807c0bdb1ea3e2844be_JaffaCakes118

  • Size

    89KB

  • Sample

    240511-dqt66sda26

  • MD5

    326c887be59db807c0bdb1ea3e2844be

  • SHA1

    22625177d5f095ad2a42ec8ed8afbbf779eae0cf

  • SHA256

    d50195ad19f55e860a8080a09e80a8b960f41f95c5d87952b5f6eff401db5c75

  • SHA512

    0997fd5afb55525ebcade983b1bff0000a76889af41c51be6311295acaeb6291dc089ac7aeadbb8500f88fafe1c6975dc89686b8cf5eaf72987f1fc4793bdb92

  • SSDEEP

    1536:Yl0suyCPocn1kp59gxBK85fB7s+aM14E0/SO8Mkk:uu241k/W48cp

Score
10/10
executionmacromacro_on_action

Malware Config

Targets

    • Target

      326c887be59db807c0bdb1ea3e2844be_JaffaCakes118

    • Size

      89KB

    • MD5

      326c887be59db807c0bdb1ea3e2844be

    • SHA1

      22625177d5f095ad2a42ec8ed8afbbf779eae0cf

    • SHA256

      d50195ad19f55e860a8080a09e80a8b960f41f95c5d87952b5f6eff401db5c75

    • SHA512

      0997fd5afb55525ebcade983b1bff0000a76889af41c51be6311295acaeb6291dc089ac7aeadbb8500f88fafe1c6975dc89686b8cf5eaf72987f1fc4793bdb92

    • SSDEEP

      1536:Yl0suyCPocn1kp59gxBK85fB7s+aM14E0/SO8Mkk:uu241k/W48cp

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks