Overview

overview

10

Static

static

8

33e63037b3...18.doc

windows7-x64

10

33e63037b3...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    33e63037b35ee989f9ac8cb0f7492ca2_JaffaCakes118

  • Size

    86KB

  • Sample

    240511-lfemqsba9v

  • MD5

    33e63037b35ee989f9ac8cb0f7492ca2

  • SHA1

    db115013c56aa86326cc5a2f2bf8abb2febab111

  • SHA256

    bbdfa6d962aad1150dde37e48a8d357c2ca792f938c810e6c21354c4daaa2442

  • SHA512

    32f379bb79c8d9ddf181e389bb51862c24ebf0bfc033c4314f651e955784363205794e7f7bdec2ee393d8506517626c7510ba71860bdab472d234bd23c0b1a32

  • SSDEEP

    1536:JptJlmrJpmxlRw99NBO+aANIrlnKchqXN076KC0It4oC:3te2dw99fD2vR1It4

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://aliu-rdc.org/QwWKYJxM
exe.dropper

http://2idiotsandnobusinessplan.com/wC7
exe.dropper

http://7naturalessences.com/DFaSvtrS
exe.dropper

http://benimdunyamkres.com/v0vig1G1
exe.dropper

http://hostmktar.com/mP

Targets

    • Target

      33e63037b35ee989f9ac8cb0f7492ca2_JaffaCakes118

    • Size

      86KB

    • MD5

      33e63037b35ee989f9ac8cb0f7492ca2

    • SHA1

      db115013c56aa86326cc5a2f2bf8abb2febab111

    • SHA256

      bbdfa6d962aad1150dde37e48a8d357c2ca792f938c810e6c21354c4daaa2442

    • SHA512

      32f379bb79c8d9ddf181e389bb51862c24ebf0bfc033c4314f651e955784363205794e7f7bdec2ee393d8506517626c7510ba71860bdab472d234bd23c0b1a32

    • SSDEEP

      1536:JptJlmrJpmxlRw99NBO+aANIrlnKchqXN076KC0It4oC:3te2dw99fD2vR1It4

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks