Overview

overview

10

Static

static

8

3655e35f11...18.doc

windows7-x64

10

3655e35f11...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3655e35f112e67bf2f46d067c3a205e2_JaffaCakes118

  • Size

    85KB

  • Sample

    240511-yxvrhafb7x

  • MD5

    3655e35f112e67bf2f46d067c3a205e2

  • SHA1

    50e903fa303f289fa31a69838310b704c90abc14

  • SHA256

    d86edb496fff2f625384b59b074887447440eee74e8ed4a1172da9c4befea9ad

  • SHA512

    57c2f91d0ef89d4c22805085e22ad1e1d3d2884370eaafceaec42d8354a125441003abb6d8c3b5e4f97d5462c1252b839c1a39f29437b337b3e27ec7f67c0ef5

  • SSDEEP

    1536:3ptJlmrJpmxlRw99NBz+ajZPNAE21LNgq:Zte2dw99fV1G1Lqq

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://freshnlaundry.com/MmU
exe.dropper

http://bravewill.org/5VKAhr
exe.dropper

http://ypsifest.com/xbrYo
exe.dropper

http://nazarspot.com.tr/dTofA3
exe.dropper

http://suicidepreventionportagecounty.org/J5

Targets

    • Target

      3655e35f112e67bf2f46d067c3a205e2_JaffaCakes118

    • Size

      85KB

    • MD5

      3655e35f112e67bf2f46d067c3a205e2

    • SHA1

      50e903fa303f289fa31a69838310b704c90abc14

    • SHA256

      d86edb496fff2f625384b59b074887447440eee74e8ed4a1172da9c4befea9ad

    • SHA512

      57c2f91d0ef89d4c22805085e22ad1e1d3d2884370eaafceaec42d8354a125441003abb6d8c3b5e4f97d5462c1252b839c1a39f29437b337b3e27ec7f67c0ef5

    • SSDEEP

      1536:3ptJlmrJpmxlRw99NBz+ajZPNAE21LNgq:Zte2dw99fV1G1Lqq

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks