Overview

overview

10

Static

static

1

443ae95c2c...18.doc

windows7-x64

10

443ae95c2c...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    443ae95c2c1e9323ba8ed84249fa07f1_JaffaCakes118

  • Size

    230KB

  • Sample

    240515-c9cwkaea23

  • MD5

    443ae95c2c1e9323ba8ed84249fa07f1

  • SHA1

    7f063c638a3b4819d4843619f73b3910d64be552

  • SHA256

    39d26726f643a3ca157d4d7e78f10831854f191120a06b95e0ed413fd0170d4f

  • SHA512

    73a2d7898ccb3fa31acfc0872c0753fbffcd4af7a0bc012431d47696bf36f32abf68d0c2212ddff8474cd195865cc8f9417a94190e2654fa0e1e9001c184d45a

  • SSDEEP

    3072:QvrNNpClULzo5DIzUmcQC8jL/xSu90OoiLuDKZXfwKeljR1v:6tZ7jcQCKxUOmD+XfwLj

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://sarahleighroddis.com/xZs22v11
exe.dropper

http://fbroz.com/COeg4ZZ
exe.dropper

http://thesunavenuequan2.com/UYUiGwf9j
exe.dropper

http://drapart.org/Jvn89HTd2O
exe.dropper

http://ikiw.iniqua.com/oO0OtJVo

Targets

    • Target

      443ae95c2c1e9323ba8ed84249fa07f1_JaffaCakes118

    • Size

      230KB

    • MD5

      443ae95c2c1e9323ba8ed84249fa07f1

    • SHA1

      7f063c638a3b4819d4843619f73b3910d64be552

    • SHA256

      39d26726f643a3ca157d4d7e78f10831854f191120a06b95e0ed413fd0170d4f

    • SHA512

      73a2d7898ccb3fa31acfc0872c0753fbffcd4af7a0bc012431d47696bf36f32abf68d0c2212ddff8474cd195865cc8f9417a94190e2654fa0e1e9001c184d45a

    • SSDEEP

      3072:QvrNNpClULzo5DIzUmcQC8jL/xSu90OoiLuDKZXfwKeljR1v:6tZ7jcQCKxUOmD+XfwLj

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks