Overview

overview

10

Static

static

8

4b5d948374...18.doc

windows7-x64

10

4b5d948374...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4b5d948374c33d479a6b4d6f32cb2b77_JaffaCakes118

  • Size

    198KB

  • Sample

    240516-qz9pfafe4v

  • MD5

    4b5d948374c33d479a6b4d6f32cb2b77

  • SHA1

    16a41d43fcbc13717af8d204d6a7219eefadf950

  • SHA256

    1731595083293b1e086d231912e289923e40c19147186a4d8da45554a7e6371e

  • SHA512

    5711f0585358b645c574a7b5681f912d98532348ccd701d686674466308aff00d4ec0b8aa83ce6570ef555543d6d0d3ac035c5f4539f4d0955d36d16dcea3fd9

  • SSDEEP

    3072:qgUo0V8vtY4Huf4df4df4df4df4dfSBYQuQKQyVt2LuEueCp4pklz+bSCcSf+Q:qgULVG5H2ShQKQyVt2hM4puSGCcS

Score
10/10
executionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://belcvet.com/KXtjTzw/
exe.dropper

http://miili.net/F2Adddgf1W/
exe.dropper

http://reklamolet-spb.ru/Ho5aj0u/
exe.dropper

http://indonesiafte.com/w2axjo/
exe.dropper

http://mecenat.com.ua/plugins/9NufYiT/

Targets

    • Target

      4b5d948374c33d479a6b4d6f32cb2b77_JaffaCakes118

    • Size

      198KB

    • MD5

      4b5d948374c33d479a6b4d6f32cb2b77

    • SHA1

      16a41d43fcbc13717af8d204d6a7219eefadf950

    • SHA256

      1731595083293b1e086d231912e289923e40c19147186a4d8da45554a7e6371e

    • SHA512

      5711f0585358b645c574a7b5681f912d98532348ccd701d686674466308aff00d4ec0b8aa83ce6570ef555543d6d0d3ac035c5f4539f4d0955d36d16dcea3fd9

    • SSDEEP

      3072:qgUo0V8vtY4Huf4df4df4df4df4dfSBYQuQKQyVt2LuEueCp4pklz+bSCcSf+Q:qgULVG5H2ShQKQyVt2hM4puSGCcS

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks