Overview

overview

10

Static

static

8

4e3d58b5d1...18.doc

windows7-x64

10

4e3d58b5d1...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e3d58b5d115458a833d3711afabdf05_JaffaCakes118

  • Size

    129KB

  • Sample

    240517-d2qm5afe99

  • MD5

    4e3d58b5d115458a833d3711afabdf05

  • SHA1

    9082655f02d2f245f31fca2bcef0f8c7cb2fc6f6

  • SHA256

    f2a96d734ba2658553118ab70fa59004e74040116ed4a588f37e509bb0841f34

  • SHA512

    a136b49bd2fb2dd17e5ca58bb0fbfa3fbfaf92c5ef674b483aa2820c48cfae4fc74a39def032eeda488b1831ae4231622d0692b89eb0e17e9780f3d25d3a1f98

  • SSDEEP

    1536:7ptJlmrJpmxlRw99NBD+aEBV2ABDrtGcONzhSTSriGcNdrBgZI916TJaQ91:Vte2dw99fc96AxGcdgE16r

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://jobarba.com/wp-content/dstf6
exe.dropper

http://lightbox.lbdev.co.uk/WHl239
exe.dropper

http://challengerballtournament.com/5Evo
exe.dropper

http://thepresentationstage.com/V5mXOIOH
exe.dropper

http://demo.58insaat.com/tuGN6FS

Targets

    • Target

      4e3d58b5d115458a833d3711afabdf05_JaffaCakes118

    • Size

      129KB

    • MD5

      4e3d58b5d115458a833d3711afabdf05

    • SHA1

      9082655f02d2f245f31fca2bcef0f8c7cb2fc6f6

    • SHA256

      f2a96d734ba2658553118ab70fa59004e74040116ed4a588f37e509bb0841f34

    • SHA512

      a136b49bd2fb2dd17e5ca58bb0fbfa3fbfaf92c5ef674b483aa2820c48cfae4fc74a39def032eeda488b1831ae4231622d0692b89eb0e17e9780f3d25d3a1f98

    • SSDEEP

      1536:7ptJlmrJpmxlRw99NBD+aEBV2ABDrtGcONzhSTSriGcNdrBgZI916TJaQ91:Vte2dw99fc96AxGcdgE16r

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks