Overview

overview

10

Static

static

8

609b32adfe...18.doc

windows7-x64

10

609b32adfe...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    609b32adfefe0335329d641e591ca1ed_JaffaCakes118

  • Size

    80KB

  • Sample

    240520-xb9svsdb4z

  • MD5

    609b32adfefe0335329d641e591ca1ed

  • SHA1

    fcb99089f301a2e0c494519d0e21cf5b0f2d26b3

  • SHA256

    dcd7feb1774d994996fb3822536bf6a65b183aec087c735cac707c666afb8b54

  • SHA512

    1496bd1c73b89e207d84f766d1f9c3459df4973fae5e64633a58cf0f6215ea1a0641e7b4db3a4399d3af7a436fc324f8f80a46400a5f3c01a67a94bf61299e16

  • SSDEEP

    768:1pJcaUitGAlmrJpmxlzC+w99NBy+1pjpmpX+nTAlLouQwe5+n4vTvy3L:1ptJlmrJpmxlRw99NBy+PaX+nOK44A

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://opendata.safuture.ca/94
exe.dropper

http://autobritt.apptitude.ch/5XtLax
exe.dropper

http://s3.techsysmedia-dz.com/SnQ
exe.dropper

http://devground.zare.com/1aLfE7y
exe.dropper

http://tania.ad99.it/VphwoU

Targets

    • Target

      609b32adfefe0335329d641e591ca1ed_JaffaCakes118

    • Size

      80KB

    • MD5

      609b32adfefe0335329d641e591ca1ed

    • SHA1

      fcb99089f301a2e0c494519d0e21cf5b0f2d26b3

    • SHA256

      dcd7feb1774d994996fb3822536bf6a65b183aec087c735cac707c666afb8b54

    • SHA512

      1496bd1c73b89e207d84f766d1f9c3459df4973fae5e64633a58cf0f6215ea1a0641e7b4db3a4399d3af7a436fc324f8f80a46400a5f3c01a67a94bf61299e16

    • SSDEEP

      768:1pJcaUitGAlmrJpmxlzC+w99NBy+1pjpmpX+nTAlLouQwe5+n4vTvy3L:1ptJlmrJpmxlRw99NBy+PaX+nOK44A

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks