Overview

overview

10

Static

static

1

6321709deb...18.doc

windows7-x64

10

6321709deb...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    6321709deb8ebcdd4ad63f1a98e3b44f_JaffaCakes118

  • Size

    246KB

  • Sample

    240521-nlhyfsbh81

  • MD5

    6321709deb8ebcdd4ad63f1a98e3b44f

  • SHA1

    f0bc95e71efc24a0ebd812a54c43da2ef4bb8b6b

  • SHA256

    6a83f5f131c68f4407569894a645515105887c0429987cca0ce521ea8386ec85

  • SHA512

    8c58d99b041a3947034e6ab60f83dce8b3fc9577a7bc21c3c4d8b46d98daf42c467c16d7bb7ff6bf2b4490e6511e03dee86870e9c2af87eb5d92fd93a07c8e2f

  • SSDEEP

    3072:M67N5UvXRDyDUIDHK4JvHxl1H7jL/xSu90OoiLuDKZXfwKeljR1F:M0avcvH1HDxUOmD+XfwLJ

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://bloggers.swarajyaawards.com/wp-content/HVkwzPX
exe.dropper

http://dev.umasterov.org/Ks930TSSPA
exe.dropper

http://www.grantkulinar.ru/NCTIn4jMv
exe.dropper

http://www.glazastiks.ru/fTq86CZSl

Targets

    • Target

      6321709deb8ebcdd4ad63f1a98e3b44f_JaffaCakes118

    • Size

      246KB

    • MD5

      6321709deb8ebcdd4ad63f1a98e3b44f

    • SHA1

      f0bc95e71efc24a0ebd812a54c43da2ef4bb8b6b

    • SHA256

      6a83f5f131c68f4407569894a645515105887c0429987cca0ce521ea8386ec85

    • SHA512

      8c58d99b041a3947034e6ab60f83dce8b3fc9577a7bc21c3c4d8b46d98daf42c467c16d7bb7ff6bf2b4490e6511e03dee86870e9c2af87eb5d92fd93a07c8e2f

    • SSDEEP

      3072:M67N5UvXRDyDUIDHK4JvHxl1H7jL/xSu90OoiLuDKZXfwKeljR1F:M0avcvH1HDxUOmD+XfwLJ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks