Overview

overview

10

Static

static

8

6390ace810...18.doc

windows7-x64

10

6390ace810...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6390ace810631b6f1e2af1453811ee01_JaffaCakes118

  • Size

    77KB

  • Sample

    240521-rgl14agf54

  • MD5

    6390ace810631b6f1e2af1453811ee01

  • SHA1

    73c195d807ac0295d261ca1e28bbf3651e7f9b54

  • SHA256

    ee339ff1295cc89c436d68bc87a3493120d83ee407932ef5b3322d963f1c236f

  • SHA512

    eb4d70fac30a168790c4d738f349935fdbe2b030b22d1f5e6f945ebd7b7b12f4f6bd8b096f68291b4982ebd6c84d2b953094d6d126b32c7964ab7cbd9ac9aa89

  • SSDEEP

    1536:IptJlmrJpmxlRw99NBZ+a5VuB2DZrVeoBE:Qte2dw99fRuBYZrom

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://arkanddove.com/7Ts
exe.dropper

http://bearinmindstrategies.com/JZ2d
exe.dropper

http://bluemoonweather.org/tcp
exe.dropper

http://boczon.pl/Z
exe.dropper

http://antallez.com/Ct

Targets

    • Target

      6390ace810631b6f1e2af1453811ee01_JaffaCakes118

    • Size

      77KB

    • MD5

      6390ace810631b6f1e2af1453811ee01

    • SHA1

      73c195d807ac0295d261ca1e28bbf3651e7f9b54

    • SHA256

      ee339ff1295cc89c436d68bc87a3493120d83ee407932ef5b3322d963f1c236f

    • SHA512

      eb4d70fac30a168790c4d738f349935fdbe2b030b22d1f5e6f945ebd7b7b12f4f6bd8b096f68291b4982ebd6c84d2b953094d6d126b32c7964ab7cbd9ac9aa89

    • SSDEEP

      1536:IptJlmrJpmxlRw99NBZ+a5VuB2DZrVeoBE:Qte2dw99fRuBYZrom

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks