Overview

overview

10

Static

static

8

63a518c1ac...18.doc

windows7-x64

10

63a518c1ac...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63a518c1acfaa38b3b7fb4603fcb6702_JaffaCakes118

  • Size

    357KB

  • Sample

    240521-rzvqyshe4t

  • MD5

    63a518c1acfaa38b3b7fb4603fcb6702

  • SHA1

    8b84d41f94e21d322d68584be75fefc4c839b67d

  • SHA256

    7c698d56be5392b5c0735023c7fd1a9db1cc7e4e0e05d3c233db80af005b6c2d

  • SHA512

    a548fd848573e50b8fbadb6752d6456d410fae191dc10963d3762332d6853e980e25003ca734e13d57882ffaff0a3c4ed4491eca9135c5f1ec7afcf4f633e768

  • SSDEEP

    6144:PxjFSdDqxP1Ow5lKWyipxTK5YWofTLrrneNq52vOytu:NFSpsgw5sWyqA58/rDes0O6u

Score
10/10
executionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://siamgemsheritage.com/backup3/wp-content/plugins/all-in-one-wp-migration/storage/uFb6zI7y
exe.dropper

http://stellandina.cl/gq8syuB5
exe.dropper

http://www.spor.advertisetr.com/nLIM
exe.dropper

http://fltstatus.com/y
exe.dropper

http://website.vtoc.vn/nhahanglamduong/wp-content/uploads/j

Targets

    • Target

      63a518c1acfaa38b3b7fb4603fcb6702_JaffaCakes118

    • Size

      357KB

    • MD5

      63a518c1acfaa38b3b7fb4603fcb6702

    • SHA1

      8b84d41f94e21d322d68584be75fefc4c839b67d

    • SHA256

      7c698d56be5392b5c0735023c7fd1a9db1cc7e4e0e05d3c233db80af005b6c2d

    • SHA512

      a548fd848573e50b8fbadb6752d6456d410fae191dc10963d3762332d6853e980e25003ca734e13d57882ffaff0a3c4ed4491eca9135c5f1ec7afcf4f633e768

    • SSDEEP

      6144:PxjFSdDqxP1Ow5lKWyipxTK5YWofTLrrneNq52vOytu:NFSpsgw5sWyqA58/rDes0O6u

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks