Overview

overview

10

Static

static

8

68e5e63837...18.doc

windows7-x64

10

68e5e63837...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    68e5e63837565ffa5c4579b1391a47fa_JaffaCakes118

  • Size

    248KB

  • Sample

    240522-2rb9raca25

  • MD5

    68e5e63837565ffa5c4579b1391a47fa

  • SHA1

    c42c6d769157f445b4c2fc8a41ea9b7702adafaf

  • SHA256

    88e58c4c6d5082af96ac34dcb055a3e14aa178d96824adeece1d128d9c45dfb7

  • SHA512

    5131ec072bf88d63b970ae09963250282e62f6b92fefd3461d7e5e5cce27b4d59251de7efd3472798c5d994521de2b34a6ab1b198744b62e885eacce572a4af5

  • SSDEEP

    3072:ggUo0V8vtY4Huf4df4df4df4df4dfDBYRGfCmPAo+zybZQ6ls78XGuVoDUuX1mF0:ggULVG5H/BuG6wvbi5umDUw1e0

Score
10/10
executionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://hanking-investment.com/bu
exe.dropper

http://ekuvshinova.com/GqLhxQ
exe.dropper

http://ano-aic.ru/7Dq
exe.dropper

http://bazilevs.ru/Ib
exe.dropper

http://frepaen.org/5w

Targets

    • Target

      68e5e63837565ffa5c4579b1391a47fa_JaffaCakes118

    • Size

      248KB

    • MD5

      68e5e63837565ffa5c4579b1391a47fa

    • SHA1

      c42c6d769157f445b4c2fc8a41ea9b7702adafaf

    • SHA256

      88e58c4c6d5082af96ac34dcb055a3e14aa178d96824adeece1d128d9c45dfb7

    • SHA512

      5131ec072bf88d63b970ae09963250282e62f6b92fefd3461d7e5e5cce27b4d59251de7efd3472798c5d994521de2b34a6ab1b198744b62e885eacce572a4af5

    • SSDEEP

      3072:ggUo0V8vtY4Huf4df4df4df4df4dfDBYRGfCmPAo+zybZQ6ls78XGuVoDUuX1mF0:ggULVG5H/BuG6wvbi5umDUw1e0

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks