Overview

overview

10

Static

static

1

620a53fb17...18.doc

windows7-x64

10

620a53fb17...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    620a53fb175e89ffa9d3bb418de2bf76JaffaCakes118

  • Size

    209KB

  • Sample

    240523-arg2fseg97

  • MD5

    620a53fb175e89ffa9d3bb418de2bf76

  • SHA1

    0aaee79492b8ab7a5a7a0fe6a7d8b5ec1891bd07

  • SHA256

    21ac00f9881bdec79e953f5b17bfc41a39b74f7f584c228a88783fdbf6b2f9ce

  • SHA512

    ab99b5555f92ff4b6f9144c878499846740d37ecf1842bdbd88ae6e5158a96fd79e563abb05eb75621666bc254b72c441a670388a9b280fd1b8276b2de8b7896

  • SSDEEP

    3072:q/EEAUFdf/OkQf4I6iNKDzaJFUKc0UTE7yZRUV7RJeOzi8+:HEAgd7k4IZEDzYUTE7yZRVUi8+

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://mhnew.enabledware.com/wp-content/upgrade/1Qvuku8g
exe.dropper

http://maquinadefalaringles.info/Us1uHMn
exe.dropper

http://5072610.ru/YjNBdzFKT9
exe.dropper

http://bietthunghiduong24h.info/oVQCPSWV
exe.dropper

http://ustpharm89.net/sYr7xBoXx

Targets

    • Target

      620a53fb175e89ffa9d3bb418de2bf76JaffaCakes118

    • Size

      209KB

    • MD5

      620a53fb175e89ffa9d3bb418de2bf76

    • SHA1

      0aaee79492b8ab7a5a7a0fe6a7d8b5ec1891bd07

    • SHA256

      21ac00f9881bdec79e953f5b17bfc41a39b74f7f584c228a88783fdbf6b2f9ce

    • SHA512

      ab99b5555f92ff4b6f9144c878499846740d37ecf1842bdbd88ae6e5158a96fd79e563abb05eb75621666bc254b72c441a670388a9b280fd1b8276b2de8b7896

    • SSDEEP

      3072:q/EEAUFdf/OkQf4I6iNKDzaJFUKc0UTE7yZRUV7RJeOzi8+:HEAgd7k4IZEDzYUTE7yZRVUi8+

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks