Overview

overview

10

Static

static

8

71136aab6c...18.doc

windows7-x64

10

71136aab6c...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    71136aab6cae39e138fab55e2f00a583_JaffaCakes118

  • Size

    76KB

  • Sample

    240525-gwdm6agh54

  • MD5

    71136aab6cae39e138fab55e2f00a583

  • SHA1

    164bc374e50c579c0557ec32cd573afc907db362

  • SHA256

    aba5bddcd0584140102c5a904be47f3025b6ba796114bbd2039e272bf26d7be7

  • SHA512

    c1ed00716505531ef2a2c60ddd0e06e9a1bba03f10483a18f5eab07e91cd4283ebf03ea9f100d34657821e30cb1f17d0e0a273824cddeab4addef4523be7300e

  • SSDEEP

    1536:3nptJlmrJpmxlRw99NBq+ax4+6MT4I6Dhl93tCX:Zte2dw99fUn8

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://tresillosmunoz.com/2HB
exe.dropper

http://tonyleme.com.br/8l3XcSKQ
exe.dropper

http://sg2i.com/wwG
exe.dropper

http://lunacine.com/CQ
exe.dropper

http://www.yuanjhua.com/OwUzt

Targets

    • Target

      71136aab6cae39e138fab55e2f00a583_JaffaCakes118

    • Size

      76KB

    • MD5

      71136aab6cae39e138fab55e2f00a583

    • SHA1

      164bc374e50c579c0557ec32cd573afc907db362

    • SHA256

      aba5bddcd0584140102c5a904be47f3025b6ba796114bbd2039e272bf26d7be7

    • SHA512

      c1ed00716505531ef2a2c60ddd0e06e9a1bba03f10483a18f5eab07e91cd4283ebf03ea9f100d34657821e30cb1f17d0e0a273824cddeab4addef4523be7300e

    • SSDEEP

      1536:3nptJlmrJpmxlRw99NBq+ax4+6MT4I6Dhl93tCX:Zte2dw99fUn8

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks