Overview

overview

10

Static

static

1

I_427574.docx

windows7-x64

10

I_427574.docx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    786e98405e3e209c53db41fc4ac8f4ed_JaffaCakes118

  • Size

    91KB

  • Sample

    240527-jtmt6aea56

  • MD5

    786e98405e3e209c53db41fc4ac8f4ed

  • SHA1

    f963a0b4087c1ee3f975c01f441cd1ee9ac83dcc

  • SHA256

    f7e897dbcc63afcaec957700ab091ce9ae06e9880d84bf4f81c47349b38a41b4

  • SHA512

    55aa568111ff8be16e8f77f2270ea9dae5618b74bb7534a3c6e9dbcaee44dc87ccdf4900f5b4d2274a603f0ac842606ead270589762aa517bb08f1af6cc3acbd

  • SSDEEP

    768:TgXpKz793WsKqOkWsKJ09bPYaOOaKCjsZoKZpKzlq1WsKJw1qraqQ+1cecm87WD0:2C93W2WR0IKCjcn1WQqQ+eWDSTtU

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://alexandradickman.com/KJHDhbje71

Targets

    • Target

      I_427574.doc

    • Size

      13KB

    • MD5

      1cb9a32af5b30aa26d6198c8b5c46168

    • SHA1

      53c715d90ba6eccbfde4d231c5f1c0280835c514

    • SHA256

      ea132c34ebbc591eda78531e2bfb9a4cb40e55a245191f54e82df25be9b58db2

    • SHA512

      2856d1f6b7a7768d1695c515d760780357f7e4fddb7a07416ef4fa7a89c5556086830ebe6db7910a788ed5cd3c11db6d75d46bdc80a4875ded589391a8886d7e

    • SSDEEP

      192:CtNCNMf8obL6bj9zJCvLecm8hhL46G0o2M8Uvnp3GlWZmTOeKfR6:aNSQmx1CTecm87XG0ogUh/UTtKfR6

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks