Overview

overview

10

Static

static

8

7f2502c191...18.doc

windows7-x64

10

7f2502c191...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7f2502c1912d7b3b5fc9e1bc8c5688d2_JaffaCakes118

  • Size

    35KB

  • Sample

    240529-cbk5aadg7z

  • MD5

    7f2502c1912d7b3b5fc9e1bc8c5688d2

  • SHA1

    75b762f059f634f7e454bfcc0788184bce8bee95

  • SHA256

    44ccb088ea54b0dde11b082e140fc73f0ac78782c67da8088655e3a08fc349a2

  • SHA512

    6b51d4d7a452bcbd55004cbcfa9d9b0dc75389c87a75f1519c9a8ca0562a67beec744c08def78618d5b766c72f04974d9affe30fab39c928d7da6187e10e7985

  • SSDEEP

    384:W0iSbOMKKHK1OM5Gf/Sc2WYNesHe1jmaDCvjN0j4VpYtXd:JKKq13lemazCv5H

Score
10/10
executionmacromacro_on_action

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://younqone.com/files/mm.exe

Targets

    • Target

      7f2502c1912d7b3b5fc9e1bc8c5688d2_JaffaCakes118

    • Size

      35KB

    • MD5

      7f2502c1912d7b3b5fc9e1bc8c5688d2

    • SHA1

      75b762f059f634f7e454bfcc0788184bce8bee95

    • SHA256

      44ccb088ea54b0dde11b082e140fc73f0ac78782c67da8088655e3a08fc349a2

    • SHA512

      6b51d4d7a452bcbd55004cbcfa9d9b0dc75389c87a75f1519c9a8ca0562a67beec744c08def78618d5b766c72f04974d9affe30fab39c928d7da6187e10e7985

    • SSDEEP

      384:W0iSbOMKKHK1OM5Gf/Sc2WYNesHe1jmaDCvjN0j4VpYtXd:JKKq13lemazCv5H

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks