Overview

overview

10

Static

static

8

818062b9c5...18.doc

windows7-x64

10

818062b9c5...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    818062b9c5654db97a9e62e596a067b8_JaffaCakes118

  • Size

    234KB

  • Sample

    240529-xbbwtsed63

  • MD5

    818062b9c5654db97a9e62e596a067b8

  • SHA1

    b85ad08de0e8806b8fca98b8d3928baf7f982a5c

  • SHA256

    fc5b2808613e062e69dcb759c97b62ae00da1088e2d530a3d0f36aa0c79e2141

  • SHA512

    21aafba1faa1fbcc8dac96191cc3c066f7441e494566a2208e817138ce47c864cc76656fda6e11c237284b1b073196f2e98f721f53b6b4c6a342779b266792c4

  • SSDEEP

    3072:gEd93LpGo0aQLomHvsHCNERonfnCuNEQIk4/91v97:gEd2V0NCNEqf2QIfJ7

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://dataland-network.com/0yhPaoFo
exe.dropper

http://128.199.68.28/NUipKSNdX
exe.dropper

http://mbostagezoeken.nl/lTxOW3ais
exe.dropper

http://199.43.199.16/wp-admin/PMnENN7UR
exe.dropper

http://206.189.45.178/wp-content/uploads/aWk9ELnU

Targets

    • Target

      818062b9c5654db97a9e62e596a067b8_JaffaCakes118

    • Size

      234KB

    • MD5

      818062b9c5654db97a9e62e596a067b8

    • SHA1

      b85ad08de0e8806b8fca98b8d3928baf7f982a5c

    • SHA256

      fc5b2808613e062e69dcb759c97b62ae00da1088e2d530a3d0f36aa0c79e2141

    • SHA512

      21aafba1faa1fbcc8dac96191cc3c066f7441e494566a2208e817138ce47c864cc76656fda6e11c237284b1b073196f2e98f721f53b6b4c6a342779b266792c4

    • SSDEEP

      3072:gEd93LpGo0aQLomHvsHCNERonfnCuNEQIk4/91v97:gEd2V0NCNEqf2QIfJ7

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks