Overview

overview

10

Static

static

8

84773231fe...18.msg

windows7-x64

5

84773231fe...18.msg

windows10-2004-x64

3

F4_90-91_P845.doc

windows7-x64

10

F4_90-91_P845.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    84773231fe9827f0eab90fc85cf113ea_JaffaCakes118

  • Size

    103KB

  • Sample

    240530-rrpjzacf63

  • MD5

    84773231fe9827f0eab90fc85cf113ea

  • SHA1

    ce3f3be8b74687abb009386fb5ad7b3138f808a7

  • SHA256

    5665523cf573835a86d39d1dd7f0f7ae886530cafc7d60e8a66767630869e19f

  • SHA512

    be849e1e69f1129ecbba804918920a6b63be24c4008f3fb978e4dabdb4032ed33f68931405db5b750020233c3f415441312425a114d26e3e458376e030089ccb

  • SSDEEP

    768:V/+w6k3JZfubC7FLVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBt+1o9OkDOsDPjb:Z731ZLocn1kp59gxBK85fBt+a9LdS

Score
10/10
macro

Malware Config

Targets

    • Target

      84773231fe9827f0eab90fc85cf113ea_JaffaCakes118

    • Size

      103KB

    • MD5

      84773231fe9827f0eab90fc85cf113ea

    • SHA1

      ce3f3be8b74687abb009386fb5ad7b3138f808a7

    • SHA256

      5665523cf573835a86d39d1dd7f0f7ae886530cafc7d60e8a66767630869e19f

    • SHA512

      be849e1e69f1129ecbba804918920a6b63be24c4008f3fb978e4dabdb4032ed33f68931405db5b750020233c3f415441312425a114d26e3e458376e030089ccb

    • SSDEEP

      768:V/+w6k3JZfubC7FLVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBt+1o9OkDOsDPjb:Z731ZLocn1kp59gxBK85fBt+a9LdS

    Score
    5/10

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      F4_90-91_P845.doc

    • Size

      76KB

    • MD5

      8c31c4839471e1ee013296af2380ec89

    • SHA1

      cf72c6d17e22d6b516229a57f9294b22333dcd67

    • SHA256

      907054ec3ccab5aefc7ab082f70746b8861099f32f5622f549d35ae27b1ff2bf

    • SHA512

      5e5cfc95b835816133f453ce10bd0ca9d8252187fa1c61981aa1fd24c66c489a3c85a13c89502614e6d7dc67b516938bfa0aa1117479210e29fbe2e05d0a0b31

    • SSDEEP

      768:V7FLVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBt+1o9OkDOsDPjEed72g:VZLocn1kp59gxBK85fBt+a9LdS

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks