Overview

overview

10

Static

static

8

74b7937d9d...18.doc

windows7-x64

10

74b7937d9d...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74b7937d9dde45f0074f84a9b498f78aJaffaCakes118

  • Size

    116KB

  • Sample

    240531-dp33paec47

  • MD5

    74b7937d9dde45f0074f84a9b498f78a

  • SHA1

    1277e5b4de10821cd4639c7b7d8432c63eef80bf

  • SHA256

    0da2937ce8a3abe5aea37dd08b2e0d20e384dfa9fbdaa322cd65c554bbfe245f

  • SHA512

    056b1b624abb1ef2d5b26cac5aa6117d191309d89b6d2f4e3b4b1086d1bce450f60458c36b92b07dafb5f500346b2f298f69dd09a878383dbf69d9e18acb1d5d

  • SSDEEP

    1536:DD7MGWIgX0z/OGNFK+agC//4n/+ssAeTQDg4C:P79yXsE/g/+PAe8DnC

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://weltcars.com/KQRlI5J2z/
exe.dropper

http://www.lexus8.com/application/app/storage/fcUvyw/
exe.dropper

http://tramper.cn/mYxYbKPAYL/
exe.dropper

http://www.dadaizm.com/8NsZJvZYoy/
exe.dropper

http://mguize.com.br/ljvj3K7/

Targets

    • Target

      74b7937d9dde45f0074f84a9b498f78aJaffaCakes118

    • Size

      116KB

    • MD5

      74b7937d9dde45f0074f84a9b498f78a

    • SHA1

      1277e5b4de10821cd4639c7b7d8432c63eef80bf

    • SHA256

      0da2937ce8a3abe5aea37dd08b2e0d20e384dfa9fbdaa322cd65c554bbfe245f

    • SHA512

      056b1b624abb1ef2d5b26cac5aa6117d191309d89b6d2f4e3b4b1086d1bce450f60458c36b92b07dafb5f500346b2f298f69dd09a878383dbf69d9e18acb1d5d

    • SSDEEP

      1536:DD7MGWIgX0z/OGNFK+agC//4n/+ssAeTQDg4C:P79yXsE/g/+PAe8DnC

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks