Overview

overview

10

Static

static

8

87cf239da2...18.doc

windows7-x64

10

87cf239da2...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    87cf239da2f6be707863119899a51869_JaffaCakes118

  • Size

    88KB

  • Sample

    240531-wcyxbaff5s

  • MD5

    87cf239da2f6be707863119899a51869

  • SHA1

    82ff49eea53759f63a03b90a73a152fd8c207bde

  • SHA256

    63e1718a3b4d658a1672e24c081e36dd42bcaa74f03db39621afb7470822a28d

  • SHA512

    e18cbdec3730e10cc0899853ba9369dc86d556559a037fe7c61234679a009da8c2d5c8621bd34f0a06e1d042b48719727529e1653a08d2e5ad49102aca12d8d6

  • SSDEEP

    768:zpJcaUitGAlmrJpmxlzC+w99NB++1ouFqKKLHSsm8eeOuGyUy/PjbfydIW0K+U:zptJlmrJpmxlRw99NB++auk0kHDvuW

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://yurystvpolshi.pl/12127D
exe.dropper

http://finansvekredi.com/E
exe.dropper

http://www.she-wolf.eu/vs4WT
exe.dropper

http://sunflowerschoolandcollege.com/wordpress/FQ8NEHLV
exe.dropper

http://bucakservisciler.com/dQcPfG

Targets

    • Target

      87cf239da2f6be707863119899a51869_JaffaCakes118

    • Size

      88KB

    • MD5

      87cf239da2f6be707863119899a51869

    • SHA1

      82ff49eea53759f63a03b90a73a152fd8c207bde

    • SHA256

      63e1718a3b4d658a1672e24c081e36dd42bcaa74f03db39621afb7470822a28d

    • SHA512

      e18cbdec3730e10cc0899853ba9369dc86d556559a037fe7c61234679a009da8c2d5c8621bd34f0a06e1d042b48719727529e1653a08d2e5ad49102aca12d8d6

    • SSDEEP

      768:zpJcaUitGAlmrJpmxlzC+w99NB++1ouFqKKLHSsm8eeOuGyUy/PjbfydIW0K+U:zptJlmrJpmxlRw99NB++auk0kHDvuW

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks