Overview

overview

10

Static

static

8

88ed173a8d...18.doc

windows7-x64

10

88ed173a8d...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    88ed173a8d99d149c094ece725ca4971_JaffaCakes118

  • Size

    118KB

  • Sample

    240601-beb54sca9w

  • MD5

    88ed173a8d99d149c094ece725ca4971

  • SHA1

    2d7c8d947010f530eccb8a883c80a5f4986de57a

  • SHA256

    44dd32692d0e613a75553fa9bf43a0b9c16e9469c64c7a4e4d8bdfd003772746

  • SHA512

    46ea360ce809d5a29b8d4303cdc0d504889a1996017bfa55cce4de16bb82525bac0e5c4f133bf68ae5b1382b4cf75fec62a3727d1294f296957e01e35b2aa91c

  • SSDEEP

    1536:HW3KKCeLbBj1YW+agz6FCJJD76gWYXeVal7d+v:2ieLNM6FI97IJ

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://trostel.eu/G0r8KdEtHu/
exe.dropper

http://thecentralbaptist.com/pMI9u5l/
exe.dropper

http://houselight.com.br/6ROEQfpdJJ/
exe.dropper

http://rusys.lt/thbcIeIjA/
exe.dropper

http://bunt.com/openx/www/spqRlLMl/

Targets

    • Target

      88ed173a8d99d149c094ece725ca4971_JaffaCakes118

    • Size

      118KB

    • MD5

      88ed173a8d99d149c094ece725ca4971

    • SHA1

      2d7c8d947010f530eccb8a883c80a5f4986de57a

    • SHA256

      44dd32692d0e613a75553fa9bf43a0b9c16e9469c64c7a4e4d8bdfd003772746

    • SHA512

      46ea360ce809d5a29b8d4303cdc0d504889a1996017bfa55cce4de16bb82525bac0e5c4f133bf68ae5b1382b4cf75fec62a3727d1294f296957e01e35b2aa91c

    • SSDEEP

      1536:HW3KKCeLbBj1YW+agz6FCJJD76gWYXeVal7d+v:2ieLNM6FI97IJ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks