Overview

overview

10

Static

static

8

8b1043b49a...18.doc

windows7-x64

10

8b1043b49a...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8b1043b49a8325148a8264164638ed68_JaffaCakes118

  • Size

    135KB

  • Sample

    240601-t3x2lagg5s

  • MD5

    8b1043b49a8325148a8264164638ed68

  • SHA1

    ce402e17f8ab22da1824724ca87acf4554c5a588

  • SHA256

    0b43d86593cd5bfcd8333e50db71d483ecc2238abc5cd2ae6df8cefeff34f4f6

  • SHA512

    233f6e3354f222d4505aba9ada92918e7ba0e3f9ec534bcda76d63b7fc5d1d1abee7ca71b4d6c2efb7610e82f529f051bc3c965e85b1939362aa1a11473b3008

  • SSDEEP

    1536:c81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadf+a9xv8PhcdU2:c8GhDS0o9zTGOZD6EbzCdjucdU2

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://granfreitas.com.br/JF0bdEb
exe.dropper

http://jeffweeksphotography.com/v6R1
exe.dropper

http://advantechnologies.com/EoP5
exe.dropper

http://drcarrico.com.br/aazDUZ
exe.dropper

http://prearis.be/WI

Targets

    • Target

      8b1043b49a8325148a8264164638ed68_JaffaCakes118

    • Size

      135KB

    • MD5

      8b1043b49a8325148a8264164638ed68

    • SHA1

      ce402e17f8ab22da1824724ca87acf4554c5a588

    • SHA256

      0b43d86593cd5bfcd8333e50db71d483ecc2238abc5cd2ae6df8cefeff34f4f6

    • SHA512

      233f6e3354f222d4505aba9ada92918e7ba0e3f9ec534bcda76d63b7fc5d1d1abee7ca71b4d6c2efb7610e82f529f051bc3c965e85b1939362aa1a11473b3008

    • SSDEEP

      1536:c81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadf+a9xv8PhcdU2:c8GhDS0o9zTGOZD6EbzCdjucdU2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks