Overview

overview

10

Static

static

8

8c815b0e5d...18.doc

windows7-x64

10

8c815b0e5d...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c815b0e5df17ad8c3d669337605198c_JaffaCakes118

  • Size

    122KB

  • Sample

    240602-b67q4afc66

  • MD5

    8c815b0e5df17ad8c3d669337605198c

  • SHA1

    7e29c2543811f73608bec589041815b5c196883f

  • SHA256

    5c2d4ed46e476ba2d23eb96eb2dc30c96ff6415dec2e4353aef9e7cd167695b9

  • SHA512

    cf8c00e5bec13e9ee134fcbb78d135cb493a9bc705e78957d6a1fc42295e340d67f509b5e37d0aeec997a08e247cca474ea5b8a5b9e0fb76f8e82fae4983eb5b

  • SSDEEP

    1536:2hJ81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadnBS77K5U+a9:2X8GhDS0o9zTGOZD6EbzCdB0W

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.brandywinematerials.com/I2CTXAByih
exe.dropper

http://www.pamka.tv/IG9MARZ
exe.dropper

http://www.ulsv.ru/MaG0o3h
exe.dropper

http://www.prokombank.ru/REwyMx2T
exe.dropper

http://www.gocarloans.com.au/1Hezijowh

Targets

    • Target

      8c815b0e5df17ad8c3d669337605198c_JaffaCakes118

    • Size

      122KB

    • MD5

      8c815b0e5df17ad8c3d669337605198c

    • SHA1

      7e29c2543811f73608bec589041815b5c196883f

    • SHA256

      5c2d4ed46e476ba2d23eb96eb2dc30c96ff6415dec2e4353aef9e7cd167695b9

    • SHA512

      cf8c00e5bec13e9ee134fcbb78d135cb493a9bc705e78957d6a1fc42295e340d67f509b5e37d0aeec997a08e247cca474ea5b8a5b9e0fb76f8e82fae4983eb5b

    • SSDEEP

      1536:2hJ81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadnBS77K5U+a9:2X8GhDS0o9zTGOZD6EbzCdB0W

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks