Overview

overview

10

Static

static

8

8e38ae77c1...8.docm

windows7-x64

10

8e38ae77c1...8.docm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8e38ae77c152ce9c9d94e1c98361dedb_JaffaCakes118

  • Size

    58KB

  • Sample

    240602-qncwbsdd4t

  • MD5

    8e38ae77c152ce9c9d94e1c98361dedb

  • SHA1

    08c295d15d6032e7a55d317866e304a1e3670006

  • SHA256

    ef64729cf6131df48fdadb861e7963fd3122e884bc75bc83d34d71718843b0bb

  • SHA512

    ccb5dfab9414f7420893868996266d3b7576ea7c4e03c290d85f1ed381510abb0bbf9855f985eedf7fd2db7e77e2acaca632a35cb25d49f3b34ccdc14e905343

  • SSDEEP

    1536:BiZ+C6w7T812pqqaRhy1djPB5h3bdVrzzN4t/qv1:B/G380pwnM1r5bzZu81

Score
10/10
macro

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://66.55.133.84/REX/slick.php?utma=itantion2

Extracted

Language
hta
Source
URLs
hta.dropper

http://auwhguahsdusahdsd.com/REX/slick.php?utma=itantion2

Targets

    • Target

      8e38ae77c152ce9c9d94e1c98361dedb_JaffaCakes118

    • Size

      58KB

    • MD5

      8e38ae77c152ce9c9d94e1c98361dedb

    • SHA1

      08c295d15d6032e7a55d317866e304a1e3670006

    • SHA256

      ef64729cf6131df48fdadb861e7963fd3122e884bc75bc83d34d71718843b0bb

    • SHA512

      ccb5dfab9414f7420893868996266d3b7576ea7c4e03c290d85f1ed381510abb0bbf9855f985eedf7fd2db7e77e2acaca632a35cb25d49f3b34ccdc14e905343

    • SSDEEP

      1536:BiZ+C6w7T812pqqaRhy1djPB5h3bdVrzzN4t/qv1:B/G380pwnM1r5bzZu81

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks