Overview

overview

10

Static

static

8

8e99150439...18.doc

windows7-x64

10

8e99150439...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e9915043975b67b01971a4ad74fe789_JaffaCakes118

  • Size

    78KB

  • Sample

    240602-s7e6xafh4z

  • MD5

    8e9915043975b67b01971a4ad74fe789

  • SHA1

    fb0e04b39f2ee5400e89c08f0ce8cb2bf66d97a5

  • SHA256

    07afeb101eab97daac3863600d40b1851bd710d4481dbe0a93459fd07624e468

  • SHA512

    85813d5d38ac484c5d915c1352d4ea015ee2df145bd028323a53c62d6f1995720e86fe3957230c734a71b84d345ea47c9dc1e68520d319d0f8a80c790988a844

  • SSDEEP

    1536:VptJlmrJpmxlRw99NBE+aGW3CDp1n+xYpKY:rte2dw99fk3mbn+2pZ

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://alpharockgroup.com/HT
exe.dropper

http://adminflex.dk/l5TF6w
exe.dropper

http://gailong.net/X5AyWfJG
exe.dropper

http://shunji.org/logsite/TJaaB
exe.dropper

http://binar48.ru/OtTlVIU5

Targets

    • Target

      8e9915043975b67b01971a4ad74fe789_JaffaCakes118

    • Size

      78KB

    • MD5

      8e9915043975b67b01971a4ad74fe789

    • SHA1

      fb0e04b39f2ee5400e89c08f0ce8cb2bf66d97a5

    • SHA256

      07afeb101eab97daac3863600d40b1851bd710d4481dbe0a93459fd07624e468

    • SHA512

      85813d5d38ac484c5d915c1352d4ea015ee2df145bd028323a53c62d6f1995720e86fe3957230c734a71b84d345ea47c9dc1e68520d319d0f8a80c790988a844

    • SSDEEP

      1536:VptJlmrJpmxlRw99NBE+aGW3CDp1n+xYpKY:rte2dw99fk3mbn+2pZ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks