Overview

overview

10

Static

static

1

90518e89ef...18.doc

windows7-x64

10

90518e89ef...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    90518e89ef705981a2f552a6020d7e1f_JaffaCakes118

  • Size

    314KB

  • Sample

    240603-dexg6agg6s

  • MD5

    90518e89ef705981a2f552a6020d7e1f

  • SHA1

    25916db288c8514022b1f9d93eca4d9615865617

  • SHA256

    ea43e44fe8202b2c586361221366d6d73c7a3f9e00b3471202c81fc8b104dd94

  • SHA512

    7a0ff12f2c7bd4eac41be886c6b4996678a4cf5093b9acb129b2fe5555a36497357e46f314c369953a2ce5d7280d0be925876a3e208401cec603bb664085abc2

  • SSDEEP

    6144:XyqIe6hh859+cs2idc7EeCChevXlwc9Kf:BAhO59jw6FePlkf

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://summertreesnews.com/0GkOWnOx16FEka
exe.dropper

http://ziyimusic.com/UodjTJ0riBe3w_gBUxJCO
exe.dropper

http://shalomsilverspring.com/DjYnScdrVeCU
exe.dropper

http://grupomedica.equipment/Ftfh7wZ3JuiVUFr
exe.dropper

http://hapoo.pet/9vYXJezSnwW3Q

Targets

    • Target

      90518e89ef705981a2f552a6020d7e1f_JaffaCakes118

    • Size

      314KB

    • MD5

      90518e89ef705981a2f552a6020d7e1f

    • SHA1

      25916db288c8514022b1f9d93eca4d9615865617

    • SHA256

      ea43e44fe8202b2c586361221366d6d73c7a3f9e00b3471202c81fc8b104dd94

    • SHA512

      7a0ff12f2c7bd4eac41be886c6b4996678a4cf5093b9acb129b2fe5555a36497357e46f314c369953a2ce5d7280d0be925876a3e208401cec603bb664085abc2

    • SSDEEP

      6144:XyqIe6hh859+cs2idc7EeCChevXlwc9Kf:BAhO59jw6FePlkf

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks