Overview

overview

10

Static

static

8

90f1c843da...18.doc

windows7-x64

10

90f1c843da...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    90f1c843da72e08351042e2d696fa7b7_JaffaCakes118

  • Size

    81KB

  • Sample

    240603-h8mx2ahb66

  • MD5

    90f1c843da72e08351042e2d696fa7b7

  • SHA1

    ccad8c70384aebd24b7944192c3fedff8c1c8e59

  • SHA256

    4f73d7c59c7f1373e99d93cc4ba0babbe1fcc366269c427753b4a431ad97af8a

  • SHA512

    8b29e6cf1e476146f5bfcc2d61cecfa35d500d2258ebcc753fca899279e6d38942d936d6073bcb5416819da9c84050cbf764f985319858e0dd32ea3e4bae6b82

  • SSDEEP

    1536:SptJlmrJpmxlRw99NBk+aHTU4rTDUdUNAMeWT:Ote2dw99fJ4r3UdqAMe

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://blog.bctianfu.cn/4
exe.dropper

http://mail.vcacademy.lk/5nLo
exe.dropper

http://lamemoria.in/2ib2Pt
exe.dropper

http://tropicalislandrealtyofflorida.com/NNqM7W
exe.dropper

http://businessarbitr.ru/E

Targets

    • Target

      90f1c843da72e08351042e2d696fa7b7_JaffaCakes118

    • Size

      81KB

    • MD5

      90f1c843da72e08351042e2d696fa7b7

    • SHA1

      ccad8c70384aebd24b7944192c3fedff8c1c8e59

    • SHA256

      4f73d7c59c7f1373e99d93cc4ba0babbe1fcc366269c427753b4a431ad97af8a

    • SHA512

      8b29e6cf1e476146f5bfcc2d61cecfa35d500d2258ebcc753fca899279e6d38942d936d6073bcb5416819da9c84050cbf764f985319858e0dd32ea3e4bae6b82

    • SSDEEP

      1536:SptJlmrJpmxlRw99NBk+aHTU4rTDUdUNAMeWT:Ote2dw99fJ4r3UdqAMe

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks