Overview

overview

10

Static

static

8

93634bb30a...18.doc

windows7-x64

10

93634bb30a...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93634bb30afa7b46818ec9acc0b35930_JaffaCakes118

  • Size

    83KB

  • Sample

    240604-cydcysac6s

  • MD5

    93634bb30afa7b46818ec9acc0b35930

  • SHA1

    87be3a767b0d695d65347451d083368ac91d5770

  • SHA256

    982721beff89e6e32a545753491e255ab77d814cb63495a78dad3c0572eb05d4

  • SHA512

    38aa6069592eccc5516802edfdc106578d3bd9355318495f6c4b80fcefc089adf6045707398075a1c7af329c147ca52238128f1ac4c5f62e13a5ca0b05efc70a

  • SSDEEP

    1536:fptJlmrJpmxlRw99NBd+aBU1dfaJKI+j:xte2dw99fYja0I+j

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://djtosh.co.za/rrp
exe.dropper

http://virginie.exstyle.fr/a
exe.dropper

http://projettv.baudtanette.fr/FZ00c23Z
exe.dropper

http://mujerproductivaradio.jacquelinezorrilla.com/O
exe.dropper

http://esinvestmentinc.ezitsolutions.net/UIf

Targets

    • Target

      93634bb30afa7b46818ec9acc0b35930_JaffaCakes118

    • Size

      83KB

    • MD5

      93634bb30afa7b46818ec9acc0b35930

    • SHA1

      87be3a767b0d695d65347451d083368ac91d5770

    • SHA256

      982721beff89e6e32a545753491e255ab77d814cb63495a78dad3c0572eb05d4

    • SHA512

      38aa6069592eccc5516802edfdc106578d3bd9355318495f6c4b80fcefc089adf6045707398075a1c7af329c147ca52238128f1ac4c5f62e13a5ca0b05efc70a

    • SSDEEP

      1536:fptJlmrJpmxlRw99NBd+aBU1dfaJKI+j:xte2dw99fYja0I+j

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks