Overview

overview

10

Static

static

8

9620258394...18.doc

windows7-x64

10

9620258394...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96202583948a0ce6efb4eb35ca965276_JaffaCakes118

  • Size

    183KB

  • Sample

    240604-y2pfaaab3y

  • MD5

    96202583948a0ce6efb4eb35ca965276

  • SHA1

    0b3c2d3ab4f2249263af76f57a4d12baffbf5b05

  • SHA256

    aa49d6a5978eb608d19c59153bd26318e2fe37f178c0fea65267894f34b01d2e

  • SHA512

    6123095465c4b45fae9575d54f698f372e10ef15946114199fbed004a993d92da261f31d14b1c11d465038e452f40b2fc50a10610951e4565c102700fea1a9c0

  • SSDEEP

    3072:XgUo0V8vtY4Huf4df4df4df4df4dfQJG1Y8q7kU6uQpzAiXajJjfY1xPmdvm:XgULVG5HEJG1VqDTQpzAiXajJ7qxPmdO

Score
10/10
executionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://hawkinscs.com/uBmDMGkJ
exe.dropper

http://hydrocarbonreports.com/0
exe.dropper

http://grupovisionpr.com/GJjBPh
exe.dropper

http://ajx3.com/akDJlHl
exe.dropper

http://kazak.zendo.in.ua/7G4P

Targets

    • Target

      96202583948a0ce6efb4eb35ca965276_JaffaCakes118

    • Size

      183KB

    • MD5

      96202583948a0ce6efb4eb35ca965276

    • SHA1

      0b3c2d3ab4f2249263af76f57a4d12baffbf5b05

    • SHA256

      aa49d6a5978eb608d19c59153bd26318e2fe37f178c0fea65267894f34b01d2e

    • SHA512

      6123095465c4b45fae9575d54f698f372e10ef15946114199fbed004a993d92da261f31d14b1c11d465038e452f40b2fc50a10610951e4565c102700fea1a9c0

    • SSDEEP

      3072:XgUo0V8vtY4Huf4df4df4df4df4dfQJG1Y8q7kU6uQpzAiXajJjfY1xPmdvm:XgULVG5HEJG1VqDTQpzAiXajJ7qxPmdO

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks