Overview

overview

10

Static

static

8

98ec0fe3e7...18.doc

windows7-x64

10

98ec0fe3e7...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    98ec0fe3e7e17df06c766f6e4d7e5a3b_JaffaCakes118

  • Size

    132KB

  • Sample

    240605-w7glhsfc43

  • MD5

    98ec0fe3e7e17df06c766f6e4d7e5a3b

  • SHA1

    239a7bad2957d1d7e15426c927d8ccd1834387f8

  • SHA256

    ef3738867469a3467ef046cd16397e2a00145eda1ab9c66e7dc30910dad10509

  • SHA512

    f9485eb16e58b4554f44fad68bb70e16c0b7f5bead062ec3b9571dec63678c6257b806c79e64717aa07b686f332caddef96a86bfc2449906a5bafe77b60b996f

  • SSDEEP

    3072:ic8GhDS0o9zTGOZD6EbzCdXcE6ErJQbc:iioUOZDlbeX1zrJV

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://delhifabrics.com/dvPxItY
exe.dropper

http://kaiteelao.com/ZiN8rdvvMj
exe.dropper

http://altayusa.com/wvvccw/IKYMK5Soc
exe.dropper

http://meunasahmesjid.desa.id/NB0K5EE
exe.dropper

http://likaami.com/49GakoBi

Targets

    • Target

      98ec0fe3e7e17df06c766f6e4d7e5a3b_JaffaCakes118

    • Size

      132KB

    • MD5

      98ec0fe3e7e17df06c766f6e4d7e5a3b

    • SHA1

      239a7bad2957d1d7e15426c927d8ccd1834387f8

    • SHA256

      ef3738867469a3467ef046cd16397e2a00145eda1ab9c66e7dc30910dad10509

    • SHA512

      f9485eb16e58b4554f44fad68bb70e16c0b7f5bead062ec3b9571dec63678c6257b806c79e64717aa07b686f332caddef96a86bfc2449906a5bafe77b60b996f

    • SSDEEP

      3072:ic8GhDS0o9zTGOZD6EbzCdXcE6ErJQbc:iioUOZDlbeX1zrJV

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks