Overview

overview

10

Static

static

1

9b59006f4f...18.rtf

windows7-x64

10

9b59006f4f...18.rtf

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    9b59006f4fcfe00a50a7d40aff1a09c3_JaffaCakes118

  • Size

    691KB

  • Sample

    240610-t8j2xstgkk

  • MD5

    9b59006f4fcfe00a50a7d40aff1a09c3

  • SHA1

    38a48704c91102831f2fa21982950a2f3682da50

  • SHA256

    b8cf0c0eb811ad88cb3210779047dc06e4ea32ba6cb48bbf14c15d6588821ade

  • SHA512

    e389d2efe565d2ade409c133f7f9821aac96c6e89ba181bbfe5057885ec0eb120d599957905b38872ab2dfccdb5fc7afbf20a8db545eac3cdebf177b6ccb81b9

  • SSDEEP

    3072:YkoI6HWpkoI6HWpkoI6HWpkoI6HWpkoI6HWA:Ydwdwdwdwd9

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://lashawnbarber.com/images/files/okey.exe
exe.dropper

http://www.iiswc.org/iiswc2009/sample.doc

Targets

    • Target

      9b59006f4fcfe00a50a7d40aff1a09c3_JaffaCakes118

    • Size

      691KB

    • MD5

      9b59006f4fcfe00a50a7d40aff1a09c3

    • SHA1

      38a48704c91102831f2fa21982950a2f3682da50

    • SHA256

      b8cf0c0eb811ad88cb3210779047dc06e4ea32ba6cb48bbf14c15d6588821ade

    • SHA512

      e389d2efe565d2ade409c133f7f9821aac96c6e89ba181bbfe5057885ec0eb120d599957905b38872ab2dfccdb5fc7afbf20a8db545eac3cdebf177b6ccb81b9

    • SSDEEP

      3072:YkoI6HWpkoI6HWpkoI6HWpkoI6HWpkoI6HWA:Ydwdwdwdwd9

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks