Overview

overview

10

Static

static

1

9ec5043799...18.doc

windows7-x64

10

9ec5043799...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ec5043799b59969b50f495cfbdb61f8_JaffaCakes118

  • Size

    274KB

  • Sample

    240611-tpye7sshja

  • MD5

    9ec5043799b59969b50f495cfbdb61f8

  • SHA1

    e47d84e9901ace369700e183cda378eb5f2ecad8

  • SHA256

    7354868aadba7dfdbec5e57abd926ff946faa9b57894f126379e6419c11817b5

  • SHA512

    5809481376514408febc2ea61f70281cf18998169a9082f835f19ea173f456b6f332eff52609bd664dd0422b73dfe94930df155ed438a8222f7b9780b150e558

  • SSDEEP

    3072:Holv4ePMtnCBKZckiM0nkg4A/x1YPAkjL/xSu90OoiLuDKZXfwKeljR17:JLttifn74U2PASxUOmD+XfwLH

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://darktowergaming.com/OEWdo9qt
exe.dropper

http://manhphu.xyz/kRMM9axO1e
exe.dropper

http://actron.com.my/WnSslvdQG
exe.dropper

http://nankaimpa.org/JXzfwPjXB
exe.dropper

http://www.doorlife.co.in/g11m6lr

Targets

    • Target

      9ec5043799b59969b50f495cfbdb61f8_JaffaCakes118

    • Size

      274KB

    • MD5

      9ec5043799b59969b50f495cfbdb61f8

    • SHA1

      e47d84e9901ace369700e183cda378eb5f2ecad8

    • SHA256

      7354868aadba7dfdbec5e57abd926ff946faa9b57894f126379e6419c11817b5

    • SHA512

      5809481376514408febc2ea61f70281cf18998169a9082f835f19ea173f456b6f332eff52609bd664dd0422b73dfe94930df155ed438a8222f7b9780b150e558

    • SSDEEP

      3072:Holv4ePMtnCBKZckiM0nkg4A/x1YPAkjL/xSu90OoiLuDKZXfwKeljR17:JLttifn74U2PASxUOmD+XfwLH

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks