Overview

overview

10

Static

static

8

a774d6487d...18.doc

windows7-x64

10

a774d6487d...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a774d6487dc1a0649813a124beffebdd_JaffaCakes118

  • Size

    93KB

  • Sample

    240614-bf1j4asfmj

  • MD5

    a774d6487dc1a0649813a124beffebdd

  • SHA1

    ed860962c0c6bdb2146ce75af56e094dbfa7e4ce

  • SHA256

    8d9e4d35475f67fa6a7afd266223740d67c834b848d2f410d783ef834531700e

  • SHA512

    28b0d6493a9cdd2444955c977118c94ca1d47d75cd8a8eed354bad724fb47c92f755acd7808d228b94e2950db5155a0eb10de2eba3f3f550a07ed6a0b1ce9033

  • SSDEEP

    1536:xptJlmrJpmxlRw99NBL+aL+PkEaaXQiFKLd:vte2dw99fykBaXQi

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://webmounts.co.ke/rmFksbPG
exe.dropper

http://pengacaraperceraian.pengacaratopsurabaya.com/s6
exe.dropper

http://wp1.lukas.fr/9lvv9kkr
exe.dropper

http://marbdobrasil.com/3X
exe.dropper

http://repro4.com/website/wp-content/uploads/Hbdsm

Targets

    • Target

      a774d6487dc1a0649813a124beffebdd_JaffaCakes118

    • Size

      93KB

    • MD5

      a774d6487dc1a0649813a124beffebdd

    • SHA1

      ed860962c0c6bdb2146ce75af56e094dbfa7e4ce

    • SHA256

      8d9e4d35475f67fa6a7afd266223740d67c834b848d2f410d783ef834531700e

    • SHA512

      28b0d6493a9cdd2444955c977118c94ca1d47d75cd8a8eed354bad724fb47c92f755acd7808d228b94e2950db5155a0eb10de2eba3f3f550a07ed6a0b1ce9033

    • SSDEEP

      1536:xptJlmrJpmxlRw99NBL+aL+PkEaaXQiFKLd:vte2dw99fykBaXQi

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks