Overview

overview

10

Static

static

8

b3c463033a...18.doc

windows7-x64

10

b3c463033a...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b3c463033af67e9225016f6cba6a5f1b_JaffaCakes118

  • Size

    232KB

  • Sample

    240616-qts5haygpq

  • MD5

    b3c463033af67e9225016f6cba6a5f1b

  • SHA1

    da975fdceca9fc057f1138c3c25cb62370044a42

  • SHA256

    c8cfe845de49e0dbc52e306ed2be01f67eee457628f2bf93082ec6b15853197f

  • SHA512

    7aee050a6fe3c07f1335a639a3b5d126f28667c99665f2f3c016ac288dca2e0ae212f0aa11b9d1bf28e4b4a94357464bb28d03600ea85746cceb1a0413516ba0

  • SSDEEP

    3072:tH9nBf4SuEjAhmAMOc7kkkko1rkGuF3tBInxGGq5EyXJm9YBmjDwy7D6tGff:tFVeEsjdXRC3jexGG6TYWofwyv6tGf

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://wildpete.com/73v5/
exe.dropper

http://www.escoladeemagrecimento.com.br/jl/
exe.dropper

http://www.southgatetowerquan7.com.vn/aokE/
exe.dropper

http://www.salinzada.com/4A3bU8Pb/
exe.dropper

http://www.tomsbigworld.com/VKT9j/

Targets

    • Target

      b3c463033af67e9225016f6cba6a5f1b_JaffaCakes118

    • Size

      232KB

    • MD5

      b3c463033af67e9225016f6cba6a5f1b

    • SHA1

      da975fdceca9fc057f1138c3c25cb62370044a42

    • SHA256

      c8cfe845de49e0dbc52e306ed2be01f67eee457628f2bf93082ec6b15853197f

    • SHA512

      7aee050a6fe3c07f1335a639a3b5d126f28667c99665f2f3c016ac288dca2e0ae212f0aa11b9d1bf28e4b4a94357464bb28d03600ea85746cceb1a0413516ba0

    • SSDEEP

      3072:tH9nBf4SuEjAhmAMOc7kkkko1rkGuF3tBInxGGq5EyXJm9YBmjDwy7D6tGff:tFVeEsjdXRC3jexGG6TYWofwyv6tGf

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks