Overview

overview

10

Static

static

1

b6e312dc6f...18.doc

windows7-x64

10

b6e312dc6f...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6e312dc6f25b99048e277ff7cb8fef4_JaffaCakes118

  • Size

    247KB

  • Sample

    240617-fnwckavhlg

  • MD5

    b6e312dc6f25b99048e277ff7cb8fef4

  • SHA1

    a03376bf3a67155dc906a3039ca3afad7e357c84

  • SHA256

    b2394890cf140c5c5c9778cb8c4af966ea595633bd6675403b40ce1ed4beaf36

  • SHA512

    d78d9b6203a1f847e67f739396c62aab2801d94f8517d29c70fb0d069594fcfc0f612c982bd0e68bd92dd78b3cefb8a87a524b3acdb12e0ac915c59cd340d8ff

  • SSDEEP

    3072:O0pZw8oxWWUfZtNdHARTo37pnoIjL/xSu90OoiLuDKZXfwKeljR15:Vw8oxyfRdHJ1no+xUOmD+XfwLV

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://izavu.com/2YyzYLBTWaDDJHH_p5KGNzJ98
exe.dropper

http://fatemehmahmoudi.com/O7vPVD8QBFU
exe.dropper

http://eaglerenew.com/tNWRPW8aNz9aHrQf
exe.dropper

http://eficiens.cl/SzbEr8mnvogg7w8
exe.dropper

http://eaglerenew.delosvacations.com/imhUox0A

Targets

    • Target

      b6e312dc6f25b99048e277ff7cb8fef4_JaffaCakes118

    • Size

      247KB

    • MD5

      b6e312dc6f25b99048e277ff7cb8fef4

    • SHA1

      a03376bf3a67155dc906a3039ca3afad7e357c84

    • SHA256

      b2394890cf140c5c5c9778cb8c4af966ea595633bd6675403b40ce1ed4beaf36

    • SHA512

      d78d9b6203a1f847e67f739396c62aab2801d94f8517d29c70fb0d069594fcfc0f612c982bd0e68bd92dd78b3cefb8a87a524b3acdb12e0ac915c59cd340d8ff

    • SSDEEP

      3072:O0pZw8oxWWUfZtNdHARTo37pnoIjL/xSu90OoiLuDKZXfwKeljR15:Vw8oxyfRdHJ1no+xUOmD+XfwLV

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks