Overview

overview

10

Static

static

1

306bed698e...18.rtf

windows7-x64

10

306bed698e...18.rtf

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    306bed698ed9a2b33c376c4668dcb774_JaffaCakes118

  • Size

    737KB

  • Sample

    240709-px7lmavbpk

  • MD5

    306bed698ed9a2b33c376c4668dcb774

  • SHA1

    754e53e33f2745bc86b98a27bdb837d083356780

  • SHA256

    fe2eb895f13534b1380c37f467e31b4f5ee42d092442924b5baac6b03325549e

  • SHA512

    7f021846f92bf0c1a7b6c5f464a718c87829a288b18af30f45a924e6749a0a3ddb1460e9c0c2a552d1cf1c0f373a2008599c9eb1a578ada809b5180a1cc4c068

  • SSDEEP

    6144:W6fiH+6fiHl6fiHq6fiHr6fiHW6fiH56fiHz6fiHk6fiHM6fiH9m6:WSRWHy9fYQ5J

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://fast-cargo.com/images/file/vb/35.vbs

Targets

    • Target

      306bed698ed9a2b33c376c4668dcb774_JaffaCakes118

    • Size

      737KB

    • MD5

      306bed698ed9a2b33c376c4668dcb774

    • SHA1

      754e53e33f2745bc86b98a27bdb837d083356780

    • SHA256

      fe2eb895f13534b1380c37f467e31b4f5ee42d092442924b5baac6b03325549e

    • SHA512

      7f021846f92bf0c1a7b6c5f464a718c87829a288b18af30f45a924e6749a0a3ddb1460e9c0c2a552d1cf1c0f373a2008599c9eb1a578ada809b5180a1cc4c068

    • SSDEEP

      6144:W6fiH+6fiHl6fiHq6fiHr6fiHW6fiH56fiHz6fiHk6fiHM6fiH9m6:WSRWHy9fYQ5J

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks