Overview

overview

10

Static

static

8

bdb84fe725...18.msg

windows7-x64

5

bdb84fe725...18.msg

windows10-2004-x64

3

Untitled-K...87.doc

windows7-x64

10

Untitled-K...87.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bdb84fe7250ff050fd1581d3457bbe00_JaffaCakes118

  • Size

    107KB

  • Sample

    240824-bk6a5sxfph

  • MD5

    bdb84fe7250ff050fd1581d3457bbe00

  • SHA1

    b441e1318fa5ecc1d4dbc3611cc8d369ea34edc0

  • SHA256

    0839956ca84d000f813ffe35407a97005a2aed9397b0a46a088cc4e9db5c6ae7

  • SHA512

    274623d5e6380279b095249ee9b633db63297f5436706395eea2a35fcc9fb92dd16000b0c682351245e6c54039ae2d1d60396d421ec916dc3618ea4149962462

  • SSDEEP

    1536:NLWdWiuiLiocn1kp59gxBK85fBt+a9SP:NEu+41k/W48s

Score
10/10
discoverymacro

Malware Config

Targets

    • Target

      bdb84fe7250ff050fd1581d3457bbe00_JaffaCakes118

    • Size

      107KB

    • MD5

      bdb84fe7250ff050fd1581d3457bbe00

    • SHA1

      b441e1318fa5ecc1d4dbc3611cc8d369ea34edc0

    • SHA256

      0839956ca84d000f813ffe35407a97005a2aed9397b0a46a088cc4e9db5c6ae7

    • SHA512

      274623d5e6380279b095249ee9b633db63297f5436706395eea2a35fcc9fb92dd16000b0c682351245e6c54039ae2d1d60396d421ec916dc3618ea4149962462

    • SSDEEP

      1536:NLWdWiuiLiocn1kp59gxBK85fBt+a9SP:NEu+41k/W48s

    Score
    5/10
    discovery

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      Untitled-KTY-C9485987.doc

    • Size

      72KB

    • MD5

      c60c1b225a0d6083bb0ea07b61bf045d

    • SHA1

      6f57a9780d942475a5c83822108250a0e8a534ff

    • SHA256

      d595161eb3de5e292317eeede2376bf4c64adee1b998f1525463a18308affba7

    • SHA512

      7c04fa5f214c99861ffe689892b0bb0a6bb262ea0e79e20869b0dde3527b015f093f2380e7c0ef26ac9e2bedb88981d3d93cbb4695a4c1c04d7d63f790409729

    • SSDEEP

      768:viLiVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBt+1o9R/YDVkHklL:viLiocn1kp59gxBK85fBt+a9SP

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks