Overview

overview

10

Static

static

8

be5c88caef...18.doc

windows7-x64

10

be5c88caef...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    be5c88caefb9537c61ecef59d4a07c3a_JaffaCakes118

  • Size

    85KB

  • Sample

    240824-l3yzwsvcrd

  • MD5

    be5c88caefb9537c61ecef59d4a07c3a

  • SHA1

    c047d4ed25130ccf295ac20579d346a509c15ead

  • SHA256

    c9866dff4566c0772857a9a312425dca0f5eaab1f62d1f1d98b9184a116c9283

  • SHA512

    01247366055705c4bd31585c43b7a3113b9321203604abea2e1bc6b3721985481932dd581f324bc4674961160bdd0558dd4830655a313d5e4a2d73897e1343f2

  • SSDEEP

    1536:cptJlmrJpmxlRw99NBx3B37+aFg3v3S1pgHZFP9Ssuase1jS:8te2dw99fx3B3Fg3v3SIHPfl

Score
10/10
discoverymacromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://5ccmyoung.com/rKEh
exe.dropper

http://theiro.com/Stkv
exe.dropper

http://sv-konstanz.info/n
exe.dropper

http://moschee-wil.ch/kex
exe.dropper

http://mport.org/uLff7

Targets

    • Target

      be5c88caefb9537c61ecef59d4a07c3a_JaffaCakes118

    • Size

      85KB

    • MD5

      be5c88caefb9537c61ecef59d4a07c3a

    • SHA1

      c047d4ed25130ccf295ac20579d346a509c15ead

    • SHA256

      c9866dff4566c0772857a9a312425dca0f5eaab1f62d1f1d98b9184a116c9283

    • SHA512

      01247366055705c4bd31585c43b7a3113b9321203604abea2e1bc6b3721985481932dd581f324bc4674961160bdd0558dd4830655a313d5e4a2d73897e1343f2

    • SSDEEP

      1536:cptJlmrJpmxlRw99NBx3B37+aFg3v3S1pgHZFP9Ssuase1jS:8te2dw99fx3B3Fg3v3SIHPfl

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks