Overview

overview

10

Static

static

1

bf45087f13...18.doc

windows7-x64

10

bf45087f13...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf45087f13a09d21ade58860cf19c0a0_JaffaCakes118

  • Size

    457KB

  • Sample

    240824-ybgbzsvhqc

  • MD5

    bf45087f13a09d21ade58860cf19c0a0

  • SHA1

    d5cc18efefd6e5525ea68c3089505f9464fa6f40

  • SHA256

    f0ede2a03f4ea0117da4f47c3041d9a0d9876c374f4b74cee6e8b6dab2b31e4a

  • SHA512

    f1c8f568c2d4349c6f8f3ab0eacffef6b79507fc8496dd0f9960e28cafd8c613b9c5c98eb66ff0aa0c0ee79ef247275dd4dfbce404130ef1d4a1a6e0c4aee548

  • SSDEEP

    6144:VOENtkhRuof+qDbk3XWp4gMzSVIhl9EKRDqME4yanMjdn/NQVg+D3Do8oRtxQwvM:VO8khg2wW4g8SVIf51E4K14o8Iuj

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://honkytonk-studio.com/Kw0rSq2FAX
exe.dropper

http://allaboutpoolsnbuilder.com/ULKMiATT
exe.dropper

http://bobvr.com/8GI2mvob6L
exe.dropper

http://spathucung.info/KyzWn62
exe.dropper

http://precounterbrand.com/UtbBjWRRG

Targets

    • Target

      bf45087f13a09d21ade58860cf19c0a0_JaffaCakes118

    • Size

      457KB

    • MD5

      bf45087f13a09d21ade58860cf19c0a0

    • SHA1

      d5cc18efefd6e5525ea68c3089505f9464fa6f40

    • SHA256

      f0ede2a03f4ea0117da4f47c3041d9a0d9876c374f4b74cee6e8b6dab2b31e4a

    • SHA512

      f1c8f568c2d4349c6f8f3ab0eacffef6b79507fc8496dd0f9960e28cafd8c613b9c5c98eb66ff0aa0c0ee79ef247275dd4dfbce404130ef1d4a1a6e0c4aee548

    • SSDEEP

      6144:VOENtkhRuof+qDbk3XWp4gMzSVIhl9EKRDqME4yanMjdn/NQVg+D3Do8oRtxQwvM:VO8khg2wW4g8SVIf51E4K14o8Iuj

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks