Overview

overview

10

Static

static

8

d6bb808b52...18.doc

windows7-x64

10

d6bb808b52...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d6bb808b52a7dd0b1897904851eddae4_JaffaCakes118

  • Size

    4.7MB

  • Sample

    240909-vdepds1eja

  • MD5

    d6bb808b52a7dd0b1897904851eddae4

  • SHA1

    b7ea8f182792e226442c79330bc7da821a84d838

  • SHA256

    49303ee1dd10a23c5fccd5ef4559ffbbd3e03b2adc4ec37175eb52ada1ad0bd7

  • SHA512

    697a152d76f08fe4a8461f319e645660f660b1c313df8d4e18b43c20366b8d538461607592a335fce0ec5f44867f11afd0c85f50b4afb859b54557f4a7d7da5b

  • SSDEEP

    98304:fqKoliYXI4HgrKhWE55wjLIFlDv98PX/vzgnyQVcdYzyQAi7SRJTBIS:fq3EuYEzIIGXYyQVc/1i7k35

Score
10/10
discoverymacromacro_on_action

Malware Config

Targets

    • Target

      d6bb808b52a7dd0b1897904851eddae4_JaffaCakes118

    • Size

      4.7MB

    • MD5

      d6bb808b52a7dd0b1897904851eddae4

    • SHA1

      b7ea8f182792e226442c79330bc7da821a84d838

    • SHA256

      49303ee1dd10a23c5fccd5ef4559ffbbd3e03b2adc4ec37175eb52ada1ad0bd7

    • SHA512

      697a152d76f08fe4a8461f319e645660f660b1c313df8d4e18b43c20366b8d538461607592a335fce0ec5f44867f11afd0c85f50b4afb859b54557f4a7d7da5b

    • SSDEEP

      98304:fqKoliYXI4HgrKhWE55wjLIFlDv98PX/vzgnyQVcdYzyQAi7SRJTBIS:fq3EuYEzIIGXYyQVc/1i7k35

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks