Overview

overview

10

Static

static

1

d9c0ca384e...18.doc

windows7-x64

10

d9c0ca384e...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d9c0ca384edc8b0e4fb7422745d7664b_JaffaCakes118

  • Size

    272KB

  • Sample

    240911-gthjbsxana

  • MD5

    d9c0ca384edc8b0e4fb7422745d7664b

  • SHA1

    6040aa1c8c9717951b84f0a34274fb7035040ea9

  • SHA256

    0cd62b03d38d473ad2d63129e6768b0ce4e78669e2d7c982fc1d4f118927c1a0

  • SHA512

    2938fd97f35917f65fdae260544e79421c8c58bd611dd61c8c92f06f5beaba4e98154250ab4f5d372fd7b521939c204f6ee18aab854de3acded0c96206ec62b0

  • SSDEEP

    3072:Holv4ePMtnCBKZckiM0nkg4A/x1YPAkjL/xSu90OoiLuDKZXfwKeljR17:JLttifn74U2PASxUOmD+XfwLH

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://darktowergaming.com/OEWdo9qt
exe.dropper

http://manhphu.xyz/kRMM9axO1e
exe.dropper

http://actron.com.my/WnSslvdQG
exe.dropper

http://nankaimpa.org/JXzfwPjXB
exe.dropper

http://www.doorlife.co.in/g11m6lr

Targets

    • Target

      d9c0ca384edc8b0e4fb7422745d7664b_JaffaCakes118

    • Size

      272KB

    • MD5

      d9c0ca384edc8b0e4fb7422745d7664b

    • SHA1

      6040aa1c8c9717951b84f0a34274fb7035040ea9

    • SHA256

      0cd62b03d38d473ad2d63129e6768b0ce4e78669e2d7c982fc1d4f118927c1a0

    • SHA512

      2938fd97f35917f65fdae260544e79421c8c58bd611dd61c8c92f06f5beaba4e98154250ab4f5d372fd7b521939c204f6ee18aab854de3acded0c96206ec62b0

    • SSDEEP

      3072:Holv4ePMtnCBKZckiM0nkg4A/x1YPAkjL/xSu90OoiLuDKZXfwKeljR17:JLttifn74U2PASxUOmD+XfwLH

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks