Overview

overview

10

Static

static

8

da1a528cf5...18.doc

windows7-x64

10

da1a528cf5...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    da1a528cf5e82cd4c1ba6b48a1ea3468_JaffaCakes118

  • Size

    74KB

  • Sample

    240911-lz3hxaveng

  • MD5

    da1a528cf5e82cd4c1ba6b48a1ea3468

  • SHA1

    998f61de008968c34acbfaf4f95e81d7c938cf7e

  • SHA256

    18a6526484e5033509f6fefbba3439f48ef0be087c696f210f349f6a90924616

  • SHA512

    9caabf922b45059807346214c6b3b5451c78727a02064190d971e605cd9b5e3528e9b13f0c70419d52988adaa9a0d5316e472c0bd964b2fb771c0f6f0eebb277

  • SSDEEP

    768:FtVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBd8LTTnLlCiJRz9wORjKkh58/460B:Ftocn1kp59gxBK85fBCLTbJCNw6Z+a96

Score
10/10
discoveryexecutionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://samix-num.com/BcFUhvDr
exe.dropper

http://economiadigital.biz/NKq5eOZ
exe.dropper

http://ftp.dailyignite.club/YNB95t2
exe.dropper

http://migoshen.org/FNE1TVJjI
exe.dropper

http://vanoostrom.org/w8yXb69h5

Targets

    • Target

      da1a528cf5e82cd4c1ba6b48a1ea3468_JaffaCakes118

    • Size

      74KB

    • MD5

      da1a528cf5e82cd4c1ba6b48a1ea3468

    • SHA1

      998f61de008968c34acbfaf4f95e81d7c938cf7e

    • SHA256

      18a6526484e5033509f6fefbba3439f48ef0be087c696f210f349f6a90924616

    • SHA512

      9caabf922b45059807346214c6b3b5451c78727a02064190d971e605cd9b5e3528e9b13f0c70419d52988adaa9a0d5316e472c0bd964b2fb771c0f6f0eebb277

    • SSDEEP

      768:FtVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBd8LTTnLlCiJRz9wORjKkh58/460B:Ftocn1kp59gxBK85fBCLTbJCNw6Z+a96

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks