Overview

overview

10

Static

static

8

malware300.docm

windows7-x64

10

malware300.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eab6314ab3b3cf2bf2f59be5bb5dd5c5_JaffaCakes118

  • Size

    70KB

  • Sample

    240919-gnbtlatfje

  • MD5

    eab6314ab3b3cf2bf2f59be5bb5dd5c5

  • SHA1

    c63d8530b25d733004cb83dc1097ac864c6146a2

  • SHA256

    7acbd269edee0a82d503537c4227ef7203fe4a188be7b7d3c1d90f2360f69b4e

  • SHA512

    e619466d6169bb9253aa7554e3ffa3278dc445525022d5e21b184910360a746929caa9195111f1755df077465241039c6626881a00ec88b806d91a83b8c4fbfd

  • SSDEEP

    1536:LWnLvxSWinYL13cAHhr7bHZkURdwhndpn0cHIVtDAbfdI0zXq+BO:L6pSWFcAHNHZpRdwdAcHIVqfyGXG

Score
10/10
discoveryexecutionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://gokeenakte.top/admin.php?f=1,http://videoanalystes.webcam/admin.php?f=1,http://photographypointer.men/admin.php?f=1
exe.dropper

http://gokeenakte.top/admin.php?f=1
exe.dropper

http://videoanalystes.webcam/admin.php?f=1
exe.dropper

http://photographypointer.men/admin.php?f=1

Targets

    • Target

      malware300

    • Size

      75KB

    • MD5

      f1cd8322fa2f0a04c9b04d2f5adb6513

    • SHA1

      25a72fd4bdfdefabd776900af126f17a6acdcc04

    • SHA256

      bcb9649566030305c43a0e9267e4d9a4c208e94cee552cc5832945ba95930076

    • SHA512

      562435c3e72dca717ade9d12e7538d8a55e63e64f96b2e0f524475bf20f5a079b37b558211c31d87c13b5425b790797ebf69cf34fcc52d24cd34f74c2a1766c1

    • SSDEEP

      1536:sToxKs4T4G4O95lX/5hMXzxJVJF5Pef9m/Fmq5rqFFiIyyyDHQYEzO:EoTy4G4Sbk/VJF5V75OLzyyyEYEa

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks