759b48cb59e0c8bef80a7f181027dedce6579aababfd19dd6fb78dfc1fd10aa6 | Triage

Submit
Reports

Overview

overview

Static

static

8

ee9da2b43f...18.doc

windows7-x64

ee9da2b43f...18.doc

windows10-2004-x64

Sharing

General

Target

ee9da2b43f42748015ec1c0bda2fa6aa_JaffaCakes118
Size

44KB
Sample

240920-27bcdstcmd
MD5

ee9da2b43f42748015ec1c0bda2fa6aa
SHA1

286ce8290e686b338020b7952df9bda9db87f291
SHA256

759b48cb59e0c8bef80a7f181027dedce6579aababfd19dd6fb78dfc1fd10aa6
SHA512

ff60977e8ccc3e4203f144279cef1c3ccbeeb5ef15f68788a307a9e02a6708a1da984b8a1a8bfa2490ae94c32c1f980468f0f1a4db9daba7c95bda7d4042c2b2
SSDEEP

384:wKn8iSUR/8dA4qNLi08krWuHzQjbuMZZzkExygcPEdEsKhb2YOPygdP0jZPtI:1/qvaLiEMbZZ19yhEd6yPJJa

Score

10^/10

discovery execution macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

ee9da2b43f42748015ec1c0bda2fa6aa_JaffaCakes118.doc

Resource

win7-20240903-en

discovery execution

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

ee9da2b43f42748015ec1c0bda2fa6aa_JaffaCakes118.doc

Resource

win10v2004-20240910-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://54.244.182.87:80

Targets

- Target
  
  ee9da2b43f42748015ec1c0bda2fa6aa_JaffaCakes118
- Size
  
  44KB
- MD5
  
  ee9da2b43f42748015ec1c0bda2fa6aa
- SHA1
  
  286ce8290e686b338020b7952df9bda9db87f291
- SHA256
  
  759b48cb59e0c8bef80a7f181027dedce6579aababfd19dd6fb78dfc1fd10aa6
- SHA512
  
  ff60977e8ccc3e4203f144279cef1c3ccbeeb5ef15f68788a307a9e02a6708a1da984b8a1a8bfa2490ae94c32c1f980468f0f1a4db9daba7c95bda7d4042c2b2
- SSDEEP
  
  384:wKn8iSUR/8dA4qNLi08krWuHzQjbuMZZzkExygcPEdEsKhb2YOPygdP0jZPtI:1/qvaLiEMbZZ19yhEd6yPJJa
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

discoveryexecution

behavioral2

© 2018-2025

Terms | Privacy