Overview

overview

10

Static

static

8

ee9f0612eb...18.doc

windows7-x64

10

ee9f0612eb...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee9f0612eb8917fdf710ac5cfe9ea64b_JaffaCakes118

  • Size

    81KB

  • Sample

    240920-282kzatflk

  • MD5

    ee9f0612eb8917fdf710ac5cfe9ea64b

  • SHA1

    2668dcdeb2e63dfbc0d2ccbaa6bb9845acd61aa5

  • SHA256

    a1242f39611e428c9ab7135e2eca1202b9810c22851a528bdc29e4a03f2f0c12

  • SHA512

    f859843d0ce47b97c967d1bd24c21e2ce93347fd342743feb71ecfa677d79bff8d748a34e351b1389a96302e74e379622b5b4ee94c399006343816f74fcce8d4

  • SSDEEP

    1536:jptJlmrJpmxlRw99NBP+aEkCxaupItj8SWnQt:Nte2dw99f5upuj

Score
10/10
discoverymacromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://4surskate.com/vKi
exe.dropper

http://riakom.com/T
exe.dropper

http://zavod-pt.com/T
exe.dropper

http://natco-pharma.com/PRBHaG
exe.dropper

http://bitwaopoznan.pl//gp6

Targets

    • Target

      ee9f0612eb8917fdf710ac5cfe9ea64b_JaffaCakes118

    • Size

      81KB

    • MD5

      ee9f0612eb8917fdf710ac5cfe9ea64b

    • SHA1

      2668dcdeb2e63dfbc0d2ccbaa6bb9845acd61aa5

    • SHA256

      a1242f39611e428c9ab7135e2eca1202b9810c22851a528bdc29e4a03f2f0c12

    • SHA512

      f859843d0ce47b97c967d1bd24c21e2ce93347fd342743feb71ecfa677d79bff8d748a34e351b1389a96302e74e379622b5b4ee94c399006343816f74fcce8d4

    • SSDEEP

      1536:jptJlmrJpmxlRw99NBP+aEkCxaupItj8SWnQt:Nte2dw99f5upuj

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks