Overview

overview

10

Static

static

8

edb04d2fa1...18.doc

windows7-x64

10

edb04d2fa1...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edb04d2fa1f8dedd342114f0a59159dd_JaffaCakes118

  • Size

    145KB

  • Sample

    240920-qrpdjaygnp

  • MD5

    edb04d2fa1f8dedd342114f0a59159dd

  • SHA1

    ab59b7c3d416535da465867ad06681ce25cf9241

  • SHA256

    b577e06275b467b6737bacb00414fef6cd9214f1ff15392f56b36543f0cadba1

  • SHA512

    c4eda85e4cad7db88e96d8d8d1da5f3b5eb2644345c6c9fb30d88854d5eabcfe9bdd3ed12ff08834084ebeb4205201879382c6010fc72284bd1f4c2033b2a7ca

  • SSDEEP

    3072:uYv8GhDS0o9zTGOZD6EbzCdLp4NKR/JZZ:uY1oUOZDlbeLmNKR/JZ

Score
10/10
discoveryexecutionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://antigua.aguilarnoticias.com/8ol4F4p
exe.dropper

http://prosolutionplusdiscount.com/gEEsqX5mU
exe.dropper

http://bunonartcrafts.com/6jUhzQa
exe.dropper

http://regenerationcongo.com/NVRODt7
exe.dropper

http://ghoulash.com/oHusH3kaO

Targets

    • Target

      edb04d2fa1f8dedd342114f0a59159dd_JaffaCakes118

    • Size

      145KB

    • MD5

      edb04d2fa1f8dedd342114f0a59159dd

    • SHA1

      ab59b7c3d416535da465867ad06681ce25cf9241

    • SHA256

      b577e06275b467b6737bacb00414fef6cd9214f1ff15392f56b36543f0cadba1

    • SHA512

      c4eda85e4cad7db88e96d8d8d1da5f3b5eb2644345c6c9fb30d88854d5eabcfe9bdd3ed12ff08834084ebeb4205201879382c6010fc72284bd1f4c2033b2a7ca

    • SSDEEP

      3072:uYv8GhDS0o9zTGOZD6EbzCdLp4NKR/JZZ:uY1oUOZDlbeLmNKR/JZ

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks