Overview

overview

10

Static

static

8

eed652a394...18.doc

windows7-x64

10

eed652a394...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eed652a394cfa0bf878eb4f339afab5c_JaffaCakes118

  • Size

    200KB

  • Sample

    240921-b5ph5azbnr

  • MD5

    eed652a394cfa0bf878eb4f339afab5c

  • SHA1

    bd65ee68bf93e5034792bed09aa5be126bcee540

  • SHA256

    5dcb15c147742a5321da1d0fbfa30d0d037ec424a6fdf5661ab94e54fda59acb

  • SHA512

    baa66cab34764366d82f25884551d028ff1ae2a9a7d5b1c745c040848607e6dde3f809da44f526751bced13146d2740626df29f8f3a22fe81f70692f74a2435a

  • SSDEEP

    6144:XgULVG5HGJG1VqDTQpzAiXajJ7qxPmdvm:XtG0IbzvX2qxA

Score
10/10
discoveryexecutionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://hawkinscs.com/uBmDMGkJ
exe.dropper

http://hydrocarbonreports.com/0
exe.dropper

http://grupovisionpr.com/GJjBPh
exe.dropper

http://ajx3.com/akDJlHl
exe.dropper

http://kazak.zendo.in.ua/7G4P

Targets

    • Target

      eed652a394cfa0bf878eb4f339afab5c_JaffaCakes118

    • Size

      200KB

    • MD5

      eed652a394cfa0bf878eb4f339afab5c

    • SHA1

      bd65ee68bf93e5034792bed09aa5be126bcee540

    • SHA256

      5dcb15c147742a5321da1d0fbfa30d0d037ec424a6fdf5661ab94e54fda59acb

    • SHA512

      baa66cab34764366d82f25884551d028ff1ae2a9a7d5b1c745c040848607e6dde3f809da44f526751bced13146d2740626df29f8f3a22fe81f70692f74a2435a

    • SSDEEP

      6144:XgULVG5HGJG1VqDTQpzAiXajJ7qxPmdvm:XtG0IbzvX2qxA

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks