Overview

overview

10

Static

static

1

eedc2afd6e...18.rtf

windows7-x64

10

eedc2afd6e...18.rtf

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eedc2afd6e99aa74cb24b9afe046dc68_JaffaCakes118

  • Size

    675KB

  • Sample

    240921-cekb6azdqe

  • MD5

    eedc2afd6e99aa74cb24b9afe046dc68

  • SHA1

    ee028e27c4f1282b2f061e96ae62dddfdd5fb95d

  • SHA256

    70ebcc2aa157230051490f5480d49dcef22ad8c26be1307ad8eab63bd4233c40

  • SHA512

    aa176a42dff8ae0612dd57f681a56d2842c9f14a81efdc59bca854f53b8ced58d3048938a71a909bdb2ad378b9766f89c0ba454dc35ae20e65ce0b7864fdee61

  • SSDEEP

    6144:9YZ/EO/1IDPWCh0FzlAifCjE720Sli19W0L/dU3x1JCUIB8emF:uZV/1a+W9fd+9vLFxUJeu

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://fast-cargo.com/images/file/58.exe

Targets

    • Target

      eedc2afd6e99aa74cb24b9afe046dc68_JaffaCakes118

    • Size

      675KB

    • MD5

      eedc2afd6e99aa74cb24b9afe046dc68

    • SHA1

      ee028e27c4f1282b2f061e96ae62dddfdd5fb95d

    • SHA256

      70ebcc2aa157230051490f5480d49dcef22ad8c26be1307ad8eab63bd4233c40

    • SHA512

      aa176a42dff8ae0612dd57f681a56d2842c9f14a81efdc59bca854f53b8ced58d3048938a71a909bdb2ad378b9766f89c0ba454dc35ae20e65ce0b7864fdee61

    • SSDEEP

      6144:9YZ/EO/1IDPWCh0FzlAifCjE720Sli19W0L/dU3x1JCUIB8emF:uZV/1a+W9fd+9vLFxUJeu

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks