Overview

overview

10

Static

static

1

eef66e5036...18.doc

windows7-x64

10

eef66e5036...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eef66e503617b6ae990bd1a90be931f0_JaffaCakes118

  • Size

    198KB

  • Sample

    240921-dnmpbasdqj

  • MD5

    eef66e503617b6ae990bd1a90be931f0

  • SHA1

    89949a05d7b250a87d5e885d62ccfd934f8f00b6

  • SHA256

    e5066650466c3c3e97b614d8c6631a12f554cbfea3e2a8647153b4c1faa5177f

  • SHA512

    b0bf2f278c729885a5c843a99dc2d4b8a86cf21aa5aaf88841a0a8d2dc4cebadfba16d76178615c16765b80c985f01051fa95d5f35dac519b693f40bf47047ec

  • SSDEEP

    3072:bzEWdGujL/xSu90OoiLuDKZXfwKeljR1z:vSUxUOmD+XfwLX

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://kantova.com/DWTr10bVVLjs5r
exe.dropper

http://www.hjsanders.nl/889KycAhSPlXPbrS
exe.dropper

http://altovahealthcare.com/wp-content/uploads/aE06aaGSVoI_HFW
exe.dropper

http://bozziro.ir/YENtfKb77bgd_Gk
exe.dropper

http://heizungsnotdienst-sofort.at/JtbiTcyuAGC1ZBQ

Targets

    • Target

      eef66e503617b6ae990bd1a90be931f0_JaffaCakes118

    • Size

      198KB

    • MD5

      eef66e503617b6ae990bd1a90be931f0

    • SHA1

      89949a05d7b250a87d5e885d62ccfd934f8f00b6

    • SHA256

      e5066650466c3c3e97b614d8c6631a12f554cbfea3e2a8647153b4c1faa5177f

    • SHA512

      b0bf2f278c729885a5c843a99dc2d4b8a86cf21aa5aaf88841a0a8d2dc4cebadfba16d76178615c16765b80c985f01051fa95d5f35dac519b693f40bf47047ec

    • SSDEEP

      3072:bzEWdGujL/xSu90OoiLuDKZXfwKeljR1z:vSUxUOmD+XfwLX

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks