Overview

overview

10

Static

static

8

eefab844f3...18.doc

windows7-x64

10

eefab844f3...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eefab844f33676eedccdb53d09db6922_JaffaCakes118

  • Size

    84KB

  • Sample

    240921-dxltdasfnc

  • MD5

    eefab844f33676eedccdb53d09db6922

  • SHA1

    564da08abc1968d87af8a38415ea4b621e72d47b

  • SHA256

    21a401d8f6056563b4407523c1ac95dfa0d840bd650bbd1cc00cdaf6fecf26e6

  • SHA512

    fdd9c702950440af1e9b23065385fa594f17669c6d2addb06011f12c8f393ba6016beaaaafc051c3ad78445c86201d5bf4e728292d5935effacd24ba9cba6e94

  • SSDEEP

    1536:A4hGD1YOki98+agvtPj7R44h4+ZXBukGgWX7R:0D1vTdj7Bi+ZRuTgWV

Score
10/10
discoveryexecutionmacromacro_on_action

Malware Config

Targets

    • Target

      eefab844f33676eedccdb53d09db6922_JaffaCakes118

    • Size

      84KB

    • MD5

      eefab844f33676eedccdb53d09db6922

    • SHA1

      564da08abc1968d87af8a38415ea4b621e72d47b

    • SHA256

      21a401d8f6056563b4407523c1ac95dfa0d840bd650bbd1cc00cdaf6fecf26e6

    • SHA512

      fdd9c702950440af1e9b23065385fa594f17669c6d2addb06011f12c8f393ba6016beaaaafc051c3ad78445c86201d5bf4e728292d5935effacd24ba9cba6e94

    • SSDEEP

      1536:A4hGD1YOki98+agvtPj7R44h4+ZXBukGgWX7R:0D1vTdj7Bi+ZRuTgWV

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks