Overview

overview

10

Static

static

8

ef100fbe3a...18.doc

windows7-x64

10

ef100fbe3a...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef100fbe3ad8f50c04282a843f9cacbb_JaffaCakes118

  • Size

    91KB

  • Sample

    240921-e1slrsveml

  • MD5

    ef100fbe3ad8f50c04282a843f9cacbb

  • SHA1

    1408fa5acb5f4ce88f1e7199c0ac938245cd991f

  • SHA256

    db4d83b0c0bb6db59e60f99150ac7539b1a38e5459720592ce896f88ce08b48b

  • SHA512

    672f3ce8826fc56daaa975bccf27e1fbc65062a275a66b9205ded78d180c593b054a564aef16ab411a49789e834557b91fdeaa70573b6de2f6a795b350226e07

  • SSDEEP

    768:6+1rXkDfrE/S+1oJwxS0JoXRdvoj7cLz67Xu8UrsmMFzA8vOsK12Gdx7v89HdY5S:6+VXu4/S+aJwaXFIrFLvvbG/7qR

Score
10/10
discoveryexecutionmacromacro_on_action

Malware Config

Targets

    • Target

      ef100fbe3ad8f50c04282a843f9cacbb_JaffaCakes118

    • Size

      91KB

    • MD5

      ef100fbe3ad8f50c04282a843f9cacbb

    • SHA1

      1408fa5acb5f4ce88f1e7199c0ac938245cd991f

    • SHA256

      db4d83b0c0bb6db59e60f99150ac7539b1a38e5459720592ce896f88ce08b48b

    • SHA512

      672f3ce8826fc56daaa975bccf27e1fbc65062a275a66b9205ded78d180c593b054a564aef16ab411a49789e834557b91fdeaa70573b6de2f6a795b350226e07

    • SSDEEP

      768:6+1rXkDfrE/S+1oJwxS0JoXRdvoj7cLz67Xu8UrsmMFzA8vOsK12Gdx7v89HdY5S:6+VXu4/S+aJwaXFIrFLvvbG/7qR

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks