3c85c228036f9b6319888cf84bc9f42964b58885746d0a9ef305c36c933da2c3 | Triage

Submit
Reports

Overview

overview

Static

static

8

ef295715e6...18.doc

windows7-x64

ef295715e6...18.doc

windows10-2004-x64

Sharing

General

Target

ef295715e6f9c3676ae1ebbf3d7f808a_JaffaCakes118
Size

129KB
Sample

240921-gckx5axekn
MD5

ef295715e6f9c3676ae1ebbf3d7f808a
SHA1

0b72d9d8377a2aec8b3d9001df4eee51db4118e2
SHA256

3c85c228036f9b6319888cf84bc9f42964b58885746d0a9ef305c36c933da2c3
SHA512

492f756507d1ec65e3b9069d164a565cfaa9a6dfeb621030f56ec5f03fddfdd45ffa3d2192cc50919060e95bb2da1d56a8cb03a0eafa9e8fc12178aad69b61e5
SSDEEP

1536:pptJlmrJpmxlRw99NBN+aEzLK18JZyvPxdsmp6hcSnfPbQrUU6tN7C:Xte2dw99fqJyxdsKGXfTQrt6tx

Score

10^/10

discovery execution macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

ef295715e6f9c3676ae1ebbf3d7f808a_JaffaCakes118.doc

Resource

win7-20240903-en

discovery execution

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

ef295715e6f9c3676ae1ebbf3d7f808a_JaffaCakes118.doc

Resource

win10v2004-20240802-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://malehequities.com/wp-includes/widgets/Wta9fQ

exe.dropper

http://komedhold.com/wp-content/EaW

exe.dropper

http://austincondoliving.com/TnZNdohh

exe.dropper

http://www.estelleappiah.com/wp-content/uploads/2OCShGJG

exe.dropper

http://www.peruwalkingtravel.com/LI

Targets

- Target
  
  ef295715e6f9c3676ae1ebbf3d7f808a_JaffaCakes118
- Size
  
  129KB
- MD5
  
  ef295715e6f9c3676ae1ebbf3d7f808a
- SHA1
  
  0b72d9d8377a2aec8b3d9001df4eee51db4118e2
- SHA256
  
  3c85c228036f9b6319888cf84bc9f42964b58885746d0a9ef305c36c933da2c3
- SHA512
  
  492f756507d1ec65e3b9069d164a565cfaa9a6dfeb621030f56ec5f03fddfdd45ffa3d2192cc50919060e95bb2da1d56a8cb03a0eafa9e8fc12178aad69b61e5
- SSDEEP
  
  1536:pptJlmrJpmxlRw99NBN+aEzLK18JZyvPxdsmp6hcSnfPbQrUU6tN7C:Xte2dw99fqJyxdsKGXfTQrt6tx
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

discoveryexecution

behavioral2

© 2018-2025

Terms | Privacy