Overview

overview

10

Static

static

8

ef45263ef6...18.doc

windows7-x64

10

ef45263ef6...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef45263ef69dd1ba6535d2794ca3411c_JaffaCakes118

  • Size

    79KB

  • Sample

    240921-hntvvazdrp

  • MD5

    ef45263ef69dd1ba6535d2794ca3411c

  • SHA1

    0f5d17b848a239c75ee84c5fa70a9dff2b0ca7ad

  • SHA256

    9c0bf5617ef6a3ee5f9a753fbaa7e270ab1aa6f35fd3f2ba5d6dc8fe9b7fc586

  • SHA512

    518c0e2d080800cef61e3f3d743bea79adb115bae186198bddd53b6db3f8798811e3337dba3388c1fdd5379699fa23e76c3c2d28f38d835461135295a9594751

  • SSDEEP

    768:Dx0zyA1VucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBt+1o9MrLUvIbm547GNy:Dx0zyA1ocn1kp59gxBK85fBt+a9M+

Score
10/10
discoveryexecutionmacro

Malware Config

Targets

    • Target

      ef45263ef69dd1ba6535d2794ca3411c_JaffaCakes118

    • Size

      79KB

    • MD5

      ef45263ef69dd1ba6535d2794ca3411c

    • SHA1

      0f5d17b848a239c75ee84c5fa70a9dff2b0ca7ad

    • SHA256

      9c0bf5617ef6a3ee5f9a753fbaa7e270ab1aa6f35fd3f2ba5d6dc8fe9b7fc586

    • SHA512

      518c0e2d080800cef61e3f3d743bea79adb115bae186198bddd53b6db3f8798811e3337dba3388c1fdd5379699fa23e76c3c2d28f38d835461135295a9594751

    • SSDEEP

      768:Dx0zyA1VucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBt+1o9MrLUvIbm547GNy:Dx0zyA1ocn1kp59gxBK85fBt+a9M+

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks