Overview

overview

10

Static

static

8

faba0ba2d4...18.doc

windows7-x64

10

faba0ba2d4...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    faba0ba2d47bb59d5f8d63fd610c5e31_JaffaCakes118

  • Size

    171KB

  • Sample

    240927-tnh9ws1amr

  • MD5

    faba0ba2d47bb59d5f8d63fd610c5e31

  • SHA1

    6218521dddfd42fe44228527d59f093401b5b8cb

  • SHA256

    00fd8c30c2b05d4d7e4d910d881e8b7c6694478abda7eb3c4ba5917c8fd6e437

  • SHA512

    04bc1c03a54a79a738aaf0df1e89fb4868797e453e83664fcc18d06297bfa03f20cc887fd72c31402238a2947f50cf7a9ae8750855a501f67b458440e56ad3ae

  • SSDEEP

    1536:QTxjwKZ09cB7y9ghN8+mQ90MTI+adsZSh2/4XpW2AahOu/SNaneiBQjSUpUD5FZ1:MxjnB29gb8onNZb/yU1amvPwXC11gGW

Score
10/10
discoveryexecutionmacromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://res.entercenter.net/MbnGD
exe.dropper

http://www.ocyoungactors.com/bcfDx
exe.dropper

http://aprenderencasa.com/QOsQD
exe.dropper

http://conteorapido.plataformamunicipal.mx/bZPAS
exe.dropper

http://baute.org/4Cqv7

Targets

    • Target

      faba0ba2d47bb59d5f8d63fd610c5e31_JaffaCakes118

    • Size

      171KB

    • MD5

      faba0ba2d47bb59d5f8d63fd610c5e31

    • SHA1

      6218521dddfd42fe44228527d59f093401b5b8cb

    • SHA256

      00fd8c30c2b05d4d7e4d910d881e8b7c6694478abda7eb3c4ba5917c8fd6e437

    • SHA512

      04bc1c03a54a79a738aaf0df1e89fb4868797e453e83664fcc18d06297bfa03f20cc887fd72c31402238a2947f50cf7a9ae8750855a501f67b458440e56ad3ae

    • SSDEEP

      1536:QTxjwKZ09cB7y9ghN8+mQ90MTI+adsZSh2/4XpW2AahOu/SNaneiBQjSUpUD5FZ1:MxjnB29gb8onNZb/yU1amvPwXC11gGW

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks