Overview

overview

10

Static

static

8

fcb90055f2...18.doc

windows7-x64

10

fcb90055f2...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcb90055f209cb85ba4d3462c20e1082_JaffaCakes118

  • Size

    77KB

  • Sample

    240928-t9g9qawbmk

  • MD5

    fcb90055f209cb85ba4d3462c20e1082

  • SHA1

    d436421976833148ed4976a4d25a4b9e8760cc69

  • SHA256

    535ababeb7ea40cdc0a3fbcca2039e73bbc5224d8d246fab4a8077b67588c8e8

  • SHA512

    1dce35da06df4a294c4e0330c62183bcf4c08e4af579ab0945f7dc88b82062a0ca047fc1adfc393e4c84bf7adf1decdaf523eb326c5aa7c6877985671a1eb198

  • SSDEEP

    1536:jptJlmrJpmxlRw99NBP+aEsCxaupItj8SWnQt:Nte2dw99fBupuj

Score
10/10
discoverymacromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://4surskate.com/vKi
exe.dropper

http://riakom.com/T
exe.dropper

http://zavod-pt.com/T
exe.dropper

http://natco-pharma.com/PRBHaG
exe.dropper

http://bitwaopoznan.pl//gp6

Targets

    • Target

      fcb90055f209cb85ba4d3462c20e1082_JaffaCakes118

    • Size

      77KB

    • MD5

      fcb90055f209cb85ba4d3462c20e1082

    • SHA1

      d436421976833148ed4976a4d25a4b9e8760cc69

    • SHA256

      535ababeb7ea40cdc0a3fbcca2039e73bbc5224d8d246fab4a8077b67588c8e8

    • SHA512

      1dce35da06df4a294c4e0330c62183bcf4c08e4af579ab0945f7dc88b82062a0ca047fc1adfc393e4c84bf7adf1decdaf523eb326c5aa7c6877985671a1eb198

    • SSDEEP

      1536:jptJlmrJpmxlRw99NBP+aEsCxaupItj8SWnQt:Nte2dw99fBupuj

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks