Overview

overview

10

Static

static

8

JaffaCakes...e3.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    JaffaCakes118_06a563127bb5c5e823dc4713637edce3

  • Size

    156KB

  • Sample

    250518-lz664aan5z

  • MD5

    06a563127bb5c5e823dc4713637edce3

  • SHA1

    b590627bd3b1969005c873e35020c1fae4e12159

  • SHA256

    6b3c800aa92f35c0c920e2681573b53b32c7768fb1072fefadd132f8fbf46906

  • SHA512

    da743c175a38c7b0edaa98f37c57c30988ad4f83769f97057d420618945f2b2246183204b44a7db75574472ce4ddcae9a7869d496bc37aa76c31a78494478b99

  • SSDEEP

    3072:EX9ufstRUUKSns8T00JSHUgteMJ8qMD7gCGctf:69ufsfgIf0pLC5f

Score
10/10
executionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://remediis.com/t/gm2X/
exe.dropper

http://avadnansahin.com/wp-includes/w/
exe.dropper

http://solicon.us/allam-cycle-1c4gn/f5z/
exe.dropper

http://www.riparazioni-radiotv.com/softaculous/DZz/
exe.dropper

http://www.agricampeggiocortecomotto.it/wp-admin/s7p1/
exe.dropper

https://www.starlingtechs.com/GNM/
exe.dropper

http://hellas-darmstadt.de/cgi-bin/ZSoo/

Targets

    • Target

      JaffaCakes118_06a563127bb5c5e823dc4713637edce3

    • Size

      156KB

    • MD5

      06a563127bb5c5e823dc4713637edce3

    • SHA1

      b590627bd3b1969005c873e35020c1fae4e12159

    • SHA256

      6b3c800aa92f35c0c920e2681573b53b32c7768fb1072fefadd132f8fbf46906

    • SHA512

      da743c175a38c7b0edaa98f37c57c30988ad4f83769f97057d420618945f2b2246183204b44a7db75574472ce4ddcae9a7869d496bc37aa76c31a78494478b99

    • SSDEEP

      3072:EX9ufstRUUKSns8T00JSHUgteMJ8qMD7gCGctf:69ufsfgIf0pLC5f

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks