Overview

overview

10

Static

static

8

JaffaCakes...1a.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    JaffaCakes118_0711f1828cd3ce9d7193ec64f2a1231a

  • Size

    107KB

  • Sample

    250519-wwsveaaq3y

  • MD5

    0711f1828cd3ce9d7193ec64f2a1231a

  • SHA1

    5e198e54a811c367d1d6ea8bbd22b386bce69adb

  • SHA256

    402821d48b97ccc79c95a8ae5a3afb09cad7168e842ed5a9513185b575ff3623

  • SHA512

    bb753535b93b978a8c3161eef1cd4351e5718c9c839c77a238f77f4ef38a8cb8e5c6fabc36823cfe928991c396242992d8e2c99db1d10c796bac4b995f151275

  • SSDEEP

    3072:aS77HUUUUUINxCBUUUUUUUUUUUUUTkOQe5u5U8qAdglHUG:aS77HUUUUUINxCBUUUUUUUUUUUUUT5Im

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://golfingtrail.com/wp-content/sdqxmmt_cdpt6j-862703104/
exe.dropper

http://rameshmendolabjp.com/wp-admin/OARbhwNOCG/
exe.dropper

https://cellsite360.com/scriptso/ynctl_51mpb0i-3/
exe.dropper

http://03.by/wp-includes/iqqpiqrq8r_bn2i86w93-7982/
exe.dropper

https://21js.club/wp-admin/qss7x_3zhnh-143307642/

Targets

    • Target

      JaffaCakes118_0711f1828cd3ce9d7193ec64f2a1231a

    • Size

      107KB

    • MD5

      0711f1828cd3ce9d7193ec64f2a1231a

    • SHA1

      5e198e54a811c367d1d6ea8bbd22b386bce69adb

    • SHA256

      402821d48b97ccc79c95a8ae5a3afb09cad7168e842ed5a9513185b575ff3623

    • SHA512

      bb753535b93b978a8c3161eef1cd4351e5718c9c839c77a238f77f4ef38a8cb8e5c6fabc36823cfe928991c396242992d8e2c99db1d10c796bac4b995f151275

    • SSDEEP

      3072:aS77HUUUUUINxCBUUUUUUUUUUUUUTkOQe5u5U8qAdglHUG:aS77HUUUUUINxCBUUUUUUUUUUUUUT5Im

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks