Overview

overview

10

Static

static

8

JaffaCakes...0.docm

windows10-2004-x64

10

JaffaCakes...0.docm

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    JaffaCakes118_0750cdec3fbe808ebc2803130d173b50

  • Size

    22KB

  • Sample

    250520-wkzhta1kt2

  • MD5

    0750cdec3fbe808ebc2803130d173b50

  • SHA1

    a1c4c51c7450891cb84cbf0dfbe713c4ff604aae

  • SHA256

    6fbf97ccf59de2eccd256f25bc506ecb9000749a05d7db022e83743a6e7f2a8a

  • SHA512

    fd0ec29a01214b9ecc33e65e9fb66a39983f44cc85d51edff0c3257ceecda2bd6ad0c2e0e0eb757cd1bdec9e4448b6d1522580c4559d1e1c9221648a37cd0b4b

  • SSDEEP

    384:/iH3ntp7c14eCAAxTWbD3+35dutNxt/ZtNNTdwRB9CZnER:/+treb+WbDBxllNTdwR/j

Score
10/10
executionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://80.158.33.0:443/powershell.txt

Targets

    • Target

      JaffaCakes118_0750cdec3fbe808ebc2803130d173b50

    • Size

      22KB

    • MD5

      0750cdec3fbe808ebc2803130d173b50

    • SHA1

      a1c4c51c7450891cb84cbf0dfbe713c4ff604aae

    • SHA256

      6fbf97ccf59de2eccd256f25bc506ecb9000749a05d7db022e83743a6e7f2a8a

    • SHA512

      fd0ec29a01214b9ecc33e65e9fb66a39983f44cc85d51edff0c3257ceecda2bd6ad0c2e0e0eb757cd1bdec9e4448b6d1522580c4559d1e1c9221648a37cd0b4b

    • SSDEEP

      384:/iH3ntp7c14eCAAxTWbD3+35dutNxt/ZtNNTdwRB9CZnER:/+treb+WbDBxllNTdwR/j

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks