Overview

overview

10

Static

static

8

083092a1b0...18.doc

windows7-x64

10

083092a1b0...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    083092a1b03a15995b5d58cf6ad980e8_JaffaCakes118

  • Size

    227KB

  • Sample

    240429-vreasafh65

  • MD5

    083092a1b03a15995b5d58cf6ad980e8

  • SHA1

    1375207d044a9f21b40573a4665e823073eac65e

  • SHA256

    b24abbb4b18b3c6a08a7c77497dbe0d068f39ed8319d98a4b4e0dc7f97d8380f

  • SHA512

    d2af8fa125ee7c0317103cb6f003176e44069f62baf7dda74190da400c23ccad8b19e4b06a992234d516164f68a0769f4b69f57ed851fff7a6c446cc29b1cce2

  • SSDEEP

    3072:fEd93LpGo0aQLh7nc7jWR4aKJtWsDbhl36EhX8TC7qU:fEd2Vxc7jWRrcdvhlqQX37qU

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://suamaygiatduchung.com/wp-admin/js/bkgiovu2mxS
exe.dropper

http://tjrtrainings.com/bhVVXzfNXCxrj3_dV
exe.dropper

http://song.lpbes.org/oKDGT3HnwA_9u
exe.dropper

http://ditib.center/2OTZiNbRxnb2
exe.dropper

http://www.gelectronics.in/wordpress/wp-content/ETGjNx1_g

Targets

    • Target

      083092a1b03a15995b5d58cf6ad980e8_JaffaCakes118

    • Size

      227KB

    • MD5

      083092a1b03a15995b5d58cf6ad980e8

    • SHA1

      1375207d044a9f21b40573a4665e823073eac65e

    • SHA256

      b24abbb4b18b3c6a08a7c77497dbe0d068f39ed8319d98a4b4e0dc7f97d8380f

    • SHA512

      d2af8fa125ee7c0317103cb6f003176e44069f62baf7dda74190da400c23ccad8b19e4b06a992234d516164f68a0769f4b69f57ed851fff7a6c446cc29b1cce2

    • SSDEEP

      3072:fEd93LpGo0aQLh7nc7jWR4aKJtWsDbhl36EhX8TC7qU:fEd2Vxc7jWRrcdvhlqQX37qU

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks