Overview

overview

10

Static

static

1

113c78cca7...18.doc

windows7-x64

10

113c78cca7...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    113c78cca7bcb3422669ab5d30223d24_JaffaCakes118

  • Size

    175KB

  • Sample

    240504-cv2alsah7y

  • MD5

    113c78cca7bcb3422669ab5d30223d24

  • SHA1

    e687532ec20b9b3ffd5770b3cbcea45c4cd9516f

  • SHA256

    52b222374831f845dcf2ceb94ddf3a7e56ff1b2401ca994464a2cc99cbe60aec

  • SHA512

    e1c6e283b9336ef0fafda72e5731178384ac9165c23bba62aa5a1d66817ae056429096c938f20edc0ee82df66f95326489b06267b3bb942643ddbff5bd481412

  • SSDEEP

    3072:O9ufstRUUKSns8T00JSHUgteMJ8qMD7gTaBBGB4c:O9ufsfgIf0pLuBBGB4c

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://bonyanet.com/wp-admin/iR/
exe.dropper

http://ofoghzagros.com/wp-admin/H/
exe.dropper

https://ilinknepal.com/infosysnepal.com/Zdz/
exe.dropper

https://storypostar.com/wp-admin/j/
exe.dropper

https://www.pixelstoryteller.com/hydroplane-definition/wzb/
exe.dropper

https://redchillicrackers.com/wp-content/p/
exe.dropper

http://www.co-traveling.com/cgi-bin/003/

Targets

    • Target

      113c78cca7bcb3422669ab5d30223d24_JaffaCakes118

    • Size

      175KB

    • MD5

      113c78cca7bcb3422669ab5d30223d24

    • SHA1

      e687532ec20b9b3ffd5770b3cbcea45c4cd9516f

    • SHA256

      52b222374831f845dcf2ceb94ddf3a7e56ff1b2401ca994464a2cc99cbe60aec

    • SHA512

      e1c6e283b9336ef0fafda72e5731178384ac9165c23bba62aa5a1d66817ae056429096c938f20edc0ee82df66f95326489b06267b3bb942643ddbff5bd481412

    • SSDEEP

      3072:O9ufstRUUKSns8T00JSHUgteMJ8qMD7gTaBBGB4c:O9ufsfgIf0pLuBBGB4c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks