Overview

overview

10

Static

static

8

12c2af78ff...18.doc

windows7-x64

10

12c2af78ff...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    12c2af78ff5e6b07d719ae57a31de63f_JaffaCakes118

  • Size

    173KB

  • Sample

    240504-pr56lseb6w

  • MD5

    12c2af78ff5e6b07d719ae57a31de63f

  • SHA1

    c5fd579ec64c0fad6dfa6da819909de435d1f8e5

  • SHA256

    2ebc9a276ec4562dfe54e8fe149d6a6a56a4ff9e96b0f1b760a411c64eacc5f9

  • SHA512

    75d072ba0f0eab4c94ed103e6e28b959d756070573ad14afcb0debd061e19b342eb64689454b6f91945f208a9c28afe2e8db037e4b6bc7417e56e95948f19e67

  • SSDEEP

    1536:7DGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiPIFqaS17dv8qHSDHrLubIaEHpw:XrfrzOH98ipgQyE10gia

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://up.neu.vn/ahubhten/GoU5j/
exe.dropper

http://zsstart.com/mobile/lM4onHI/
exe.dropper

https://softgon.com/wp-content/gjVNOlY/
exe.dropper

https://studiolegaletufano.net/setting/LFkMN/
exe.dropper

http://trillionstarplus.com/wp-admin/SVhB4/
exe.dropper

http://blog.tobenum.club/wp-content/drHj/
exe.dropper

http://homful.info/wp-content/5UEyn/

Targets

    • Target

      12c2af78ff5e6b07d719ae57a31de63f_JaffaCakes118

    • Size

      173KB

    • MD5

      12c2af78ff5e6b07d719ae57a31de63f

    • SHA1

      c5fd579ec64c0fad6dfa6da819909de435d1f8e5

    • SHA256

      2ebc9a276ec4562dfe54e8fe149d6a6a56a4ff9e96b0f1b760a411c64eacc5f9

    • SHA512

      75d072ba0f0eab4c94ed103e6e28b959d756070573ad14afcb0debd061e19b342eb64689454b6f91945f208a9c28afe2e8db037e4b6bc7417e56e95948f19e67

    • SSDEEP

      1536:7DGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiPIFqaS17dv8qHSDHrLubIaEHpw:XrfrzOH98ipgQyE10gia

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks