Overview

overview

10

Static

static

8

145e8f2ffe...18.doc

windows7-x64

10

145e8f2ffe...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    145e8f2ffe3225d9620b9d00599ff9d0_JaffaCakes118

  • Size

    188KB

  • Sample

    240504-zbnazade57

  • MD5

    145e8f2ffe3225d9620b9d00599ff9d0

  • SHA1

    026ac7a4725651bde1c0d1759797ea05721d8089

  • SHA256

    7280c3e2b153e05dfa4498796b2c2b3b7958063c0a0d85c59e7d46bf3ef42053

  • SHA512

    a0cb7e3d1149dbd4354d9c75458ab5a4ce950e1dd2e88e1d0a1724974dd4833040b3af1137621d2fbd0bf64299a7acdf34d76b5275ea1178301c2082e50571b0

  • SSDEEP

    1536:5GGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilWfm9ITmDST/Ephs7p8cEpY/d89:M8rfrzOH98ipg+LTF5

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://amettatravel.com/wp-admin/1/
exe.dropper

http://iqauthority.com/wp-admin/9Id/
exe.dropper

http://www.sifesro.com/wp-includes/o/
exe.dropper

http://oneinsix.com/test/0/
exe.dropper

https://dramacool9.live/scbvq1/sPT/
exe.dropper

http://blog.geekpai.top/rmebw/x/
exe.dropper

https://datxanhmienbac.info/lfb8ii/LmG/

Targets

    • Target

      145e8f2ffe3225d9620b9d00599ff9d0_JaffaCakes118

    • Size

      188KB

    • MD5

      145e8f2ffe3225d9620b9d00599ff9d0

    • SHA1

      026ac7a4725651bde1c0d1759797ea05721d8089

    • SHA256

      7280c3e2b153e05dfa4498796b2c2b3b7958063c0a0d85c59e7d46bf3ef42053

    • SHA512

      a0cb7e3d1149dbd4354d9c75458ab5a4ce950e1dd2e88e1d0a1724974dd4833040b3af1137621d2fbd0bf64299a7acdf34d76b5275ea1178301c2082e50571b0

    • SSDEEP

      1536:5GGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilWfm9ITmDST/Ephs7p8cEpY/d89:M8rfrzOH98ipg+LTF5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks