Overview

overview

10

Static

static

8

2239cb6828...18.doc

windows7-x64

10

2239cb6828...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2239cb6828b4395eb05d2402fd50dfdc_JaffaCakes118

  • Size

    170KB

  • Sample

    240507-3lwxmsee3t

  • MD5

    2239cb6828b4395eb05d2402fd50dfdc

  • SHA1

    1071337dc14e60fba8790579a32b3f060daf7114

  • SHA256

    40afaa1f04f40b23a4002e09b26fbc3ca750eb0aa30a69c04b3c5cd33af2185a

  • SHA512

    1e3339bc47063d13fd42bad20ef115b0fa910c394ed30259555aead5263eaa21536657c7882b11033cd8655b17fa77b37f5dca60ae23ecace308630900d3412e

  • SSDEEP

    1536:vGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP+rIiZo7dLeqH74OC+pO4am35HE:trfrzOH98ipg5lqnG

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://theccwork.com/mail.theccwork.com/IJp/
exe.dropper

https://www.retirementprofessional.com/wp-admin/tjQ/
exe.dropper

https://writingfromling.live/wp-admin/GL/
exe.dropper

http://shahqutubuddin.org/ix/
exe.dropper

https://jumpstart.store/wp-admin/q/
exe.dropper

https://aidenshirt.com/wp-admin/e6f/
exe.dropper

https://edenrug.store/wp-admin/H/

Targets

    • Target

      2239cb6828b4395eb05d2402fd50dfdc_JaffaCakes118

    • Size

      170KB

    • MD5

      2239cb6828b4395eb05d2402fd50dfdc

    • SHA1

      1071337dc14e60fba8790579a32b3f060daf7114

    • SHA256

      40afaa1f04f40b23a4002e09b26fbc3ca750eb0aa30a69c04b3c5cd33af2185a

    • SHA512

      1e3339bc47063d13fd42bad20ef115b0fa910c394ed30259555aead5263eaa21536657c7882b11033cd8655b17fa77b37f5dca60ae23ecace308630900d3412e

    • SSDEEP

      1536:vGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP+rIiZo7dLeqH74OC+pO4am35HE:trfrzOH98ipg5lqnG

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks