Overview

overview

10

Static

static

1

24bb76ad6a...18.doc

windows7-x64

10

24bb76ad6a...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    24bb76ad6a9367820337836451600353_JaffaCakes118

  • Size

    222KB

  • Sample

    240508-n31vlabc4y

  • MD5

    24bb76ad6a9367820337836451600353

  • SHA1

    a70c576c9f1360a7f90fb1ba34f9793803952601

  • SHA256

    1f8b157a1ffc5053b9aff97ef49879b777f81f0a5ace7c481eefe9bdceb3cd18

  • SHA512

    827da66c5b3789c0a9365bcb1748483352a86b0cd9f8ddce4ab75091c957f59b0244fdf84f6436f946bd37d5a44a0c06d1f3cd28aa4b0c06b623c871fe0fd295

  • SSDEEP

    3072:ZtUxagq58ghpPyjL/xSu90OoiLuDKZXfwKeljR1C:ZtUxagqOgvPAxUOmD+XfwLu

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://mail.saglikpersoneli.net/sohft/PTYGsf41Witt_k
exe.dropper

http://www.vario-reducer.com/wp-content/bGkoUUavZySGn
exe.dropper

http://kadinveyasam.org/wp-content/languages/EZ22B35GBTu9z_N
exe.dropper

http://mingroups.vn/NYV82LSYWEs_s1
exe.dropper

http://www.ontamada.ru/RDUstD0DxgOP

Targets

    • Target

      24bb76ad6a9367820337836451600353_JaffaCakes118

    • Size

      222KB

    • MD5

      24bb76ad6a9367820337836451600353

    • SHA1

      a70c576c9f1360a7f90fb1ba34f9793803952601

    • SHA256

      1f8b157a1ffc5053b9aff97ef49879b777f81f0a5ace7c481eefe9bdceb3cd18

    • SHA512

      827da66c5b3789c0a9365bcb1748483352a86b0cd9f8ddce4ab75091c957f59b0244fdf84f6436f946bd37d5a44a0c06d1f3cd28aa4b0c06b623c871fe0fd295

    • SSDEEP

      3072:ZtUxagq58ghpPyjL/xSu90OoiLuDKZXfwKeljR1C:ZtUxagqOgvPAxUOmD+XfwLu

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks