Overview

overview

10

Static

static

8

25bcb78ec0...18.doc

windows7-x64

10

25bcb78ec0...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25bcb78ec0c2780e1c06ada42968d9d7_JaffaCakes118

  • Size

    170KB

  • Sample

    240508-t24gzsde9t

  • MD5

    25bcb78ec0c2780e1c06ada42968d9d7

  • SHA1

    48dfb63d1a6dd107694daa9c2a3d7aba429406bf

  • SHA256

    db18e8e273721a438d28a0af0729005b92df1544c25418e5aec74b0395c1a5c1

  • SHA512

    36dbea58184f99f3ea196117fd1c28e011fd8fb62c0b7d5d765defc09d782a1f3e7b64ffbb377dd80efd08cb9bb96a960a15fc4918d1eac08cd5ba7f3e0afd1f

  • SSDEEP

    1536:x4d4qDv4d4qDPrdi1Ir77zOH98Wj2gpngR+a9AV/IH+mD7UZPfMclw0:VrfrzOH98ipghH+O7UZ3Mclw0

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://zhaniyasoft.ir/wp-content/file/ANEbg/
exe.dropper

http://visualblends.com/images/attach/nGKW/
exe.dropper

http://dagostim.com.br/rss/public/4xxkqIh/
exe.dropper

http://earthinnovation.org/gcfimpact/public/sXzPpHP/
exe.dropper

http://pcdesigns4you.com/wp-admin/public/eo8UUYeCUKx/
exe.dropper

http://www.weblabor.com.br/avisos/24206240720/
exe.dropper

http://pedroguinle.com/Tijuca-project/WAQgDjW/

Targets

    • Target

      25bcb78ec0c2780e1c06ada42968d9d7_JaffaCakes118

    • Size

      170KB

    • MD5

      25bcb78ec0c2780e1c06ada42968d9d7

    • SHA1

      48dfb63d1a6dd107694daa9c2a3d7aba429406bf

    • SHA256

      db18e8e273721a438d28a0af0729005b92df1544c25418e5aec74b0395c1a5c1

    • SHA512

      36dbea58184f99f3ea196117fd1c28e011fd8fb62c0b7d5d765defc09d782a1f3e7b64ffbb377dd80efd08cb9bb96a960a15fc4918d1eac08cd5ba7f3e0afd1f

    • SSDEEP

      1536:x4d4qDv4d4qDPrdi1Ir77zOH98Wj2gpngR+a9AV/IH+mD7UZPfMclw0:VrfrzOH98ipghH+O7UZ3Mclw0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks