Overview

overview

10

Static

static

8

2622b7a27a...18.doc

windows7-x64

10

2622b7a27a...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2622b7a27a82fc4e0a199bcfeb388372_JaffaCakes118

  • Size

    200KB

  • Sample

    240508-w25fdsbf32

  • MD5

    2622b7a27a82fc4e0a199bcfeb388372

  • SHA1

    8d6fa20216d43fe00ad05456fa630c2307f1a3dd

  • SHA256

    327d612605e8ac00d59fe6b03939b28f5a0e46b55e8a81d52b61007bd74c9da8

  • SHA512

    c5b640ac4d3203390a06e7a6e7eaaa618d12bce7b17e27a42c1faa4dd3b3e2a7dd0363c99cc065513c1e04ff79996ae46917b22ff46122ca8ef917234403b610

  • SSDEEP

    3072:Vqg22TWTogk079THcpOu5UZApfRvAKp5Rr:d/TX07hHcJQ0Xr

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://ora-ks.com/system/cache/MF1h/
exe.dropper

http://megasolucoesti.com/R9KDq0O8w/s3/
exe.dropper

http://buyparrotsaustralia.com/4318z/q/
exe.dropper

https://dubai-homes.ae/wp-admin/4v/
exe.dropper

http://adventureitdate.com/wp-admin/7/
exe.dropper

http://blog.zunapro.com/wp-admin/GoSV/
exe.dropper

https://fepami.com/wp-includes/h/

Targets

    • Target

      2622b7a27a82fc4e0a199bcfeb388372_JaffaCakes118

    • Size

      200KB

    • MD5

      2622b7a27a82fc4e0a199bcfeb388372

    • SHA1

      8d6fa20216d43fe00ad05456fa630c2307f1a3dd

    • SHA256

      327d612605e8ac00d59fe6b03939b28f5a0e46b55e8a81d52b61007bd74c9da8

    • SHA512

      c5b640ac4d3203390a06e7a6e7eaaa618d12bce7b17e27a42c1faa4dd3b3e2a7dd0363c99cc065513c1e04ff79996ae46917b22ff46122ca8ef917234403b610

    • SSDEEP

      3072:Vqg22TWTogk079THcpOu5UZApfRvAKp5Rr:d/TX07hHcJQ0Xr

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks