Overview

overview

10

Static

static

8

2c1c3f8edf...18.doc

windows7-x64

10

2c1c3f8edf...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2c1c3f8edfb2bc2455df11b275ba522d_JaffaCakes118

  • Size

    177KB

  • Sample

    240509-2vcdxsbd9s

  • MD5

    2c1c3f8edfb2bc2455df11b275ba522d

  • SHA1

    035a18fbe9798b883863618f933b64a2b8e9f555

  • SHA256

    b37ef41801c298349f3b8d0e7f0bf41fb621f4925fecc934cf95f84c7ee19782

  • SHA512

    e88cfa3f5f5980e2e4338477af0aa948d610bf2aa94636e9005a699c4c94fd7f7f524828aef0d98681a34afefe01a719b61c18c8cdc9b2480581f37231fe72f6

  • SSDEEP

    1536:GkPkfrdi1Ir77zOH98Wj2gpng9+a93Gnut1ExbYCYWOFBfM0jK2Q2gV:grfrzOH98ipguuiX10+2ngV

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://santyago.org/wp-content/0mcYS6/
exe.dropper

http://dandyair.com/font-awesome/rOOAL/
exe.dropper

https://www.tekadbatam.com/wp-content/AUiw/
exe.dropper

http://kellymorganscience.com/wp-content/SCsWM/
exe.dropper

https://tewoerd.eu/img/DALSKE/
exe.dropper

http://mediainmedia.com/plugin_opencart2.3-master/Atye/
exe.dropper

http://nuwagi.com/old/XLGjc/

Targets

    • Target

      2c1c3f8edfb2bc2455df11b275ba522d_JaffaCakes118

    • Size

      177KB

    • MD5

      2c1c3f8edfb2bc2455df11b275ba522d

    • SHA1

      035a18fbe9798b883863618f933b64a2b8e9f555

    • SHA256

      b37ef41801c298349f3b8d0e7f0bf41fb621f4925fecc934cf95f84c7ee19782

    • SHA512

      e88cfa3f5f5980e2e4338477af0aa948d610bf2aa94636e9005a699c4c94fd7f7f524828aef0d98681a34afefe01a719b61c18c8cdc9b2480581f37231fe72f6

    • SSDEEP

      1536:GkPkfrdi1Ir77zOH98Wj2gpng9+a93Gnut1ExbYCYWOFBfM0jK2Q2gV:grfrzOH98ipguuiX10+2ngV

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks