Overview

overview

10

Static

static

1

27d3cc7749...18.doc

windows7-x64

10

27d3cc7749...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27d3cc774970625c5e64dfe2e0b76f04_JaffaCakes118

  • Size

    190KB

  • Sample

    240509-cs1w3aga32

  • MD5

    27d3cc774970625c5e64dfe2e0b76f04

  • SHA1

    ff436c6b434f5219c8f467cf43206fbc0f304d51

  • SHA256

    35e34300ab10fbfe1170498fd9dfd74c724196f3a6c7e0c94b6c24246b6857d5

  • SHA512

    3052495cf40bdeebf5712983712b10bbd7778362b595b853981371e48d5380ea7bce6f37505589d21c2405d55686bc7fc8557ff8e3d5252cdfd0e706c4d43baf

  • SSDEEP

    3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gj20zKNf9cfmfE7qdmVJKk/Juvc5a8a8R:i9ufsfgIf0pLxKb2

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://reklamdasiniz.com/wp-admin/W/
exe.dropper

http://www.paramedicaleducationguidelines.com/wp-admin/7S/
exe.dropper

http://bimasoftcbt.maannajahjakarta.com/wp-admin/i3K/
exe.dropper

http://casualhome.com/wp-admin/Y/
exe.dropper

https://aemine.vn/wp-admin/KMq/
exe.dropper

http://aahnaturals.net/wp-includes/A3/
exe.dropper

https://sbsec.org/bsadmin-portal/1nf/

Targets

    • Target

      27d3cc774970625c5e64dfe2e0b76f04_JaffaCakes118

    • Size

      190KB

    • MD5

      27d3cc774970625c5e64dfe2e0b76f04

    • SHA1

      ff436c6b434f5219c8f467cf43206fbc0f304d51

    • SHA256

      35e34300ab10fbfe1170498fd9dfd74c724196f3a6c7e0c94b6c24246b6857d5

    • SHA512

      3052495cf40bdeebf5712983712b10bbd7778362b595b853981371e48d5380ea7bce6f37505589d21c2405d55686bc7fc8557ff8e3d5252cdfd0e706c4d43baf

    • SSDEEP

      3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gj20zKNf9cfmfE7qdmVJKk/Juvc5a8a8R:i9ufsfgIf0pLxKb2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks