Overview

overview

10

Static

static

8

2907ba2632...18.doc

windows7-x64

10

2907ba2632...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2907ba263213e8b2e145677235807511_JaffaCakes118

  • Size

    159KB

  • Sample

    240509-jwss7agd8w

  • MD5

    2907ba263213e8b2e145677235807511

  • SHA1

    abe6d820788c614e7ffc34464e7d9c02425a9c54

  • SHA256

    e8deaa1c4ab1cf3f1b442441387ef5dff0204fbc8090e717e2d9db6c3a55e3a0

  • SHA512

    67fcd7af72feecdba4f24fae70191196467ffd6ac3a3a88242381d9dc7908b6d95a73bef4021612bae74806f98120dd245f67a8cb309ddff811dfd182bbb9006

  • SSDEEP

    1536:a0a0Grdi1Ir77zOH98Wj2gpngd+a9ig8fx5EvGtaRWfjPYKwA0suw+2lvsS7:WrfrzOH98ipgm+4vsq

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://zcomunicacion.com/wp-admin/Z/
exe.dropper

http://cooldoggraphics.com/wp-content/Pge/
exe.dropper

http://canyonplastering.com/wp-content/ZWX/
exe.dropper

https://stochile.com/sto/PKP/
exe.dropper

http://voxdream.com/wp-includes/rd/
exe.dropper

https://www.valetourvirtual.com/vapor/mp/
exe.dropper

http://z.89fk.top/user/e/

Targets

    • Target

      2907ba263213e8b2e145677235807511_JaffaCakes118

    • Size

      159KB

    • MD5

      2907ba263213e8b2e145677235807511

    • SHA1

      abe6d820788c614e7ffc34464e7d9c02425a9c54

    • SHA256

      e8deaa1c4ab1cf3f1b442441387ef5dff0204fbc8090e717e2d9db6c3a55e3a0

    • SHA512

      67fcd7af72feecdba4f24fae70191196467ffd6ac3a3a88242381d9dc7908b6d95a73bef4021612bae74806f98120dd245f67a8cb309ddff811dfd182bbb9006

    • SSDEEP

      1536:a0a0Grdi1Ir77zOH98Wj2gpngd+a9ig8fx5EvGtaRWfjPYKwA0suw+2lvsS7:WrfrzOH98ipgm+4vsq

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks