Overview

overview

10

Static

static

8

2f9d7027a1...18.doc

windows7-x64

10

2f9d7027a1...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f9d7027a13711d00b14e553b17449db_JaffaCakes118

  • Size

    162KB

  • Sample

    240510-r1e2wsba5s

  • MD5

    2f9d7027a13711d00b14e553b17449db

  • SHA1

    671becbb06daa40fb5b9ad0cee3aec40e59e607b

  • SHA256

    42aab378df351fa14543b8b2697eb8da8d0c39a3045603a65d5807892251cb7d

  • SHA512

    1758827c614f638af6c30839d25b84d4123d697807dfab56d588c14b3c8b73741f60cf9fc1065328c8c972139ba333b52b02142455a20ac1e9f9fb13d7fb40bb

  • SSDEEP

    1536:T5a/aNrdi1Ir77zOH98Wj2gpngR+a9SVZVDEuEfBzoIgGQ:T/rfrzOH98ipg+K5JzoNGQ

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://cryptokuota.com/assets/M2ngTrJ/
exe.dropper

https://pinterusmedia.com/wp-admin/YX/
exe.dropper

https://aszcasino.com/aszdemo/DRloh/
exe.dropper

https://dubai-homes.ae/wp-admin/YBJR3M/
exe.dropper

https://whitdoit.tk/ljiy53n/xxE/
exe.dropper

http://4life.com.vn/wp-admin/R/
exe.dropper

http://baran-business.de/wp-content/pMr/

Targets

    • Target

      2f9d7027a13711d00b14e553b17449db_JaffaCakes118

    • Size

      162KB

    • MD5

      2f9d7027a13711d00b14e553b17449db

    • SHA1

      671becbb06daa40fb5b9ad0cee3aec40e59e607b

    • SHA256

      42aab378df351fa14543b8b2697eb8da8d0c39a3045603a65d5807892251cb7d

    • SHA512

      1758827c614f638af6c30839d25b84d4123d697807dfab56d588c14b3c8b73741f60cf9fc1065328c8c972139ba333b52b02142455a20ac1e9f9fb13d7fb40bb

    • SSDEEP

      1536:T5a/aNrdi1Ir77zOH98Wj2gpngR+a9SVZVDEuEfBzoIgGQ:T/rfrzOH98ipg+K5JzoNGQ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks