Overview

overview

10

Static

static

1

386dacfa7a...18.doc

windows7-x64

10

386dacfa7a...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    386dacfa7a98a75af15b5bf5ce1e0044_JaffaCakes118

  • Size

    163KB

  • Sample

    240512-fvjx4sde59

  • MD5

    386dacfa7a98a75af15b5bf5ce1e0044

  • SHA1

    7b166de5b901f906cf9c00b9c394d3376372260d

  • SHA256

    d36806d420ab02a93c8a02e19fc5a37ca4645714d6afc99f4891fd92c08a7795

  • SHA512

    aa37bce8fdf63bb4530c063878cc50329b7171a6312ead9052fd61613fdf17cc02cdd80cc620febde922b208b5a76aeeeb6e5b83eaff7550d655e9af8f0731e4

  • SSDEEP

    3072:NfCMbu1Ty+craAcOWNt9kXBmfE7qdmVJKk/Juvc5a8aHXdH:Nf1uc+JZhXdH

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.removepctrojan.com/wp-admin/K/
exe.dropper

https://theshaywest.com/wp-admin/V/
exe.dropper

http://carstarai.com/stats/D/
exe.dropper

http://financiamentointeligente.com/wp-content/F/
exe.dropper

http://banglashongbad.com/wp-content/sW/
exe.dropper

http://www.sff3d.com/3d/D/
exe.dropper

https://emmaidea.com/wp-includes/q/

Targets

    • Target

      386dacfa7a98a75af15b5bf5ce1e0044_JaffaCakes118

    • Size

      163KB

    • MD5

      386dacfa7a98a75af15b5bf5ce1e0044

    • SHA1

      7b166de5b901f906cf9c00b9c394d3376372260d

    • SHA256

      d36806d420ab02a93c8a02e19fc5a37ca4645714d6afc99f4891fd92c08a7795

    • SHA512

      aa37bce8fdf63bb4530c063878cc50329b7171a6312ead9052fd61613fdf17cc02cdd80cc620febde922b208b5a76aeeeb6e5b83eaff7550d655e9af8f0731e4

    • SSDEEP

      3072:NfCMbu1Ty+craAcOWNt9kXBmfE7qdmVJKk/Juvc5a8aHXdH:Nf1uc+JZhXdH

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks