Overview

overview

10

Static

static

8

38ee638157...18.doc

windows7-x64

10

38ee638157...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38ee6381573b4b877eeae6529ba18739_JaffaCakes118

  • Size

    192KB

  • Sample

    240512-h8qnxsed7z

  • MD5

    38ee6381573b4b877eeae6529ba18739

  • SHA1

    9a7738d030aec51b97a483c9d47c0d772e87f8f5

  • SHA256

    19147bf00c478f62beea73090f1790a35aac1d8769bd6eea4c9e69488a4f283e

  • SHA512

    68429b6b99d9917f1564ae1cc40288a047534475b2e682a4e804831b637ad78981d2e21b1440abdc4e59bb61b7f2ace7de606cc87565dd46656232d02b8236d2

  • SSDEEP

    1536:+rdi1Ir77zOH98Wj2gpng9+a98k1qxDba/qrHEs+nPyNdOx7Ten:+rfrzOH98ipgKva/qTX+nPyLOBKn

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://zplusshopping.com/wp-content/plugins/8ek/
exe.dropper

https://www.cupgel.com/__MACOSX/3/
exe.dropper

http://freespiritmind.com/MASD/HowTo/css/J/
exe.dropper

http://crewnecksusa.com/wp-content/NJ/
exe.dropper

http://www.dougsuniverse.com/pics/yL8/
exe.dropper

https://idilsoft.com/admin/B/
exe.dropper

https://guhaasmart.com/wp-content/s/

Targets

    • Target

      38ee6381573b4b877eeae6529ba18739_JaffaCakes118

    • Size

      192KB

    • MD5

      38ee6381573b4b877eeae6529ba18739

    • SHA1

      9a7738d030aec51b97a483c9d47c0d772e87f8f5

    • SHA256

      19147bf00c478f62beea73090f1790a35aac1d8769bd6eea4c9e69488a4f283e

    • SHA512

      68429b6b99d9917f1564ae1cc40288a047534475b2e682a4e804831b637ad78981d2e21b1440abdc4e59bb61b7f2ace7de606cc87565dd46656232d02b8236d2

    • SSDEEP

      1536:+rdi1Ir77zOH98Wj2gpng9+a98k1qxDba/qrHEs+nPyNdOx7Ten:+rfrzOH98ipgKva/qTX+nPyLOBKn

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks