Overview

overview

10

Static

static

8

3900f57d0c...18.doc

windows7-x64

10

3900f57d0c...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3900f57d0cbad0a759faa43fb1a8b88f_JaffaCakes118

  • Size

    192KB

  • Sample

    240512-jj5bfsad57

  • MD5

    3900f57d0cbad0a759faa43fb1a8b88f

  • SHA1

    3f647931c77f2ab49f285e1a9838deab7e3c449f

  • SHA256

    6176a4b0335761a51b3ccda4f327807782d3be21fe059f2419327b75d42fb5ae

  • SHA512

    e09ea7d01e403d77a0dc85d4ee9cab2e0b4d15287037c57e44f3c1dee7fea864432a2f8e43b4aa4d82ffae3060cff60f058f20d3bb4f0b0ba9b70f8a4d3ee941

  • SSDEEP

    1536:+rdi1Ir77zOH98Wj2gpng9+a95k1qlDba/qrHEs+nPyNdOx7/eF:+rfrzOH98ipgDva/qTX+nPyLOBmF

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://zplusshopping.com/wp-content/plugins/8ek/
exe.dropper

https://www.cupgel.com/__MACOSX/3/
exe.dropper

http://freespiritmind.com/MASD/HowTo/css/J/
exe.dropper

http://crewnecksusa.com/wp-content/NJ/
exe.dropper

http://www.dougsuniverse.com/pics/yL8/
exe.dropper

https://idilsoft.com/admin/B/
exe.dropper

https://guhaasmart.com/wp-content/s/

Targets

    • Target

      3900f57d0cbad0a759faa43fb1a8b88f_JaffaCakes118

    • Size

      192KB

    • MD5

      3900f57d0cbad0a759faa43fb1a8b88f

    • SHA1

      3f647931c77f2ab49f285e1a9838deab7e3c449f

    • SHA256

      6176a4b0335761a51b3ccda4f327807782d3be21fe059f2419327b75d42fb5ae

    • SHA512

      e09ea7d01e403d77a0dc85d4ee9cab2e0b4d15287037c57e44f3c1dee7fea864432a2f8e43b4aa4d82ffae3060cff60f058f20d3bb4f0b0ba9b70f8a4d3ee941

    • SSDEEP

      1536:+rdi1Ir77zOH98Wj2gpng9+a95k1qlDba/qrHEs+nPyNdOx7/eF:+rfrzOH98ipgDva/qTX+nPyLOBmF

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks