Overview

overview

10

Static

static

8

3a4190fb20...18.doc

windows7-x64

10

3a4190fb20...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a4190fb2099c6aab34e5f8d9268cef7_JaffaCakes118

  • Size

    190KB

  • Sample

    240512-qa36csfh4w

  • MD5

    3a4190fb2099c6aab34e5f8d9268cef7

  • SHA1

    6fc6f8af7e4641f144caadd6d12043ee5e3a213e

  • SHA256

    17fd5dd4d03d97fe15026bbb396bd51a6338d5b5c5284d1f962c3da4e2ec69d9

  • SHA512

    8685b25935dd5b555967e375990aa5b403737f05e29f9769c17566278e9db6b30b69e2a3029e2ff79f36d3899535feaac68517bb392ec4ea428e76e1c2b78b3c

  • SSDEEP

    3072:uvHv22TWTogk079THcpOu5UZLNu81zUz4LKiD:E/TX07hHcJQJuezUELND

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://minershallmuseum.com/documents/D/
exe.dropper

http://injazjordan.com/moodle/Vh/
exe.dropper

https://site1.xyz/wp-admin/Y/
exe.dropper

http://2bstone.com/vr7tf0c/ZD/
exe.dropper

http://biology-360.com/wp-admin/hv/
exe.dropper

http://tez-tour.site/wp-content/9sB/
exe.dropper

http://iooe.cn/wp-content/hdO/

Targets

    • Target

      3a4190fb2099c6aab34e5f8d9268cef7_JaffaCakes118

    • Size

      190KB

    • MD5

      3a4190fb2099c6aab34e5f8d9268cef7

    • SHA1

      6fc6f8af7e4641f144caadd6d12043ee5e3a213e

    • SHA256

      17fd5dd4d03d97fe15026bbb396bd51a6338d5b5c5284d1f962c3da4e2ec69d9

    • SHA512

      8685b25935dd5b555967e375990aa5b403737f05e29f9769c17566278e9db6b30b69e2a3029e2ff79f36d3899535feaac68517bb392ec4ea428e76e1c2b78b3c

    • SSDEEP

      3072:uvHv22TWTogk079THcpOu5UZLNu81zUz4LKiD:E/TX07hHcJQJuezUELND

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks