Overview

overview

10

Static

static

8

3aa58e0454...18.doc

windows7-x64

10

3aa58e0454...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3aa58e0454ca0d5c404dc674b80f566e_JaffaCakes118

  • Size

    173KB

  • Sample

    240512-r42p3aba3z

  • MD5

    3aa58e0454ca0d5c404dc674b80f566e

  • SHA1

    b052ef6d87b46c438aa2a9336cc32e703836e3dc

  • SHA256

    7689cf53f260808946f1b53dd444210423a975b7fc7754c1fe6b04960286f9a3

  • SHA512

    b33929889d212351f95b0f0257dbf42fc07033399ca978962b86e928f349ba87937ed620fd41c4b30253f38806d8a2fe3898601b7c92d7915199f9c00760f8d5

  • SSDEEP

    3072:l4PrXcuQuvpzm4bkiaMQgAlSOZr5QXFkwRiRh:SDRv1m4bnQgISgdqFkwRiRh

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://mgbryant.com/backup/4l_3pw_nf7ete2ip9/
exe.dropper

https://mobilesbestprice.com/invoices/a_335s_codgt/
exe.dropper

http://microclan.com/o_9q_w5ibffiks6/
exe.dropper

https://mickreevesmodels.co.uk/micks_chat/5_6w_c14/
exe.dropper

http://mo-billy.com/aspnet_client/khgu_6_iqgg/

Targets

    • Target

      3aa58e0454ca0d5c404dc674b80f566e_JaffaCakes118

    • Size

      173KB

    • MD5

      3aa58e0454ca0d5c404dc674b80f566e

    • SHA1

      b052ef6d87b46c438aa2a9336cc32e703836e3dc

    • SHA256

      7689cf53f260808946f1b53dd444210423a975b7fc7754c1fe6b04960286f9a3

    • SHA512

      b33929889d212351f95b0f0257dbf42fc07033399ca978962b86e928f349ba87937ed620fd41c4b30253f38806d8a2fe3898601b7c92d7915199f9c00760f8d5

    • SSDEEP

      3072:l4PrXcuQuvpzm4bkiaMQgAlSOZr5QXFkwRiRh:SDRv1m4bnQgISgdqFkwRiRh

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks