Overview

overview

10

Static

static

8

3d1cacba34...18.doc

windows7-x64

10

3d1cacba34...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3d1cacba3434258c85043e2b87df626d_JaffaCakes118

  • Size

    158KB

  • Sample

    240513-3z38wabe47

  • MD5

    3d1cacba3434258c85043e2b87df626d

  • SHA1

    12e2f722d90d721778a11cc09ab7b0f7c747287c

  • SHA256

    2565cb2b664bf71a87eacbb7160af8687cea5f8e3127e52a22705eed5608f98e

  • SHA512

    93921066c65e8c748eaa301ff95b00ef18692d12150c839a5a1b0895939926b2486564622bb31b9b511ebb1322eb956a8a8b838c3cfb8b100c913d2a762a7731

  • SSDEEP

    1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a9hxRiqLE8ct2PU7eXKSSxH5ppJx0FWr:+0rfrzOH98ipgJkJx0FWr

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://77yxx.com/b5rh/bZxS/
exe.dropper

http://shahramookht.com/t1k12k7t/8jq/
exe.dropper

http://www.aciitaly.com/adminer-master/gkI/
exe.dropper

https://codelta.es/images/9S35FR/
exe.dropper

https://burstoutloud.com/PPL/Hf/
exe.dropper

https://targetin.com/Silder-1/naK/
exe.dropper

http://dbestfishing.com.sg/67s/wfe/

Targets

    • Target

      3d1cacba3434258c85043e2b87df626d_JaffaCakes118

    • Size

      158KB

    • MD5

      3d1cacba3434258c85043e2b87df626d

    • SHA1

      12e2f722d90d721778a11cc09ab7b0f7c747287c

    • SHA256

      2565cb2b664bf71a87eacbb7160af8687cea5f8e3127e52a22705eed5608f98e

    • SHA512

      93921066c65e8c748eaa301ff95b00ef18692d12150c839a5a1b0895939926b2486564622bb31b9b511ebb1322eb956a8a8b838c3cfb8b100c913d2a762a7731

    • SSDEEP

      1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a9hxRiqLE8ct2PU7eXKSSxH5ppJx0FWr:+0rfrzOH98ipgJkJx0FWr

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks