Overview

overview

10

Static

static

8

3f3eb915de...18.doc

windows7-x64

10

3f3eb915de...18.doc

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f3eb915de6de83a34bed6bf8bc443d3_JaffaCakes118

  • Size

    224KB

  • Sample

    240513-njczesdb65

  • MD5

    3f3eb915de6de83a34bed6bf8bc443d3

  • SHA1

    b7feae0281f6f93bf099ccdc289b64cb41ed4c22

  • SHA256

    2e5140ce6f07ccdb25a15fb6c1008747910cd83336a3c043baee30b68a3b45fd

  • SHA512

    a9be5ebfb40662cf08e30264ca00c2c19d49c337a585fd6ee076af1d755bc2f42faa3ccf592a27fcc31973fcd9fd4196838aff5d1c398191fa7ea93aab9f8976

  • SSDEEP

    3072:FYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////k:/0uXnWFchmmcI/o1/S1iYKw7muFi

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://masque.es/stat/HWDzR/
exe.dropper

http://mesdelicesitaliens.fr/wp-admin/file/IIck/
exe.dropper

http://lidiscom.com.br/BKP_TinaPOS/attach/UlijfEK/
exe.dropper

http://facanha.com.br/temp/file/VFyitEUEZ/
exe.dropper

https://attech.ml/wp-admin/yZDBlYkJtq/
exe.dropper

http://admvero.com.br/minhaagua/hLwOiX/
exe.dropper

https://dev.dosily.in/wp-content/attach/zdRHVDCwl/

Targets

    • Target

      3f3eb915de6de83a34bed6bf8bc443d3_JaffaCakes118

    • Size

      224KB

    • MD5

      3f3eb915de6de83a34bed6bf8bc443d3

    • SHA1

      b7feae0281f6f93bf099ccdc289b64cb41ed4c22

    • SHA256

      2e5140ce6f07ccdb25a15fb6c1008747910cd83336a3c043baee30b68a3b45fd

    • SHA512

      a9be5ebfb40662cf08e30264ca00c2c19d49c337a585fd6ee076af1d755bc2f42faa3ccf592a27fcc31973fcd9fd4196838aff5d1c398191fa7ea93aab9f8976

    • SSDEEP

      3072:FYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////k:/0uXnWFchmmcI/o1/S1iYKw7muFi

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks