Overview

overview

10

Static

static

8

402a20df5b...18.doc

windows7-x64

10

402a20df5b...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    402a20df5b4be893e2f95482834847ce_JaffaCakes118

  • Size

    159KB

  • Sample

    240513-sxtasacb71

  • MD5

    402a20df5b4be893e2f95482834847ce

  • SHA1

    7f8452fa5d9ce93287769e53538a6153d4be36bd

  • SHA256

    a20952ba32a8defe9aa5b8d65bbd75159d27664ff2828c6bc84f47d69543c9f7

  • SHA512

    6eee71bba70e2b9427981da3d8850f21690b1a7e3e3801320eebca2d6bd187faf980352767afb857471fa78fb00464e85697a6e81af69aa79846ee3da34f2c4c

  • SSDEEP

    1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a97xRiqLE8ct2PU7eXKSSxH5ppJxuFWJ:+0rfrzOH98ipgTkJxuFWJ

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://77yxx.com/b5rh/bZxS/
exe.dropper

http://shahramookht.com/t1k12k7t/8jq/
exe.dropper

http://www.aciitaly.com/adminer-master/gkI/
exe.dropper

https://codelta.es/images/9S35FR/
exe.dropper

https://burstoutloud.com/PPL/Hf/
exe.dropper

https://targetin.com/Silder-1/naK/
exe.dropper

http://dbestfishing.com.sg/67s/wfe/

Targets

    • Target

      402a20df5b4be893e2f95482834847ce_JaffaCakes118

    • Size

      159KB

    • MD5

      402a20df5b4be893e2f95482834847ce

    • SHA1

      7f8452fa5d9ce93287769e53538a6153d4be36bd

    • SHA256

      a20952ba32a8defe9aa5b8d65bbd75159d27664ff2828c6bc84f47d69543c9f7

    • SHA512

      6eee71bba70e2b9427981da3d8850f21690b1a7e3e3801320eebca2d6bd187faf980352767afb857471fa78fb00464e85697a6e81af69aa79846ee3da34f2c4c

    • SSDEEP

      1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a97xRiqLE8ct2PU7eXKSSxH5ppJxuFWJ:+0rfrzOH98ipgTkJxuFWJ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks