Overview

overview

10

Static

static

8

3d948ebc3c...18.doc

windows7-x64

10

3d948ebc3c...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3d948ebc3c54179fa48c0ccc6b493f0c_JaffaCakes118

  • Size

    187KB

  • Sample

    240514-c34eyaff7t

  • MD5

    3d948ebc3c54179fa48c0ccc6b493f0c

  • SHA1

    7f482d7f110062cb1eaefb1b861aeaa2e3b0d6d5

  • SHA256

    074ec35c01d81a5e41e716a31b792840386f559d2be03411acfabd0a710b8362

  • SHA512

    c26281e2aa238911ecb8c7fe4c22f854fc655d9d38e794ea42f9b8ab2b309467810de579ec8a81f5c3f804cc9f6b8d332074afc08e783b627c359590b3272ca6

  • SSDEEP

    1536:tGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xildYXY9YgddT/Ephoj18sov8sCA8:zrfrzOH98ipgUekh

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://scrappy.upsproutmedia.com/wp-admin/J/
exe.dropper

https://china-specialist.com/wp-content/YrLG/
exe.dropper

https://www.upsproutmedia.com/wp-admin/M/
exe.dropper

http://pagearrow.com/wordpress/B/
exe.dropper

http://a.xuezha.cn/lajop/OYdUzf/
exe.dropper

http://blog.saadata.com/cgi-bin/vwz/
exe.dropper

http://zeeamfashion.com/content/rqoL/

Targets

    • Target

      3d948ebc3c54179fa48c0ccc6b493f0c_JaffaCakes118

    • Size

      187KB

    • MD5

      3d948ebc3c54179fa48c0ccc6b493f0c

    • SHA1

      7f482d7f110062cb1eaefb1b861aeaa2e3b0d6d5

    • SHA256

      074ec35c01d81a5e41e716a31b792840386f559d2be03411acfabd0a710b8362

    • SHA512

      c26281e2aa238911ecb8c7fe4c22f854fc655d9d38e794ea42f9b8ab2b309467810de579ec8a81f5c3f804cc9f6b8d332074afc08e783b627c359590b3272ca6

    • SSDEEP

      1536:tGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xildYXY9YgddT/Ephoj18sov8sCA8:zrfrzOH98ipgUekh

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks